--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/.perltidy Tue Feb 01 13:45:16 2011 +0100
@@ -0,0 +1,2 @@
+--paren-tightness=2
+--square-bracket-tightness=2
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/Makefile Tue Feb 01 13:45:16 2011 +0100
@@ -0,0 +1,26 @@
+SCRIPTS = check_client_cert
+CLEANFILES = ${SCRIPTS}
+DESTDIR =
+prefix = /usr
+
+plugindir = ${prefix}/lib/nagios/plugins/ius
+
+.PHONY: all clean install
+
+all: ${SCRIPTS}
+
+clean:
+ -rm -f ${CLEANFILES}
+
+install: all
+ install -d -m 0755 ${DESTDIR}/${plugindir}
+ install -m 0755 $(SCRIPTS) ${DESTDIR}/${plugindir}/
+
+%: %.pl
+ @perl -c $<
+ @cp -f $< $@
+ @chmod +x $@
+
+%:%.sh
+ @cp -f $< $@
+ @chmod +x $@
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/check_client_cert.pl Tue Feb 01 13:45:16 2011 +0100
@@ -0,0 +1,217 @@
+#! /usr/bin/perl -w
+
+# Copyright (C) 2011 Christian Arnold
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+# Christian Arnold <arnold@schlittermann.de>
+
+use 5.010;
+use warnings;
+use strict;
+use if $ENV{DEBUG} => "Smart::Comments";
+use File::Basename;
+use Pod::Usage;
+use Getopt::Long;
+use Date::Manip;
+
+my %ERRORS = (
+ OK => 0,
+ WARNING => 1,
+ CRITICAL => 2,
+ UNKNOWN => 3,
+ DEPENDENT => 4
+);
+
+my $ME = basename $0;
+my $VERSION = "0.1";
+
+sub get_status($);
+sub report($);
+
+my %opt = (
+ file => "/root/CLIENT-CERTS/status.dat",
+ warning => "1month",
+ critical => "1week"
+);
+
+MAIN: {
+ Getopt::Long::Configure('bundling');
+ GetOptions(
+ "f|file=s" => \$opt{file},
+ "w|warning=s" => \$opt{warning},
+ "c|critical=s" => \$opt{critical},
+ "h|help" => sub { pod2usage( -verbose => 1, -exitval => $ERRORS{OK} ) },
+ "m|man" => sub { pod2usage( -verbose => 2, -exitval => $ERRORS{OK} ) },
+ "V|version" => sub { version( $ME, $VERSION ); exit $ERRORS{OK}; }
+ ) or pod2usage( -verbose => 1, -exitval => $ERRORS{CRITICAL} );
+
+ ### %opt
+
+ report( get_status( $opt{file} ) );
+}
+
+sub get_status($) {
+ my $file = shift;
+ my %certs = ();
+ my $w_time = DateCalc( "today", "+ $opt{warning}" );
+ my $c_time = DateCalc( "today", "+ $opt{critical}" );
+ my $rc = 0;
+
+ open( FILE, $file )
+ or do {
+ say "CERT CRITICAL: $file $!";
+ exit $ERRORS{CRITICAL};
+ };
+
+ while (<FILE>) {
+ next if /^#/;
+ next if /^\s+$/;
+ my ( $client, $date ) = split( /;/, $_ );
+ my $pdate = ParseDate($date);
+ chomp($date);
+ &Date_Cmp( $pdate, $w_time ) < 0 and $rc = 1;
+ &Date_Cmp( $pdate, $c_time ) < 0 and $rc = 2;
+ if ( $rc == 0 ) {
+ push( @{ $certs{$client} }, $date, "OK" );
+ }
+ elsif ( $rc == 1 ) {
+ push( @{ $certs{$client} }, $date, "WARNING" );
+ $rc = 0;
+ }
+ else {
+ push( @{ $certs{$client} }, $date, "CRITICAL" );
+ $rc = 0;
+ }
+ }
+ close(FILE);
+
+ ### %certs
+
+ return \%certs;
+}
+
+sub report($) {
+ my $certs = shift;
+ my ( @ok, @warning, @critical ) = ();
+
+ foreach ( sort keys %$certs ) {
+ if ( $certs->{$_}[1] eq "WARNING" ) {
+ push( @warning, "$_ client certificate expires $certs->{$_}[0]" );
+ }
+ elsif ( $certs->{$_}[1] eq "CRITICAL" ) {
+ push( @critical, "$_ client certificate expires $certs->{$_}[0]" );
+ }
+ else {
+ push( @ok, "$_ client certificate expires $certs->{$_}[0]" );
+ }
+ }
+
+ ### @critical
+ ### @warning
+ ### @ok
+
+ if (@critical) {
+ say "CERT CRITICAL: " . join( " ", @critical );
+ exit $ERRORS{"CRITICAL"};
+ }
+ elsif (@warning) {
+ say "CERT WARNING: " . join( " ", @warning );
+ exit $ERRORS{"WARNING"};
+ }
+ else {
+ say "CERT OK: " . join( " ", @ok );
+ exit $ERRORS{"OK"};
+ }
+}
+
+__END__
+
+=head1 NAME
+
+check_client_cert - nagios plugin to check ssl client certificate expire date
+
+=head1 SYNOPSIS
+
+check_client_cert -f|--file path
+ [-w|--warning string]
+ [-c|--critical string]
+
+ check_client_cert [-h|--help]
+ check_client_cert [-m|--man]
+ check_client_cert [-v|--version]
+
+=head1 OPTIONS
+
+=over
+
+=item B<-f>|B<--file> I<path>
+
+File with client certificate status informations.
+A I<#> character at the beginning of a line is a comment. For file syntax, see I<EXAMPLES>.
+Multiple lines are supported. (default: I</root/CLIENT-CERTS/status.dat>)
+
+=item B<-w>|B<--warning> I<string>
+
+Time before change to warning status. (default: I<1month>)
+
+=item B<-c>|B<--critical> I<string>
+
+Time before change to critical status. (default: I<1week>)
+
+=item B<-h>|B<--help>
+
+Print detailed help screen.
+
+=item B<-m>|B<--man>
+
+Print manual page.
+
+=item B<-V>|B<--version>
+
+Print version information.
+
+=back
+
+=head1 DESCRIPTION
+
+This plugin check ssl client certificate expire date. B<This status information must be entered manually in the status file.>
+
+=head1 EXAMPLES
+
+=over
+
+=item B<content of status information file>
+
+ host1.foo.bar;Feb 01 16:32:00 2010
+ host2.foo.bar;Feb 10 14:12:00 2011
+ host3.foo.bar;Feb 20 23:45:00 2009
+
+=back
+
+=head1 VERSION
+
+This man page is current for version 0.1 of check_client_cert.
+
+=head1 AUTHOR
+
+Written by Christian Arnold L<arnold@schlittermann.de>
+
+=head1 COPYRIGHT
+
+Copyright (C) 2011 by Christian Arnold and Schlittermann internet & unix support.
+This is free software, and you are welcome to redistribute it under certain conditions.
+See the GNU General Public Licence for details.
+
+=cut