4 # http://search.cpan.org/~nierlein/Monitoring-Plugin-0.39/lib/Monitoring/Plugin.pm

     4 # http://search.cpan.org/~nierlein/Monitoring-Plugin-0.39/lib/Monitoring/Plugin.pm

     5 # http://perldoc.perl.org/File/Basename.html

     5 # http://perldoc.perl.org/File/Basename.html

     6 # needs debian packet: libmonitoring-plugin-perl

     6 # needs debian packet: libmonitoring-plugin-perl

     7 #TLSA Record generieren

     7 #TLSA Record generieren

     8 # openssl x509 -in <servername>.crt -outform DER | openssl sha256

     8 # openssl x509 -in <servername>.crt -outform DER | openssl sha256

    10 # sowie md2 md5 rmd160 (wobei ich diese nicht in betracht ziehe)

    10 # sowie md2 md5 rmd160 (wobei ich diese nicht in betracht ziehe)

    11 # ssl certifikat von einem remote server anfordern

    11 # ssl certifikat von einem remote server anfordern

    12 # openssl s_client -showcerts -connect ssl.schlittermann.de:443 < /dev/null

    12 # openssl s_client -showcerts -connect ssl.schlittermann.de:443 < /dev/null

    13 # https://github.com/monitoring-plugins

    13 # https://github.com/monitoring-plugins

    14 # https://github.com/monitoring-plugins/monitoring-plugin-perl/blob/master/t/check_stuff.pl

    14 # https://github.com/monitoring-plugins/monitoring-plugin-perl/blob/master/t/check_stuff.pl

    16 #openssl s_client -starttls smtp -connect ssl.schlittermann.de:25 | openssl x509  -pubkey | openssl rsa -pubin -inform PEM -outform DER | openssl sha256

    16 #openssl s_client -starttls smtp -connect ssl.schlittermann.de:25 | openssl x509  -pubkey | openssl rsa -pubin -inform PEM -outform DER | openssl sha256

    17 #openssl s_client -starttls smtp -connect ssl.schlittermann.de:25 | openssl x509  -outform DER | openssl sha256

    17 #openssl s_client -starttls smtp -connect ssl.schlittermann.de:25 | openssl x509  -outform DER | openssl sha256

    18 

    18 

    19 use strict;

    19 use strict;

    20 use warnings;

    20 use warnings;

    24 

    26 

    25 #devel

    27 #devel

    26 use Data::Dumper;

    28 use Data::Dumper;

    27 

    29 

    28 use constant LF => "\n";

    30 use constant LF => "\n";

   138   my $tlsa_usage      = substr($diganswer, 0, 1);

   140   my $tlsa_usage      = substr($diganswer, 0, 1);

   139   my $tlsa_selector   = substr($diganswer, 2, 1);

   141   my $tlsa_selector   = substr($diganswer, 2, 1);

   140   my $tlsa_match_type = substr($diganswer, 4, 1);

   142   my $tlsa_match_type = substr($diganswer, 4, 1);

   141   my $hashit;

   143   my $hashit;

   142 

   144 

   144     when('0') { die 'certs will be compared directly'}

   146     when('0') { die 'certs will be compared directly'}

   145     when('1') {$hashit = 'sha256'}

   147     when('1') {$hashit = 'sha256'}

   146     when('2') {$hashit = 'sha512'}

   148     when('2') {$hashit = 'sha512'}

   147     default {$hashit = 'sha256'}

   149     default {$hashit = 'sha256'}

   148   };

   150   };

   161   my $tlsa_record = qx($certtlsa) or die "nothing found!\n";

   163   my $tlsa_record = qx($certtlsa) or die "nothing found!\n";

   162   $tlsa_record =~ s/^.*= (.*$)/$1/gi;

   164   $tlsa_record =~ s/^.*= (.*$)/$1/gi;

   163   $tlsa_record = uc($tlsa_record);

   165   $tlsa_record = uc($tlsa_record);

   164 

   166 

   165    if (defined $expiry) {

   167    if (defined $expiry) {

   167    }

   169    }

   168 

   170 

   169   if ("$tlsa_record" eq "$dig") {

   171   if ("$tlsa_record" eq "$dig") {

   170     #$return = "TLSA record is $tlsa_record and valid";

   172     #$return = "TLSA record is $tlsa_record and valid";

   171     #funktioniert nich nicht optimal mit  hostliste

   173     #funktioniert nich nicht optimal mit  hostliste

   191       $domain = $+{domain};

   193       $domain = $+{domain};

   192       $port   = $+{port};

   194       $port   = $+{port};

   193       #print "nunu,file ok",LF,"port: $+{port}",LF,"domain: $+{domain}",LF;

   195       #print "nunu,file ok",LF,"port: $+{port}",LF,"domain: $+{domain}",LF;

   194       $domain2check{$domain} = $port;

   196       $domain2check{$domain} = $port;

   195 

   197 

   200       #print check_tlsa();

   202       #print check_tlsa();

   201     }

   203     }

   202     else {

   204     else {

   203        die "wrong content";

   205        die "wrong content";

   204      }

   206      }

   206       foreach my $key (%domain2check)

   208       foreach my $key (%domain2check)

   207       {

   209       {

   208         $domain = $key;

   210         $domain = $key;

   209         $port = $domain2check{$key};

   211         $port = $domain2check{$key};

   210         print $domain, ' ', $port,"\n";

   212         print $domain, ' ', $port,"\n";

   212 

   214 

   213         if ( "$port" =~ /^\s*$/) { $port = '443'; }

   215         if ( "$port" =~ /^\s*$/) { $port = '443'; }

   214         print $domain, ' ', $port,"\n";

   216         print $domain, ' ', $port,"\n";

   215 

   217 

   216            check_tlsa($domain,$port);

   218            check_tlsa($domain,$port);

   217       }

   219       }

   219   }

   221   }

   220 }

   222 }

   221 

   223 

   222 sub check_cert_expiry {

   224 sub check_cert_expiry {

   223   my $return = qx($check_date);

   225   my $return = qx($check_date);