check_cert.pl
changeset 5 0aa961b42ea7
parent 4 fe368de5cf81
--- a/check_cert.pl	Mon Oct 15 12:36:02 2012 +0200
+++ b/check_cert.pl	Mon Oct 15 16:02:36 2012 +0200
@@ -33,6 +33,7 @@
 $ENV{LC_ALL} = "C";
 
 sub process_file();
+sub excluded_files();
 sub print_help();
 sub print_usage();
 sub version($$);
@@ -50,7 +51,8 @@
 my $VERSION   = "0.5";
 my $hash_file = "/var/tmp/" . basename($0) . ".known.db";
 my %known;
-my %certs = ();
+my %certs    = ();
+my @excludes = ();
 my $no_print =
 "no_header,no_version,no_serial,no_validity,no_subject,no_issuer,no_pubkey,no_sigdump,no_extensions";
 my @cmd_x509 = (
@@ -71,7 +73,7 @@
     "signature" => "md5WithRSAEncryption",
     "warning"   => "1month",
     "critical"  => "1week",
-    "excluded"  => "",
+    "exclude"   => "",
     "debug"     => 0
 );
 
@@ -103,6 +105,8 @@
     %known = () if $opt{init};
 
     my @directorys = split(/,/, join(',', $opt{directory})) if $opt{directory};
+
+    excluded_files();
     find({ wanted => \&process_file }, @directorys);
 
     # calculate the time
@@ -153,7 +157,7 @@
         exit $ERRORS{"CRITICAL"};
     }
     elsif (@warning) {
-        print "CERT WARNING: @warning\n";
+        print "CERT WARNING: " . join("\n", @warning) . "\n";
         exit $ERRORS{"WARNING"};
     }
     else {
@@ -166,6 +170,18 @@
     exit;
 }
 
+sub excluded_files() {
+    if ($opt{exclude}) {
+        open(EXCLUDES, "$opt{exclude}") || die "Can't open: $!";
+        while (<EXCLUDES>) {
+            /^(#.*)?$/ and next;
+            chomp;
+            push @excludes, $_;
+        }
+        close(EXCLUDES);
+    }
+}
+
 sub process_file() {
     return if not -f;
 
@@ -176,7 +192,6 @@
     my ($rc, $temp, $signature, $subject, $enddate);
 
     # excluded files
-    my @excludes = split(/,/, join(',', $opt{exclude})) if $opt{exclude};
     foreach my $exclude_file (@excludes) {
         if ($exclude_file eq $File::Find::name) {
             $known{$File::Find::name} = $id;
@@ -304,6 +319,8 @@
 
 =head1 SYNOPSIS
 
+check_cert [B<-i>|B<--init>]
+
 check_cert [B<-b>|B<--binary>]
 
 check_cert [B<-d>|B<--directory>]
@@ -328,6 +345,10 @@
 
 =over
 
+=item B<-i>|B<--init>
+
+Initiate file-data hash.
+
 =item B<-b>|B<--binary>
 
 Path to openssl binary (default: /usr/bin/openssl).
@@ -350,7 +371,7 @@
 
 =item B<-e>|B<--exclude>
 
-Absolute path of excluded files, use comma-separated lists for multiple files.
+Absolute path of file to read excluded files.
 
 =item B<-D>|B<--debug>