1 #! /usr/bin/perl -w

     2 

     3 #    Copyright (C) 2011  Christian Arnold

     4 #

     5 #    This program is free software: you can redistribute it and/or modify

     6 #    it under the terms of the GNU General Public License as published by

     7 #    the Free Software Foundation, either version 3 of the License, or

     8 #    (at your option) any later version.

     9 #

    10 #    This program is distributed in the hope that it will be useful,

    11 #    but WITHOUT ANY WARRANTY; without even the implied warranty of

    12 #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

    13 #    GNU General Public License for more details.

    14 #

    15 #    You should have received a copy of the GNU General Public License

    16 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.

    17 #

    18 #    Christian Arnold <arnold@schlittermann.de>

    19 

    20 use 5.010;

    21 use warnings;

    22 use strict;

    23 use if $ENV{DEBUG} => "Smart::Comments";

    24 use File::Basename;

    25 use Pod::Usage;

    26 use Getopt::Long;

    27 use Date::Manip;

    28 

    29 my %ERRORS = (

    30     OK        => 0,

    31     WARNING   => 1,

    32     CRITICAL  => 2,

    33     UNKNOWN   => 3,

    34     DEPENDENT => 4

    35 );

    36 

    37 my $ME      = basename $0;

    38 my $VERSION = "0.1";

    39 

    40 sub get_status($);

    41 sub report($);

    42 

    43 my %opt = (

    44     file     => "/root/CLIENT-CERTS/status.dat",

    45     warning  => "1month",

    46     critical => "1week"

    47 );

    48 

    49 MAIN: {

    50     Getopt::Long::Configure('bundling');

    51     GetOptions(

    52         "f|file=s"     => \$opt{file},

    53         "w|warning=s"  => \$opt{warning},

    54         "c|critical=s" => \$opt{critical},

    55         "h|help" => sub { pod2usage( -verbose => 1, -exitval => $ERRORS{OK} ) },

    56         "m|man" => sub { pod2usage( -verbose => 2, -exitval => $ERRORS{OK} ) },

    57         "V|version" => sub { version( $ME, $VERSION ); exit $ERRORS{OK}; }

    58     ) or pod2usage( -verbose => 1, -exitval => $ERRORS{CRITICAL} );

    59 

    60     ### %opt

    61 

    62     report( get_status( $opt{file} ) );

    63 }

    64 

    65 sub get_status($) {

    66     my $file   = shift;

    67     my %certs  = ();

    68     my $w_time = DateCalc( "today", "+ $opt{warning}" );

    69     my $c_time = DateCalc( "today", "+ $opt{critical}" );

    70     my $rc     = 0;

    71 

    72     open( FILE, $file )

    73       or do {

    74         say "CERT CRITICAL: $file $!";

    75         exit $ERRORS{CRITICAL};

    76       };

    77 

    78     while (<FILE>) {

    79         next if /^#/;

    80         next if /^\s+$/;

    81         my ( $client, $date ) = split( /;/, $_ );

    82         my $pdate = ParseDate($date);

    83         chomp($date);

    84         &Date_Cmp( $pdate, $w_time ) < 0 and $rc = 1;

    85         &Date_Cmp( $pdate, $c_time ) < 0 and $rc = 2;

    86         if ( $rc == 0 ) {

    87             push( @{ $certs{$client} }, $date, "OK" );

    88         }

    89         elsif ( $rc == 1 ) {

    90             push( @{ $certs{$client} }, $date, "WARNING" );

    91             $rc = 0;

    92         }

    93         else {

    94             push( @{ $certs{$client} }, $date, "CRITICAL" );

    95             $rc = 0;

    96         }

    97     }

    98     close(FILE);

    99 

   100     ### %certs

   101 

   102     return \%certs;

   103 }

   104 

   105 sub report($) {

   106     my $certs = shift;

   107     my ( @ok, @warning, @critical ) = ();

   108 

   109     foreach ( sort keys %$certs ) {

   110         if ( $certs->{$_}[1] eq "WARNING" ) {

   111             push( @warning, "$_ client certificate expires $certs->{$_}[0]" );

   112         }

   113         elsif ( $certs->{$_}[1] eq "CRITICAL" ) {

   114             push( @critical, "$_ client certificate expires $certs->{$_}[0]" );

   115         }

   116         else {

   117             push( @ok, "$_ client certificate expires $certs->{$_}[0]" );

   118         }

   119     }

   120 

   121     ### @critical

   122     ### @warning

   123     ### @ok

   124 

   125     if (@critical) {

   126         say "CERT CRITICAL: " . join( " ", @critical );

   127         exit $ERRORS{"CRITICAL"};

   128     }

   129     elsif (@warning) {

   130         say "CERT WARNING: " . join( " ", @warning );

   131         exit $ERRORS{"WARNING"};

   132     }

   133     else {

   134         say "CERT OK: " . join( " ", @ok );

   135         exit $ERRORS{"OK"};

   136     }

   137 }

   138 

   139 __END__

   140 

   141 =head1 NAME

   142 

   143 check_client_cert - nagios plugin to check ssl client certificate expire date

   144 

   145 =head1 SYNOPSIS

   146 

   147 check_client_cert -f|--file path

   148                  [-w|--warning string]

   149                  [-c|--critical string]

   150 

   151                  check_client_cert [-h|--help]

   152                  check_client_cert [-m|--man]

   153                  check_client_cert [-v|--version]

   154 

   155 =head1 OPTIONS

   156 

   157 =over

   158 

   159 =item B<-f>|B<--file> I<path>

   160 

   161 File with client certificate status informations.

   162 A I<#> character at the beginning of a line is a comment. For file syntax, see I<EXAMPLES>.

   163 Multiple lines are supported. (default: I</root/CLIENT-CERTS/status.dat>)

   164 

   165 =item B<-w>|B<--warning> I<string>

   166 

   167 Time before change to warning status. (default: I<1month>)

   168 

   169 =item B<-c>|B<--critical> I<string>

   170 

   171 Time before change to critical status. (default: I<1week>)

   172 

   173 =item B<-h>|B<--help>

   174 

   175 Print detailed help screen.

   176 

   177 =item B<-m>|B<--man>

   178 

   179 Print manual page.

   180 

   181 =item B<-V>|B<--version>

   182 

   183 Print version information.

   184 

   185 =back

   186 

   187 =head1 DESCRIPTION

   188 

   189 This plugin check ssl client certificate expire date. B<This status information must be entered manually in the status file.>

   190 

   191 =head1 EXAMPLES

   192 

   193 =over

   194 

   195 =item B<content of status information file>

   196 

   197  host1.foo.bar;Feb 01 16:32:00 2010

   198  host2.foo.bar;Feb 10 14:12:00 2011

   199  host3.foo.bar;Feb 20 23:45:00 2009

   200 

   201 =back

   202 

   203 =head1 VERSION

   204 

   205 This man page is current for version 0.1 of check_client_cert.

   206 

   207 =head1 AUTHOR

   208 

   209 Written by Christian Arnold L<arnold@schlittermann.de>

   210 

   211 =head1 COPYRIGHT

   212 

   213 Copyright (C) 2011 by Christian Arnold and Schlittermann internet & unix support.

   214 This is free software, and you are welcome to redistribute it under certain conditions.

   215 See the GNU General Public Licence for details.

   216 

   217 =cut