首页 开源 资讯 活动 开源许可证
软件工程云服务
软件代码质量检测云服务 持续集成与部署云服务 社区个性化内容推荐服务 贡献审阅人推荐服务 群体化学习服务 重睛鸟代码扫描工具
Watch 1 Star 0 Fork 0

smartos-club/smartos-munin-plugins

代码 Issues 0 Pull Requests 0 Wiki 0 统计
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
文件
该仓库未声明开源许可证文件(LICENSE),使用请关注具体项目描述及其代码上游依赖。
项目仓库所选许可证以仓库主分支所使用许可证为准
克隆/下载
cert_expire 2.79 KB
一键复制 编辑 原始数据 按行查看 历史
Thomas Merkel 提交于 2019-09-04 20:07 . Add dh.pem to the cert_expire ignore list
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566
#!/usr/bin/env ksh93

# Thomas Merkel <tm@core.io>

# This script provides the option to check all installed certificates on an operating system

# with munin. It's build to run on SmartOS zones and somehow also build for Let's Encrypt.



# PATH to have gnutools installed

PATH=/opt/local/bin:${PATH}



# Default location to look for certificates (*.pem, *.crt)

crt_locations=${crt_locations-'/opt/local/etc'}



# Ignore some system CAs and special files which are no certificate files

crt_ignores="mozilla-rootcert-.* privkey.* .*-certbot.pem fullchain.pem chain.pem dh.pem"



# Ignore Let's Encrypt archive folder because we only check live files

crt_locations_ignores="/opt/local/etc/letsencrypt/archive"



# Now

today_unixtime=$(printf "%(%s)T")



# Munin config output

if [[ "${1}" == "config" ]]; then

        echo 'graph_title TLS certificate Expire'

        echo 'graph_category security'

        echo 'graph_vlabel days left'

        echo 'graph_info This graph show the days left for the certificates installed on the system'

        echo 'graph_period hour'

        echo 'update_rate 43200'

fi



# Lookup

for location in ${crt_locations}; do

        [ ! -d "${location}" ] && continue

        crts=$(find -L ${location} -type f -iname "*.pem" -o -iname "*.crt")



        # Loop through all *.pem and *.crt files

        for crt in ${crts}; do

                # Ignore certs and ignore locations

                for crt_ignore in ${crt_ignores}; do

                        [[ $(basename ${crt}) =~ ${crt_ignore} ]] && continue 2

                done

                for crt_locations_ignore in ${crt_locations_ignores}; do

                        [[ $(dirname ${crt}) =~ ${crt_locations_ignore} ]] && continue 2

                done



                # OpenSSL receive information from certificate file

                x509=$(openssl x509 -in ${crt} -noout -nameopt RFC2253 -subject -enddate -hash)

                # Parse certificate to receive CommonName

                x509_subject=$(echo ${x509} | gsed 's/.*CN=\([^\ |,]*\).*/\1/')

                # Receive expire unixtime

                expire_unixtime=$(printf "%(%s)T" "$(echo ${x509} | gsed -n 's/.*notAfter=\([^,]*\)\ .*/\1/p')")

                # Require minimal hash for munin output for all values

                x509_hash=$(echo ${x509} | awk -F' ' '{ print $NF }')



                # Additional config output for Munin

                if [[ "${1}" == "config" ]]; then

                        echo "${x509_hash}.label ${x509_subject}"

                        echo "${x509_hash}.info ${crt}"

                        echo "${x509_hash}.critical 7:"

                        echo "${x509_hash}.warning 10:"

                fi



                # Munin value output with expire in days

                echo ${x509_hash}.value $(( (expire_unixtime - today_unixtime) / 86400 ))

        done

done
Loading...
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化