| changeset 5 | 0aa961b42ea7 |
| parent 4 | fe368de5cf81 |
| 4:fe368de5cf81 | 5:0aa961b42ea7 |
|---|---|
31 delete @ENV{ grep /^LC_/ => keys %ENV }; |
31 delete @ENV{ grep /^LC_/ => keys %ENV }; |
32 $ENV{LANG} = "C"; |
32 $ENV{LANG} = "C"; |
33 $ENV{LC_ALL} = "C"; |
33 $ENV{LC_ALL} = "C"; |
34 |
34 |
35 sub process_file(); |
35 sub process_file(); |
36 sub excluded_files(); |
|
36 sub print_help(); |
37 sub print_help(); |
37 sub print_usage(); |
38 sub print_usage(); |
38 sub version($$); |
39 sub version($$); |
39 |
40 |
40 my %ERRORS = ( |
41 my %ERRORS = ( |
48 my $ME = basename $0; |
49 my $ME = basename $0; |
49 my $NAME = "CERT"; |
50 my $NAME = "CERT"; |
50 my $VERSION = "0.5"; |
51 my $VERSION = "0.5"; |
51 my $hash_file = "/var/tmp/" . basename($0) . ".known.db"; |
52 my $hash_file = "/var/tmp/" . basename($0) . ".known.db"; |
52 my %known; |
53 my %known; |
53 my %certs = (); |
54 my %certs = (); |
55 my @excludes = (); |
|
54 my $no_print = |
56 my $no_print = |
55 "no_header,no_version,no_serial,no_validity,no_subject,no_issuer,no_pubkey,no_sigdump,no_extensions"; |
57 "no_header,no_version,no_serial,no_validity,no_subject,no_issuer,no_pubkey,no_sigdump,no_extensions"; |
56 my @cmd_x509 = ( |
58 my @cmd_x509 = ( |
57 "openssl", "x509", "-noout", "-text", |
59 "openssl", "x509", "-noout", "-text", |
58 "-certopt", "$no_print", "-subject", "-enddate" |
60 "-certopt", "$no_print", "-subject", "-enddate" |
69 "binary" => "/usr/bin/openssl", |
71 "binary" => "/usr/bin/openssl", |
70 "directory" => "/etc", |
72 "directory" => "/etc", |
71 "signature" => "md5WithRSAEncryption", |
73 "signature" => "md5WithRSAEncryption", |
72 "warning" => "1month", |
74 "warning" => "1month", |
73 "critical" => "1week", |
75 "critical" => "1week", |
74 "excluded" => "", |
76 "exclude" => "", |
75 "debug" => 0 |
77 "debug" => 0 |
76 ); |
78 ); |
77 |
79 |
78 my ($file, $w_time, $c_time); |
80 my ($file, $w_time, $c_time); |
79 |
81 |
101 |
103 |
102 # initiate file-data hash |
104 # initiate file-data hash |
103 %known = () if $opt{init}; |
105 %known = () if $opt{init}; |
104 |
106 |
105 my @directorys = split(/,/, join(',', $opt{directory})) if $opt{directory}; |
107 my @directorys = split(/,/, join(',', $opt{directory})) if $opt{directory}; |
108 |
|
109 excluded_files(); |
|
106 find({ wanted => \&process_file }, @directorys); |
110 find({ wanted => \&process_file }, @directorys); |
107 |
111 |
108 # calculate the time |
112 # calculate the time |
109 $w_time = DateCalc("today", "+ $opt{warning}"); |
113 $w_time = DateCalc("today", "+ $opt{warning}"); |
110 $c_time = DateCalc("today", "+ $opt{critical}"); |
114 $c_time = DateCalc("today", "+ $opt{critical}"); |
151 if (@critical) { |
155 if (@critical) { |
152 print "CERT CRITICAL: " . join("\n", @critical) . "\n"; |
156 print "CERT CRITICAL: " . join("\n", @critical) . "\n"; |
153 exit $ERRORS{"CRITICAL"}; |
157 exit $ERRORS{"CRITICAL"}; |
154 } |
158 } |
155 elsif (@warning) { |
159 elsif (@warning) { |
156 print "CERT WARNING: @warning\n"; |
160 print "CERT WARNING: " . join("\n", @warning) . "\n"; |
157 exit $ERRORS{"WARNING"}; |
161 exit $ERRORS{"WARNING"}; |
158 } |
162 } |
159 else { |
163 else { |
160 print "CERT OK: all certificates in limit\n"; |
164 print "CERT OK: all certificates in limit\n"; |
161 exit $ERRORS{"OK"}; |
165 exit $ERRORS{"OK"}; |
162 } |
166 } |
163 |
167 |
164 untie %known; |
168 untie %known; |
165 |
169 |
166 exit; |
170 exit; |
171 } |
|
172 |
|
173 sub excluded_files() { |
|
174 if ($opt{exclude}) { |
|
175 open(EXCLUDES, "$opt{exclude}") || die "Can't open: $!"; |
|
176 while (<EXCLUDES>) { |
|
177 /^(#.*)?$/ and next; |
|
178 chomp; |
|
179 push @excludes, $_; |
|
180 } |
|
181 close(EXCLUDES); |
|
182 } |
|
167 } |
183 } |
168 |
184 |
169 sub process_file() { |
185 sub process_file() { |
170 return if not -f; |
186 return if not -f; |
171 |
187 |
174 my $in_cert = 0; |
190 my $in_cert = 0; |
175 my @cert = (); |
191 my @cert = (); |
176 my ($rc, $temp, $signature, $subject, $enddate); |
192 my ($rc, $temp, $signature, $subject, $enddate); |
177 |
193 |
178 # excluded files |
194 # excluded files |
179 my @excludes = split(/,/, join(',', $opt{exclude})) if $opt{exclude}; |
|
180 foreach my $exclude_file (@excludes) { |
195 foreach my $exclude_file (@excludes) { |
181 if ($exclude_file eq $File::Find::name) { |
196 if ($exclude_file eq $File::Find::name) { |
182 $known{$File::Find::name} = $id; |
197 $known{$File::Find::name} = $id; |
183 return; |
198 return; |
184 } |
199 } |
302 |
317 |
303 check_chert - nagios plugin to check the expire date for openssl certificates |
318 check_chert - nagios plugin to check the expire date for openssl certificates |
304 |
319 |
305 =head1 SYNOPSIS |
320 =head1 SYNOPSIS |
306 |
321 |
322 check_cert [B<-i>|B<--init>] |
|
323 |
|
307 check_cert [B<-b>|B<--binary>] |
324 check_cert [B<-b>|B<--binary>] |
308 |
325 |
309 check_cert [B<-d>|B<--directory>] |
326 check_cert [B<-d>|B<--directory>] |
310 |
327 |
311 check_cert [B<-w>|B<--warning>] |
328 check_cert [B<-w>|B<--warning>] |
326 |
343 |
327 =head1 OPTIONS |
344 =head1 OPTIONS |
328 |
345 |
329 =over |
346 =over |
330 |
347 |
348 =item B<-i>|B<--init> |
|
349 |
|
350 Initiate file-data hash. |
|
351 |
|
331 =item B<-b>|B<--binary> |
352 =item B<-b>|B<--binary> |
332 |
353 |
333 Path to openssl binary (default: /usr/bin/openssl). |
354 Path to openssl binary (default: /usr/bin/openssl). |
334 |
355 |
335 =item B<-w>|B<--warning> |
356 =item B<-w>|B<--warning> |
348 |
369 |
349 Return WARNING status if <signature algorithm> is used (default: md5WithRSAEncryption). |
370 Return WARNING status if <signature algorithm> is used (default: md5WithRSAEncryption). |
350 |
371 |
351 =item B<-e>|B<--exclude> |
372 =item B<-e>|B<--exclude> |
352 |
373 |
353 Absolute path of excluded files, use comma-separated lists for multiple files. |
374 Absolute path of file to read excluded files. |
354 |
375 |
355 =item B<-D>|B<--debug> |
376 =item B<-D>|B<--debug> |
356 |
377 |
357 Enable debug mode. |
378 Enable debug mode. |
358 |
379 |