# HG changeset patch # User Christian Arnold # Date 1296564316 -3600 # Node ID f405871d06030689af53229bc18a6077d92a6301 import to mercurial diff -r 000000000000 -r f405871d0603 .perltidy --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/.perltidy Tue Feb 01 13:45:16 2011 +0100 @@ -0,0 +1,2 @@ +--paren-tightness=2 +--square-bracket-tightness=2 diff -r 000000000000 -r f405871d0603 Makefile --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/Makefile Tue Feb 01 13:45:16 2011 +0100 @@ -0,0 +1,26 @@ +SCRIPTS = check_client_cert +CLEANFILES = ${SCRIPTS} +DESTDIR = +prefix = /usr + +plugindir = ${prefix}/lib/nagios/plugins/ius + +.PHONY: all clean install + +all: ${SCRIPTS} + +clean: + -rm -f ${CLEANFILES} + +install: all + install -d -m 0755 ${DESTDIR}/${plugindir} + install -m 0755 $(SCRIPTS) ${DESTDIR}/${plugindir}/ + +%: %.pl + @perl -c $< + @cp -f $< $@ + @chmod +x $@ + +%:%.sh + @cp -f $< $@ + @chmod +x $@ diff -r 000000000000 -r f405871d0603 check_client_cert.pl --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/check_client_cert.pl Tue Feb 01 13:45:16 2011 +0100 @@ -0,0 +1,217 @@ +#! /usr/bin/perl -w + +# Copyright (C) 2011 Christian Arnold +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +# Christian Arnold + +use 5.010; +use warnings; +use strict; +use if $ENV{DEBUG} => "Smart::Comments"; +use File::Basename; +use Pod::Usage; +use Getopt::Long; +use Date::Manip; + +my %ERRORS = ( + OK => 0, + WARNING => 1, + CRITICAL => 2, + UNKNOWN => 3, + DEPENDENT => 4 +); + +my $ME = basename $0; +my $VERSION = "0.1"; + +sub get_status($); +sub report($); + +my %opt = ( + file => "/root/CLIENT-CERTS/status.dat", + warning => "1month", + critical => "1week" +); + +MAIN: { + Getopt::Long::Configure('bundling'); + GetOptions( + "f|file=s" => \$opt{file}, + "w|warning=s" => \$opt{warning}, + "c|critical=s" => \$opt{critical}, + "h|help" => sub { pod2usage( -verbose => 1, -exitval => $ERRORS{OK} ) }, + "m|man" => sub { pod2usage( -verbose => 2, -exitval => $ERRORS{OK} ) }, + "V|version" => sub { version( $ME, $VERSION ); exit $ERRORS{OK}; } + ) or pod2usage( -verbose => 1, -exitval => $ERRORS{CRITICAL} ); + + ### %opt + + report( get_status( $opt{file} ) ); +} + +sub get_status($) { + my $file = shift; + my %certs = (); + my $w_time = DateCalc( "today", "+ $opt{warning}" ); + my $c_time = DateCalc( "today", "+ $opt{critical}" ); + my $rc = 0; + + open( FILE, $file ) + or do { + say "CERT CRITICAL: $file $!"; + exit $ERRORS{CRITICAL}; + }; + + while () { + next if /^#/; + next if /^\s+$/; + my ( $client, $date ) = split( /;/, $_ ); + my $pdate = ParseDate($date); + chomp($date); + &Date_Cmp( $pdate, $w_time ) < 0 and $rc = 1; + &Date_Cmp( $pdate, $c_time ) < 0 and $rc = 2; + if ( $rc == 0 ) { + push( @{ $certs{$client} }, $date, "OK" ); + } + elsif ( $rc == 1 ) { + push( @{ $certs{$client} }, $date, "WARNING" ); + $rc = 0; + } + else { + push( @{ $certs{$client} }, $date, "CRITICAL" ); + $rc = 0; + } + } + close(FILE); + + ### %certs + + return \%certs; +} + +sub report($) { + my $certs = shift; + my ( @ok, @warning, @critical ) = (); + + foreach ( sort keys %$certs ) { + if ( $certs->{$_}[1] eq "WARNING" ) { + push( @warning, "$_ client certificate expires $certs->{$_}[0]" ); + } + elsif ( $certs->{$_}[1] eq "CRITICAL" ) { + push( @critical, "$_ client certificate expires $certs->{$_}[0]" ); + } + else { + push( @ok, "$_ client certificate expires $certs->{$_}[0]" ); + } + } + + ### @critical + ### @warning + ### @ok + + if (@critical) { + say "CERT CRITICAL: " . join( " ", @critical ); + exit $ERRORS{"CRITICAL"}; + } + elsif (@warning) { + say "CERT WARNING: " . join( " ", @warning ); + exit $ERRORS{"WARNING"}; + } + else { + say "CERT OK: " . join( " ", @ok ); + exit $ERRORS{"OK"}; + } +} + +__END__ + +=head1 NAME + +check_client_cert - nagios plugin to check ssl client certificate expire date + +=head1 SYNOPSIS + +check_client_cert -f|--file path + [-w|--warning string] + [-c|--critical string] + + check_client_cert [-h|--help] + check_client_cert [-m|--man] + check_client_cert [-v|--version] + +=head1 OPTIONS + +=over + +=item B<-f>|B<--file> I + +File with client certificate status informations. +A I<#> character at the beginning of a line is a comment. For file syntax, see I. +Multiple lines are supported. (default: I) + +=item B<-w>|B<--warning> I + +Time before change to warning status. (default: I<1month>) + +=item B<-c>|B<--critical> I + +Time before change to critical status. (default: I<1week>) + +=item B<-h>|B<--help> + +Print detailed help screen. + +=item B<-m>|B<--man> + +Print manual page. + +=item B<-V>|B<--version> + +Print version information. + +=back + +=head1 DESCRIPTION + +This plugin check ssl client certificate expire date. B + +=head1 EXAMPLES + +=over + +=item B + + host1.foo.bar;Feb 01 16:32:00 2010 + host2.foo.bar;Feb 10 14:12:00 2011 + host3.foo.bar;Feb 20 23:45:00 2009 + +=back + +=head1 VERSION + +This man page is current for version 0.1 of check_client_cert. + +=head1 AUTHOR + +Written by Christian Arnold L + +=head1 COPYRIGHT + +Copyright (C) 2011 by Christian Arnold and Schlittermann internet & unix support. +This is free software, and you are welcome to redistribute it under certain conditions. +See the GNU General Public Licence for details. + +=cut