--- a/check_cert.pl Mon Oct 15 12:36:02 2012 +0200
+++ b/check_cert.pl Mon Oct 15 16:02:36 2012 +0200
@@ -33,6 +33,7 @@
$ENV{LC_ALL} = "C";
sub process_file();
+sub excluded_files();
sub print_help();
sub print_usage();
sub version($$);
@@ -50,7 +51,8 @@
my $VERSION = "0.5";
my $hash_file = "/var/tmp/" . basename($0) . ".known.db";
my %known;
-my %certs = ();
+my %certs = ();
+my @excludes = ();
my $no_print =
"no_header,no_version,no_serial,no_validity,no_subject,no_issuer,no_pubkey,no_sigdump,no_extensions";
my @cmd_x509 = (
@@ -71,7 +73,7 @@
"signature" => "md5WithRSAEncryption",
"warning" => "1month",
"critical" => "1week",
- "excluded" => "",
+ "exclude" => "",
"debug" => 0
);
@@ -103,6 +105,8 @@
%known = () if $opt{init};
my @directorys = split(/,/, join(',', $opt{directory})) if $opt{directory};
+
+ excluded_files();
find({ wanted => \&process_file }, @directorys);
# calculate the time
@@ -153,7 +157,7 @@
exit $ERRORS{"CRITICAL"};
}
elsif (@warning) {
- print "CERT WARNING: @warning\n";
+ print "CERT WARNING: " . join("\n", @warning) . "\n";
exit $ERRORS{"WARNING"};
}
else {
@@ -166,6 +170,18 @@
exit;
}
+sub excluded_files() {
+ if ($opt{exclude}) {
+ open(EXCLUDES, "$opt{exclude}") || die "Can't open: $!";
+ while (<EXCLUDES>) {
+ /^(#.*)?$/ and next;
+ chomp;
+ push @excludes, $_;
+ }
+ close(EXCLUDES);
+ }
+}
+
sub process_file() {
return if not -f;
@@ -176,7 +192,6 @@
my ($rc, $temp, $signature, $subject, $enddate);
# excluded files
- my @excludes = split(/,/, join(',', $opt{exclude})) if $opt{exclude};
foreach my $exclude_file (@excludes) {
if ($exclude_file eq $File::Find::name) {
$known{$File::Find::name} = $id;
@@ -304,6 +319,8 @@
=head1 SYNOPSIS
+check_cert [B<-i>|B<--init>]
+
check_cert [B<-b>|B<--binary>]
check_cert [B<-d>|B<--directory>]
@@ -328,6 +345,10 @@
=over
+=item B<-i>|B<--init>
+
+Initiate file-data hash.
+
=item B<-b>|B<--binary>
Path to openssl binary (default: /usr/bin/openssl).
@@ -350,7 +371,7 @@
=item B<-e>|B<--exclude>
-Absolute path of excluded files, use comma-separated lists for multiple files.
+Absolute path of file to read excluded files.
=item B<-D>|B<--debug>