ius/nagios/check-ssl-cert: changeset 5:0aa961b42ea7

--- a/check_cert.pl	Mon Oct 15 12:36:02 2012 +0200
+++ b/check_cert.pl	Mon Oct 15 16:02:36 2012 +0200
@@ -33,6 +33,7 @@
 $ENV{LC_ALL} = "C";
 
 sub process_file();
+sub excluded_files();
 sub print_help();
 sub print_usage();
 sub version($$);
@@ -50,7 +51,8 @@
 my $VERSION   = "0.5";
 my $hash_file = "/var/tmp/" . basename($0) . ".known.db";
 my %known;
-my %certs = ();
+my %certs    = ();
+my @excludes = ();
 my $no_print =
 "no_header,no_version,no_serial,no_validity,no_subject,no_issuer,no_pubkey,no_sigdump,no_extensions";
 my @cmd_x509 = (
@@ -71,7 +73,7 @@
     "signature" => "md5WithRSAEncryption",
     "warning"   => "1month",
     "critical"  => "1week",
-    "excluded"  => "",
+    "exclude"   => "",
     "debug"     => 0
 );
 
@@ -103,6 +105,8 @@
     %known = () if $opt{init};
 
     my @directorys = split(/,/, join(',', $opt{directory})) if $opt{directory};
+
+    excluded_files();
     find({ wanted => \&process_file }, @directorys);
 
     # calculate the time
@@ -153,7 +157,7 @@
         exit $ERRORS{"CRITICAL"};
     }
     elsif (@warning) {
-        print "CERT WARNING: @warning\n";
+        print "CERT WARNING: " . join("\n", @warning) . "\n";
         exit $ERRORS{"WARNING"};
     }
     else {
@@ -166,6 +170,18 @@
     exit;
 }
 
+sub excluded_files() {
+    if ($opt{exclude}) {
+        open(EXCLUDES, "$opt{exclude}") || die "Can't open: $!";
+        while (<EXCLUDES>) {
+            /^(#.*)?$/ and next;
+            chomp;
+            push @excludes, $_;
+        }
+        close(EXCLUDES);
+    }
+}
+
 sub process_file() {
     return if not -f;
 
@@ -176,7 +192,6 @@
     my ($rc, $temp, $signature, $subject, $enddate);
 
     # excluded files
-    my @excludes = split(/,/, join(',', $opt{exclude})) if $opt{exclude};
     foreach my $exclude_file (@excludes) {
         if ($exclude_file eq $File::Find::name) {
             $known{$File::Find::name} = $id;
@@ -304,6 +319,8 @@
 
 =head1 SYNOPSIS
 
+check_cert [B<-i>|B<--init>]
+
 check_cert [B<-b>|B<--binary>]
 
 check_cert [B<-d>|B<--directory>]
@@ -328,6 +345,10 @@
 
 =over
 
+=item B<-i>|B<--init>
+
+Initiate file-data hash.
+
 =item B<-b>|B<--binary>
 
 Path to openssl binary (default: /usr/bin/openssl).
@@ -350,7 +371,7 @@
 
 =item B<-e>|B<--exclude>
 
-Absolute path of excluded files, use comma-separated lists for multiple files.
+Absolute path of file to read excluded files.
 
 =item B<-D>|B<--debug>

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/exclude.example	Mon Oct 15 16:02:36 2012 +0200
@@ -0,0 +1,31 @@
+/etc/ssl/certs/06d75f4b.0
+/etc/ssl/certs/10d149a2.0
+/etc/ssl/certs/128b9c8d.0
+/etc/ssl/certs/256fd83b.0
+/etc/ssl/certs/31044350.0
+/etc/ssl/certs/408e388a.0
+/etc/ssl/certs/4643210f.0
+/etc/ssl/certs/54edfa5d.0
+/etc/ssl/certs/819a45f6.0
+/etc/ssl/certs/95750816.0
+/etc/ssl/certs/97b4211c.0
+/etc/ssl/certs/ABAecom_=sub.__Am._Bankers_Assn.=_Root_CA.pem
+/etc/ssl/certs/b8609e8a.0
+/etc/ssl/certs/beTRUSTed_Root_CA.pem
+/etc/ssl/certs/brasil.gov.br.pem
+/etc/ssl/certs/c9bc75ba.0
+/etc/ssl/certs/Digital_Signature_Trust_Co._Global_CA_2.pem
+/etc/ssl/certs/Digital_Signature_Trust_Co._Global_CA_4.pem
+/etc/ssl/certs/f64d9715.0
+/etc/ssl/certs/f73e89fd.0
+/etc/ssl/certs/GTE_CyberTrust_Root_CA.pem
+/etc/ssl/certs/IPS_Servidores_root.pem
+/etc/ssl/certs/signet_ca1_pem.pem
+/etc/ssl/certs/signet_ca3_pem.pem
+/etc/ssl/certs/signet_ocspklasa3_pem.pem
+/etc/ssl/certs/signet_tsa1_pem.pem
+/etc/ssl/certs/spi-ca-2003.pem
+/etc/ssl/certs/TC_TrustCenter__Germany__Class_2_CA.pem
+/etc/ssl/certs/TC_TrustCenter__Germany__Class_3_CA.pem
+/etc/ssl/certs/Verisign_RSA_Secure_Server_CA.pem
+/etc/ssl/certs/Verisign_Time_Stamping_Authority_CA.pem

author	arnold
	Mon, 15 Oct 2012 16:02:36 +0200
changeset 5	0aa961b42ea7
parent 4	fe368de5cf81

check_cert.pl		file \| annotate \| diff \| comparison \| revisions
exclude.example		file \| annotate \| diff \| comparison \| revisions