voltron/NodeMgmt
1
1
Fork 0
Code Issues Pull Requests Releases 1 Activity

Update ssl-check.sh

Browse Source
This commit is contained in:
David Schroeder
2019-02-10 19:43:59 -06:00
parent 137a5d3e3b
commit 4ee8dd67c6
1 changed files with 4 additions and 161 deletions
Download Patch File Download Diff File Expand all files Collapse all files

165
ssl-check.sh
View File

@@ -208,13 +208,7 @@ date_diff()
# $5 -> Days left until the certificate will expire # $5 -> Days left until the certificate will expire
# $6 -> Issuer of the certificate # $6 -> Issuer of the certificate
##################################################################### #####################################################################
prints() prints() {
{
if [ "${NAGIOSSUMMARY}" == "TRUE" ]
then
return
fi
if [ "${QUIET}" != "TRUE" ] && [ "${ISSUER}" = "TRUE" ] && [ "${VALIDATION}" != "TRUE" ] if [ "${QUIET}" != "TRUE" ] && [ "${ISSUER}" = "TRUE" ] && [ "${VALIDATION}" != "TRUE" ]
then then
MIN_DATE=$(echo $4 | ${AWK} '{ print $1, $2, $4 }') MIN_DATE=$(echo $4 | ${AWK} '{ print $1, $2, $4 }')
@@ -243,12 +237,6 @@ prints()
fi fi
} }
####################################################
# Purpose: Print a heading with the relevant columns
# Arguments:
# None
####################################################
print_heading() print_heading()
{ {
if [ "${NOHEADER}" != "TRUE" ] if [ "${NOHEADER}" != "TRUE" ]
@@ -281,13 +269,7 @@ print_heading()
# Arguments: # Arguments:
# None # None
#################################################### ####################################################
print_summary() print_summary(){
{
if [ "${NAGIOSSUMMARY}" != "TRUE" ]
then
return
fi
if [ ${SUMMARY_WILL_EXPIRE} -eq 0 ] && [ ${SUMMARY_EXPIRED} -eq 0 ] if [ ${SUMMARY_WILL_EXPIRE} -eq 0 ] && [ ${SUMMARY_EXPIRED} -eq 0 ]
then then
${PRINTF} "%s valid certificate(s)|days=%s\n" "${SUMMARY_VALID}" "${SUMMARY_MIN_DIFF}" ${PRINTF} "%s valid certificate(s)|days=%s\n" "${SUMMARY_VALID}" "${SUMMARY_MIN_DIFF}"
@@ -348,46 +330,6 @@ set_summary()
fi fi
} }
##########################################
# Purpose: Describe how the script works
# Arguments:
# None
##########################################
usage()
{
echo "Usage: $0 [ -e email address ] [-E sender email address] [ -x days ] [-q] [-a] [-b] [-h] [-i] [-n] [-N] [-v]"
echo " { [ -s common_name ] && [ -p port] } || { [ -f cert_file ] } || { [ -c cert file ] } || { [ -d cert dir ] }"
echo ""
echo " -a : Send a warning message through E-mail"
echo " -b : Will not print header"
echo " -c cert file : Print the expiration date for the PEM or PKCS12 formatted certificate in cert file"
echo " -d cert directory : Print the expiration date for the PEM or PKCS12 formatted certificates in cert directory"
echo " -e E-mail address : E-mail address to send expiration notices"
echo " -E E-mail sender : E-mail address of the sender"
echo " -f cert file : File with a list of FQDNs and ports"
echo " -h : Print this screen"
echo " -i : Print the issuer of the certificate"
echo " -k password : PKCS12 file password"
echo " -n : Run as a Nagios plugin"
echo " -N : Run as a Nagios plugin and output one line summary (implies -n, requires -f or -d)"
echo " -p port : Port to connect to (interactive mode)"
echo " -s commmon name : Server to connect to (interactive mode)"
echo " -t type : Specify the certificate type"
echo " -q : Don't print anything on the console"
echo " -v : Specify a specific protocol version to use (tls, ssl2, ssl3)"
echo " -V : Only print validation data"
echo " -x days : Certificate expiration interval (eg. if cert_date < days)"
echo ""
}
##########################################################################
# Purpose: Connect to a server ($1) and port ($2) to see if a certificate
# has expired
# Arguments:
# $1 -> Server name
# $2 -> TCP port to connect to
##########################################################################
check_server_status() { check_server_status() {
if [ "_${2}" = "_smtp" -o "_${2}" = "_25" ] if [ "_${2}" = "_smtp" -o "_${2}" = "_25" ]
@@ -562,41 +504,9 @@ check_file_status() {
set_returncode ${RETCODE_LOCAL} set_returncode ${RETCODE_LOCAL}
MIN_DATE=$(echo ${CERTDATE} | ${AWK} '{ print $1, $2, $4 }') MIN_DATE=$(echo ${CERTDATE} | ${AWK} '{ print $1, $2, $4 }')
set_summary ${RETCODE_LOCAL} ${HOST} ${PORT} "${MIN_DATE}" ${CERTDIFF} # set_summary ${RETCODE_LOCAL} ${HOST} ${PORT} "${MIN_DATE}" ${CERTDIFF}
} }
#################################
### Start of main program
#################################
while getopts abinNv:e:E:f:c:d:hk:p:s:t:qx:V option
do
case "${option}"
in
a) ALARM="TRUE";;
b) NOHEADER="TRUE";;
c) CERTFILE=${OPTARG};;
d) CERTDIRECTORY=${OPTARG};;
e) ADMIN=${OPTARG};;
E) SENDER=${OPTARG};;
f) SERVERFILE=$OPTARG;;
h) usage
exit 1;;
i) ISSUER="TRUE";;
k) PKCSDBPASSWD=${OPTARG};;
n) NAGIOS="TRUE";;
N) NAGIOS="TRUE"
NAGIOSSUMMARY="TRUE";;
p) PORT=$OPTARG;;
s) HOST=$OPTARG;;
t) CERTTYPE=$OPTARG;;
q) QUIET="TRUE";;
v) VERSION=$OPTARG;;
V) VALIDATION="TRUE";;
x) WARNDAYS=$OPTARG;;
\?) usage
exit 1;;
esac
done
### Check to make sure a openssl utility is available ### Check to make sure a openssl utility is available
if [ ! -f ${OPENSSL} ] if [ ! -f ${OPENSSL} ]
@@ -674,73 +584,6 @@ else
exit 1 exit 1
fi fi
### If a HOST and PORT were passed on the cmdline, use those values
if [ "${HOST}" != "" ] && [ "${PORT}" != "" ]
then
print_heading
check_server_status "${HOST}" "${PORT}"
print_summary
### If a file is passed to the "-f" option on the command line, check
### each certificate or server / port combination in the file to see if
### they are about to expire
elif [ -f "${SERVERFILE}" ]
then
print_heading
IFS=$'\n'
for LINE in `egrep -v '(^#|^$)' ${SERVERFILE}`
do
HOST=${LINE%% *}
PORT=${LINE#* }
IFS=" "
if [ "$PORT" = "FILE" ]
then
check_file_status ${HOST} "FILE" "${HOST}"
else
check_server_status "${HOST}" "${PORT}"
fi
done
IFS=${OLDIFS}
print_summary
### Check to see if the certificate in CERTFILE is about to expire
elif [ "${CERTFILE}" != "" ]
then
print_heading
check_file_status ${CERTFILE} "FILE" "${CERTFILE}"
print_summary
### Check to see if the certificates in CERTDIRECTORY are about to expire
elif [ "${CERTDIRECTORY}" != "" ] && (${FIND} -L ${CERTDIRECTORY} -type f > /dev/null 2>&1)
then
print_heading
for FILE in `${FIND} -L ${CERTDIRECTORY} -type f`; do
check_file_status ${FILE} "FILE" "${FILE}"
done
print_summary
### There was an error, so print a detailed usage message and exit
else
usage
exit 1
fi
### Remove the temporary files
if [ $DEBUG == 1 ]
then
echo "DEBUG: Certificate temporary file:"
cat ${CERT_TMP}
echo "DEBUG: Runtime information file:"
cat ${ERROR_TMP}
fi
rm -f ${CERT_TMP} ${ERROR_TMP} rm -f ${CERT_TMP} ${ERROR_TMP}
### Exit with a success indicator exit 0
if [ "${NAGIOS}" = "TRUE" ]
then
exit $RETCODE
else
exit 0
fi