# HG changeset patch
# User arnold
# Date 1245313719 0
# Node ID 50f5a78ba6fa9b7b6bd9b8e629c7570569c3e9df
# Parent  b4dbae8f141c26d6e2d841cd639c1d8e215661d5
Return WARNING status if <signature algorithm> is used.

diff -r b4dbae8f141c -r 50f5a78ba6fa check_cert.pl
--- a/check_cert.pl	Tue Jun 16 14:08:35 2009 +0000
+++ b/check_cert.pl	Thu Jun 18 08:28:39 2009 +0000
@@ -35,7 +35,7 @@
     "f=s" => \@opt_certfiles, "certfile=s" => \@opt_certfiles);
 
 if ($opt_V) {
-    print_revision($ME, "0.1");
+    print_revision($ME, "0.3");
     exit $ERRORS{"OK"};
 }
 
@@ -131,7 +131,7 @@
 foreach (sort keys %certs) {
     if (@{$certs{$_}}[2]) {
         if (@{$certs{$_}}[2] eq "$opt_s") {
-            push (@critical, "file: $_, CN=@{$certs{$_}}[0] Signature Algorithm: @{$certs{$_}}[2]");
+            push (@warning, "file: $_, CN=@{$certs{$_}}[0] Signature Algorithm: @{$certs{$_}}[2]");
         }
     }
 
@@ -176,7 +176,7 @@
     print "     Certificat should not be more than this time older (default: 1week)\n";
     print "     For time can be used year, month, day, hour, minute, second and weeks.\n";
     print "  -s, --signature <signature algorithm>\n";
-    print "     Return CRITICAL stauts if <signature algorithm> is used.\n";
+    print "     Return WARNING status if <signature algorithm> is used (default: md5WithRSAEncryption).\n";
     print "  -f, --certfile <file,file,file, ...>\n";
     print "     Absolute path of x509 or pkcs12 openssl certificate files, use comma-separated lists for multiple files.\n";
     print "  -h, --help\n";
diff -r b4dbae8f141c -r 50f5a78ba6fa debian/changelog
--- a/debian/changelog	Tue Jun 16 14:08:35 2009 +0000
+++ b/debian/changelog	Thu Jun 18 08:28:39 2009 +0000
@@ -1,3 +1,22 @@
+nagios-plugin-cert (1.0-4) stable; urgency=low
+
+  * Return WARNING status if <signature algorithm> is used.
+
+ -- Christian Arnold <arnold@hopper.home.site>  Thu, 18 Jun 2009 10:21:41 +0200
+
+nagios-plugin-cert (1.0-3) stable; urgency=low
+
+  * bulid for all architectures
+
+ -- Christian Arnold <arnold@hopper.home.site>  Tue, 16 Jun 2009 17:08:03 +0200
+
+nagios-plugin-cert (1.0-2) stable; urgency=low
+
+  * Non-maintainer upload.
+  * Return CRITICAL stauts if <signature algorithm> is used.
+
+ -- Christian Arnold <arnold@hopper.home.site>  Tue, 16 Jun 2009 16:11:40 +0200
+
 nagios-plugin-cert (1.0-1) stable; urgency=low
 
   * Initial release
diff -r b4dbae8f141c -r 50f5a78ba6fa debian/control
--- a/debian/control	Tue Jun 16 14:08:35 2009 +0000
+++ b/debian/control	Thu Jun 18 08:28:39 2009 +0000
@@ -1,12 +1,12 @@
 Source: nagios-plugin-cert
-Section: unknown
+Section: net
 Priority: extra
 Maintainer: Christian Arnold <arnold@schlittermann.de>
 Build-Depends: debhelper (>= 5), autotools-dev
 Standards-Version: 3.7.2
 
 Package: nagios-plugin-cert
-Architecture: any
+Architecture: all
 Depends: ${shlibs:Depends}, ${misc:Depends}, perl, libdate-manip-perl, openssl
 Description: nagios plugin to check openssl certificates
  This plugin checks the expire date of x509 and pkcs12 certificates.
diff -r b4dbae8f141c -r 50f5a78ba6fa debian/nagios-plugin-cert/DEBIAN/control
--- a/debian/nagios-plugin-cert/DEBIAN/control	Tue Jun 16 14:08:35 2009 +0000
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,10 +0,0 @@
-Package: nagios-plugin-cert
-Version: 1.0-1
-Section: unknown
-Priority: extra
-Architecture: i386
-Depends: perl, libdate-manip-perl, openssl
-Installed-Size: 68
-Maintainer: Christian Arnold <arnold@schlittermann.de>
-Description: nagios plugin to check openssl certificates
- This plugin checks the expire date of x509 and pkcs12 certificates.
diff -r b4dbae8f141c -r 50f5a78ba6fa debian/nagios-plugin-cert/DEBIAN/md5sums
--- a/debian/nagios-plugin-cert/DEBIAN/md5sums	Tue Jun 16 14:08:35 2009 +0000
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,4 +0,0 @@
-2a7a64ca94e12b1b7f672d3dc62fdd48  usr/share/doc/nagios-plugin-cert/copyright
-61d6b2df68417be9f3a74e0a9bfc1bcb  usr/share/doc/nagios-plugin-cert/changelog.Debian.gz
-5bee9abf19f361eafbf96d0d117cfd2c  usr/share/doc/nagios-plugin-cert/README.Debian
-3b5d81661336c513cd4b0ded0dcdf36f  usr/lib/nagios/plugins/ius/check_cert
diff -r b4dbae8f141c -r 50f5a78ba6fa debian/nagios-plugin-cert/usr/lib/nagios/plugins/ius/check_cert
--- a/debian/nagios-plugin-cert/usr/lib/nagios/plugins/ius/check_cert	Tue Jun 16 14:08:35 2009 +0000
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,180 +0,0 @@
-#!/usr/bin/perl -w
-# $Id$
-# $URL$
-
-use strict;
-use warnings;
-use File::Basename;
-use Getopt::Long;
-use Date::Manip;
-use IPC::Open2;
-use lib "/usr/lib/nagios/plugins";
-use utils qw (%ERRORS &print_revision &support);
-
-sub print_help();
-sub print_usage();
-
-my $ME = basename $0;
-my ($opt_w, $opt_c, $opt_V, $opt_h, $opt_b, @opt_certfiles);
-my ($w_time, $c_time, $result, $message, %certs);
-my (@critical, @warning);
-
-$opt_w = "1month";
-$opt_c = "1week";
-$opt_b = "/usr/bin/openssl";
-
-Getopt::Long::Configure('bundling');
-GetOptions(
-    "V"   => \$opt_V, "version"    => \$opt_V,
-    "h"   => \$opt_h, "help"       => \$opt_h,
-    "b=s" => \$opt_b, "binary"     => \$opt_b,
-    "w=s" => \$opt_w, "warning=s"  => \$opt_w,
-    "c=s" => \$opt_c, "critical=s" => \$opt_c,
-    "f=s" => \@opt_certfiles, "certfile=s" => \@opt_certfiles);
-
-if ($opt_V) {
-    print_revision($ME, "0.1");
-    exit $ERRORS{"OK"};
-}
-
-if ($opt_h) {
-    print_help();
-    exit $ERRORS{"OK"};
-}
-
-# check openssl binary
-unless (-x $opt_b) {
-    print "CERT CRITICAL: OpenSSL not found or not executable - $opt_b\n";
-    exit $ERRORS{"CRITICAL"};
-}
-
-unless(@opt_certfiles) {
-    print "CERT WARNING: Not defined any certificate files\n";
-    exit $ERRORS{"WARNING"};
-}
-
-@opt_certfiles = split(/,/, join(',', @opt_certfiles));
-
-# extract certificate data
-foreach my $file (@opt_certfiles) {
-    unless (-r $file) {
-	print "CERT CRITICAL: $file - not exists or not read permission is granted\n";
-	exit $ERRORS{"CRITICAL"};
-    }
-    my @cmd_x509 = ($opt_b, "x509", "-in", $file, "-noout", "-subject", "-enddate");
-    my @cmd_pkcs12 = ($opt_b, "pkcs12", "-in", $file, "-clcerts", "-nokeys", "-nomacver", "-passin", "pass:");
-    my @cmd_pipe = ($opt_b, "x509", "-noout", "-subject", "-enddate");
-    my ($temp, $cn, $enddate, $rc);
-    open(CERT, "-|") or do {
-	open(STDERR, ">&STDOUT");
-	exec(@cmd_x509);
-    };
-
-    # check x509 certificates
-    while(<CERT>) {
-	/unable to load certificate/ and $rc = 1 and last;
-	/^subject=\s.*CN=(.*)\s+$/ and $cn = $1;
-	/^notAfter=(.*)\s+$/ and $enddate = $1;
-    }
-    close(CERT);
-
-    # check pkcs12 certificates
-    if ($rc) {
-	open(PKCS12, "@cmd_pkcs12 |");
-
-	while(<PKCS12>) {
-	    $temp .= $_;
-	}
-	close(PKCS12);
-
-	local (*READ, *WRITE);
-	open2(\*READ, \*WRITE,  @cmd_pipe) or die "Can't fork: $!\n";
-	print WRITE $temp;
-	close(WRITE);
-
-	while(<READ>) {
-	    /unable to load certificate/ and print "CERT CRITICAL: unable to load certificate\n" and exit $ERRORS{"CRITICAL"};
-	    /^subject=\s.*CN=(.*)\s+$/ and $cn = $1;
-	    /^notAfter=(.*)\s+$/ and $enddate = $1;
-	}
-	close(READ);
-    }
-    # fill the hash
-    push ( @{$certs{$file}}, ($cn, $enddate) );
-}
-
-# calculate the time
-$w_time = DateCalc("today", "+ $opt_w");
-$c_time = DateCalc("today", "+ $opt_c");
-
-# check expire date
-foreach (sort keys %certs) {
-    my $enddate;
-    if (@{$certs{$_}}[1] =~ /(\w+\s+\d+\s+\d+:\d+:\d+\s+\d+)/) { $enddate = $1; }
-    $enddate = ParseDate($enddate);
-    unless ($enddate) {
-	print "CERT CRITICAL: Can't parse enddate\n";
-	exit $ERRORS{"CRITICAL"};
-    }
-
-    &Date_Cmp($enddate, $w_time) > 0 and push (@{$certs{$_}}, "OK"), next;
-    &Date_Cmp($enddate, $c_time) > 0 and push (@{$certs{$_}}, "WARNING"), next;
-    push (@{$certs{$_}}, "CRITICAL");
-}
-
-# looking for stats
-foreach (sort keys %certs) {
-    if (@{$certs{$_}}[2] eq "WARNING") {
-	push (@warning, "file: $_, CN=@{$certs{$_}}[0] expires @{$certs{$_}}[1]");
-    } elsif (@{$certs{$_}}[2] eq "CRITICAL") {
-	push (@critical, "file: $_, CN=@{$certs{$_}}[0] expires @{$certs{$_}}[1]");
-    }
-}
-
-# return the state
-if (@critical) {
-    print "CERT CRITICAL: @critical\n";
-    exit $ERRORS{"CRITICAL"};
-} elsif (@warning) {
-    print "CERT WARNING: @warning\n";
-    exit $ERRORS{"WARNING"};
-} else {
-    print "CERT OK: all certificates in limit\n";
-    exit $ERRORS{"OK"};
-}
-
-sub print_usage() {
-    print "Usage:\n";
-    print "  $ME [-b <binary>] [-w <time>] [-c <time>] [-f <file,file,file,...>]\n";
-    print "  $ME [-h | --help]\n";
-    print "  $ME [-V | --version]\n";
-}
-
-sub print_help() {
-    print_revision($ME, "0.1");
-    print "Copyright (c) 2008 Christian Arnold\n\n";
-    print "This plugin checks the expire date for openssl certificates.\n\n";
-    print_usage();
-    print "\n";
-    print "  -b, --binary <binary>\n";
-    print "     Path of openssl binary (default: /usr/bin/openssl)\n";
-    print "  -w, --warning <time>\n";
-    print "     Certificat should not be more than this time older (default: 1month)\n";
-    print "     For time can be used year, month, day, hour, minute, second and weeks.\n";
-    print "  -c, --critical <time>\n";
-    print "     Certificat should not be more than this time older (default: 1week)\n";
-    print "     For time can be used year, month, day, hour, minute, second and weeks.\n";
-    print "  -f, --certfile <file,file,file, ...>\n";
-    print "     Absolute path of x509 or pkcs12 openssl certificate files, use comma-separated lists for multiple files.\n";
-    print "  -h, --help\n";
-    print "     Print detailed help screen\n";
-    print "  -V, --version\n";
-    print "     Print version information\n";
-    print "\n";
-    support();
-}
-
-
-exit;
-
-# vim:sts=4 sw=4 aw ai sm:
diff -r b4dbae8f141c -r 50f5a78ba6fa debian/nagios-plugin-cert/usr/share/doc/nagios-plugin-cert/README.Debian
--- a/debian/nagios-plugin-cert/usr/share/doc/nagios-plugin-cert/README.Debian	Tue Jun 16 14:08:35 2009 +0000
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,6 +0,0 @@
-nagios-plugin-cert for Debian
------------------------------
-
-<possible notes regarding this package - if none, delete this file>
-
- -- Christian Arnold <arnold@schlittermann.de>  Thu,  4 Dec 2008 14:28:26 +0100
diff -r b4dbae8f141c -r 50f5a78ba6fa debian/nagios-plugin-cert/usr/share/doc/nagios-plugin-cert/changelog.Debian.gz
Binary file debian/nagios-plugin-cert/usr/share/doc/nagios-plugin-cert/changelog.Debian.gz has changed
diff -r b4dbae8f141c -r 50f5a78ba6fa debian/nagios-plugin-cert/usr/share/doc/nagios-plugin-cert/copyright
--- a/debian/nagios-plugin-cert/usr/share/doc/nagios-plugin-cert/copyright	Tue Jun 16 14:08:35 2009 +0000
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,35 +0,0 @@
-This package was debianized by Christian Arnold <arnold@schlittermann.de> on
-Thu,  4 Dec 2008 14:28:26 +0100.
-
-It was downloaded from <fill in http/ftp site>
-
-Upstream Author: <put author(s) name and email here>
-
-Copyright: <put the year(s) of the copyright, and the names of the
-            copyright holder(s) here>
-
-License:
-
-   This package is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2 of the License, or
-   (at your option) any later version.
-
-   This package is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with this package; if not, write to the Free Software
-   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301 USA
-
-On Debian systems, the complete text of the GNU General
-Public License can be found in `/usr/share/common-licenses/GPL'.
-
-The Debian packaging is (C) 2008, Christian Arnold <arnold@schlittermann.de> and
-is licensed under the GPL, see above.
-
-
-# Please also look if there are files or directories which have a
-# different copyright/license attached and list them here.