Return WARNING status if <signature algorithm> is used.
--- a/check_cert.pl Tue Jun 16 14:08:35 2009 +0000
+++ b/check_cert.pl Thu Jun 18 08:28:39 2009 +0000
@@ -35,7 +35,7 @@
"f=s" => \@opt_certfiles, "certfile=s" => \@opt_certfiles);
if ($opt_V) {
- print_revision($ME, "0.1");
+ print_revision($ME, "0.3");
exit $ERRORS{"OK"};
}
@@ -131,7 +131,7 @@
foreach (sort keys %certs) {
if (@{$certs{$_}}[2]) {
if (@{$certs{$_}}[2] eq "$opt_s") {
- push (@critical, "file: $_, CN=@{$certs{$_}}[0] Signature Algorithm: @{$certs{$_}}[2]");
+ push (@warning, "file: $_, CN=@{$certs{$_}}[0] Signature Algorithm: @{$certs{$_}}[2]");
}
}
@@ -176,7 +176,7 @@
print " Certificat should not be more than this time older (default: 1week)\n";
print " For time can be used year, month, day, hour, minute, second and weeks.\n";
print " -s, --signature <signature algorithm>\n";
- print " Return CRITICAL stauts if <signature algorithm> is used.\n";
+ print " Return WARNING status if <signature algorithm> is used (default: md5WithRSAEncryption).\n";
print " -f, --certfile <file,file,file, ...>\n";
print " Absolute path of x509 or pkcs12 openssl certificate files, use comma-separated lists for multiple files.\n";
print " -h, --help\n";
--- a/debian/changelog Tue Jun 16 14:08:35 2009 +0000
+++ b/debian/changelog Thu Jun 18 08:28:39 2009 +0000
@@ -1,3 +1,22 @@
+nagios-plugin-cert (1.0-4) stable; urgency=low
+
+ * Return WARNING status if <signature algorithm> is used.
+
+ -- Christian Arnold <arnold@hopper.home.site> Thu, 18 Jun 2009 10:21:41 +0200
+
+nagios-plugin-cert (1.0-3) stable; urgency=low
+
+ * bulid for all architectures
+
+ -- Christian Arnold <arnold@hopper.home.site> Tue, 16 Jun 2009 17:08:03 +0200
+
+nagios-plugin-cert (1.0-2) stable; urgency=low
+
+ * Non-maintainer upload.
+ * Return CRITICAL stauts if <signature algorithm> is used.
+
+ -- Christian Arnold <arnold@hopper.home.site> Tue, 16 Jun 2009 16:11:40 +0200
+
nagios-plugin-cert (1.0-1) stable; urgency=low
* Initial release
--- a/debian/control Tue Jun 16 14:08:35 2009 +0000
+++ b/debian/control Thu Jun 18 08:28:39 2009 +0000
@@ -1,12 +1,12 @@
Source: nagios-plugin-cert
-Section: unknown
+Section: net
Priority: extra
Maintainer: Christian Arnold <arnold@schlittermann.de>
Build-Depends: debhelper (>= 5), autotools-dev
Standards-Version: 3.7.2
Package: nagios-plugin-cert
-Architecture: any
+Architecture: all
Depends: ${shlibs:Depends}, ${misc:Depends}, perl, libdate-manip-perl, openssl
Description: nagios plugin to check openssl certificates
This plugin checks the expire date of x509 and pkcs12 certificates.
--- a/debian/nagios-plugin-cert/DEBIAN/control Tue Jun 16 14:08:35 2009 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,10 +0,0 @@
-Package: nagios-plugin-cert
-Version: 1.0-1
-Section: unknown
-Priority: extra
-Architecture: i386
-Depends: perl, libdate-manip-perl, openssl
-Installed-Size: 68
-Maintainer: Christian Arnold <arnold@schlittermann.de>
-Description: nagios plugin to check openssl certificates
- This plugin checks the expire date of x509 and pkcs12 certificates.
--- a/debian/nagios-plugin-cert/DEBIAN/md5sums Tue Jun 16 14:08:35 2009 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,4 +0,0 @@
-2a7a64ca94e12b1b7f672d3dc62fdd48 usr/share/doc/nagios-plugin-cert/copyright
-61d6b2df68417be9f3a74e0a9bfc1bcb usr/share/doc/nagios-plugin-cert/changelog.Debian.gz
-5bee9abf19f361eafbf96d0d117cfd2c usr/share/doc/nagios-plugin-cert/README.Debian
-3b5d81661336c513cd4b0ded0dcdf36f usr/lib/nagios/plugins/ius/check_cert
--- a/debian/nagios-plugin-cert/usr/lib/nagios/plugins/ius/check_cert Tue Jun 16 14:08:35 2009 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,180 +0,0 @@
-#!/usr/bin/perl -w
-# $Id$
-# $URL$
-
-use strict;
-use warnings;
-use File::Basename;
-use Getopt::Long;
-use Date::Manip;
-use IPC::Open2;
-use lib "/usr/lib/nagios/plugins";
-use utils qw (%ERRORS &print_revision &support);
-
-sub print_help();
-sub print_usage();
-
-my $ME = basename $0;
-my ($opt_w, $opt_c, $opt_V, $opt_h, $opt_b, @opt_certfiles);
-my ($w_time, $c_time, $result, $message, %certs);
-my (@critical, @warning);
-
-$opt_w = "1month";
-$opt_c = "1week";
-$opt_b = "/usr/bin/openssl";
-
-Getopt::Long::Configure('bundling');
-GetOptions(
- "V" => \$opt_V, "version" => \$opt_V,
- "h" => \$opt_h, "help" => \$opt_h,
- "b=s" => \$opt_b, "binary" => \$opt_b,
- "w=s" => \$opt_w, "warning=s" => \$opt_w,
- "c=s" => \$opt_c, "critical=s" => \$opt_c,
- "f=s" => \@opt_certfiles, "certfile=s" => \@opt_certfiles);
-
-if ($opt_V) {
- print_revision($ME, "0.1");
- exit $ERRORS{"OK"};
-}
-
-if ($opt_h) {
- print_help();
- exit $ERRORS{"OK"};
-}
-
-# check openssl binary
-unless (-x $opt_b) {
- print "CERT CRITICAL: OpenSSL not found or not executable - $opt_b\n";
- exit $ERRORS{"CRITICAL"};
-}
-
-unless(@opt_certfiles) {
- print "CERT WARNING: Not defined any certificate files\n";
- exit $ERRORS{"WARNING"};
-}
-
-@opt_certfiles = split(/,/, join(',', @opt_certfiles));
-
-# extract certificate data
-foreach my $file (@opt_certfiles) {
- unless (-r $file) {
- print "CERT CRITICAL: $file - not exists or not read permission is granted\n";
- exit $ERRORS{"CRITICAL"};
- }
- my @cmd_x509 = ($opt_b, "x509", "-in", $file, "-noout", "-subject", "-enddate");
- my @cmd_pkcs12 = ($opt_b, "pkcs12", "-in", $file, "-clcerts", "-nokeys", "-nomacver", "-passin", "pass:");
- my @cmd_pipe = ($opt_b, "x509", "-noout", "-subject", "-enddate");
- my ($temp, $cn, $enddate, $rc);
- open(CERT, "-|") or do {
- open(STDERR, ">&STDOUT");
- exec(@cmd_x509);
- };
-
- # check x509 certificates
- while(<CERT>) {
- /unable to load certificate/ and $rc = 1 and last;
- /^subject=\s.*CN=(.*)\s+$/ and $cn = $1;
- /^notAfter=(.*)\s+$/ and $enddate = $1;
- }
- close(CERT);
-
- # check pkcs12 certificates
- if ($rc) {
- open(PKCS12, "@cmd_pkcs12 |");
-
- while(<PKCS12>) {
- $temp .= $_;
- }
- close(PKCS12);
-
- local (*READ, *WRITE);
- open2(\*READ, \*WRITE, @cmd_pipe) or die "Can't fork: $!\n";
- print WRITE $temp;
- close(WRITE);
-
- while(<READ>) {
- /unable to load certificate/ and print "CERT CRITICAL: unable to load certificate\n" and exit $ERRORS{"CRITICAL"};
- /^subject=\s.*CN=(.*)\s+$/ and $cn = $1;
- /^notAfter=(.*)\s+$/ and $enddate = $1;
- }
- close(READ);
- }
- # fill the hash
- push ( @{$certs{$file}}, ($cn, $enddate) );
-}
-
-# calculate the time
-$w_time = DateCalc("today", "+ $opt_w");
-$c_time = DateCalc("today", "+ $opt_c");
-
-# check expire date
-foreach (sort keys %certs) {
- my $enddate;
- if (@{$certs{$_}}[1] =~ /(\w+\s+\d+\s+\d+:\d+:\d+\s+\d+)/) { $enddate = $1; }
- $enddate = ParseDate($enddate);
- unless ($enddate) {
- print "CERT CRITICAL: Can't parse enddate\n";
- exit $ERRORS{"CRITICAL"};
- }
-
- &Date_Cmp($enddate, $w_time) > 0 and push (@{$certs{$_}}, "OK"), next;
- &Date_Cmp($enddate, $c_time) > 0 and push (@{$certs{$_}}, "WARNING"), next;
- push (@{$certs{$_}}, "CRITICAL");
-}
-
-# looking for stats
-foreach (sort keys %certs) {
- if (@{$certs{$_}}[2] eq "WARNING") {
- push (@warning, "file: $_, CN=@{$certs{$_}}[0] expires @{$certs{$_}}[1]");
- } elsif (@{$certs{$_}}[2] eq "CRITICAL") {
- push (@critical, "file: $_, CN=@{$certs{$_}}[0] expires @{$certs{$_}}[1]");
- }
-}
-
-# return the state
-if (@critical) {
- print "CERT CRITICAL: @critical\n";
- exit $ERRORS{"CRITICAL"};
-} elsif (@warning) {
- print "CERT WARNING: @warning\n";
- exit $ERRORS{"WARNING"};
-} else {
- print "CERT OK: all certificates in limit\n";
- exit $ERRORS{"OK"};
-}
-
-sub print_usage() {
- print "Usage:\n";
- print " $ME [-b <binary>] [-w <time>] [-c <time>] [-f <file,file,file,...>]\n";
- print " $ME [-h | --help]\n";
- print " $ME [-V | --version]\n";
-}
-
-sub print_help() {
- print_revision($ME, "0.1");
- print "Copyright (c) 2008 Christian Arnold\n\n";
- print "This plugin checks the expire date for openssl certificates.\n\n";
- print_usage();
- print "\n";
- print " -b, --binary <binary>\n";
- print " Path of openssl binary (default: /usr/bin/openssl)\n";
- print " -w, --warning <time>\n";
- print " Certificat should not be more than this time older (default: 1month)\n";
- print " For time can be used year, month, day, hour, minute, second and weeks.\n";
- print " -c, --critical <time>\n";
- print " Certificat should not be more than this time older (default: 1week)\n";
- print " For time can be used year, month, day, hour, minute, second and weeks.\n";
- print " -f, --certfile <file,file,file, ...>\n";
- print " Absolute path of x509 or pkcs12 openssl certificate files, use comma-separated lists for multiple files.\n";
- print " -h, --help\n";
- print " Print detailed help screen\n";
- print " -V, --version\n";
- print " Print version information\n";
- print "\n";
- support();
-}
-
-
-exit;
-
-# vim:sts=4 sw=4 aw ai sm:
--- a/debian/nagios-plugin-cert/usr/share/doc/nagios-plugin-cert/README.Debian Tue Jun 16 14:08:35 2009 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,6 +0,0 @@
-nagios-plugin-cert for Debian
------------------------------
-
-<possible notes regarding this package - if none, delete this file>
-
- -- Christian Arnold <arnold@schlittermann.de> Thu, 4 Dec 2008 14:28:26 +0100
Binary file debian/nagios-plugin-cert/usr/share/doc/nagios-plugin-cert/changelog.Debian.gz has changed
--- a/debian/nagios-plugin-cert/usr/share/doc/nagios-plugin-cert/copyright Tue Jun 16 14:08:35 2009 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,35 +0,0 @@
-This package was debianized by Christian Arnold <arnold@schlittermann.de> on
-Thu, 4 Dec 2008 14:28:26 +0100.
-
-It was downloaded from <fill in http/ftp site>
-
-Upstream Author: <put author(s) name and email here>
-
-Copyright: <put the year(s) of the copyright, and the names of the
- copyright holder(s) here>
-
-License:
-
- This package is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This package is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this package; if not, write to the Free Software
- Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
-
-On Debian systems, the complete text of the GNU General
-Public License can be found in `/usr/share/common-licenses/GPL'.
-
-The Debian packaging is (C) 2008, Christian Arnold <arnold@schlittermann.de> and
-is licensed under the GPL, see above.
-
-
-# Please also look if there are files or directories which have a
-# different copyright/license attached and list them here.