You've already forked nrpe
add ssl discover check
This commit is contained in:
Ludovic Cartier
@@ -0,0 +1,73 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Default thresholds (in days)
|
||||
WARN_DAYS=30
|
||||
CRIT_DAYS=15
|
||||
|
||||
# Nagios Exit Codes
|
||||
STATE_OK=0
|
||||
STATE_WARNING=1
|
||||
STATE_CRITICAL=2
|
||||
STATE_UNKNOWN=3
|
||||
|
||||
usage() {
|
||||
echo "Usage: $0 -p <path1,path2> [-w <warn_days>] [-c <crit_days>]"
|
||||
exit $STATE_UNKNOWN
|
||||
}
|
||||
|
||||
# Parse arguments
|
||||
while getopts "p:w:c:" opt; do
|
||||
case $opt in
|
||||
p) IFS=',' read -ra PATHS <<< "$OPTARG" ;;
|
||||
w) WARN_DAYS=$OPTARG ;;
|
||||
c) CRIT_DAYS=$OPTARG ;;
|
||||
*) usage ;;
|
||||
esac
|
||||
done
|
||||
|
||||
if [[ -z "${PATHS[*]}" ]]; then usage; fi
|
||||
|
||||
# Variables to track overall status
|
||||
final_status=$STATE_OK
|
||||
output_msg=""
|
||||
|
||||
for search_path in "${PATHS[@]}"; do
|
||||
if [[ ! -d "$search_path" ]]; then
|
||||
output_msg+="Path $search_path not found; "
|
||||
final_status=$STATE_UNKNOWN
|
||||
continue
|
||||
fi
|
||||
|
||||
# Find common cert extensions
|
||||
certs=$(find "$search_path" -type f \( -name "*.crt" -o -name "*.pem" \))
|
||||
|
||||
for cert in $certs; do
|
||||
# Extract expiration date using openssl
|
||||
expiry_date=$(openssl x509 -enddate -noout -in "$cert" 2>/dev/null | cut -d= -f2)
|
||||
|
||||
if [[ -z "$expiry_date" ]]; then continue; fi
|
||||
|
||||
# Convert dates to seconds for comparison
|
||||
expiry_epoch=$(date -d "$expiry_date" +%s)
|
||||
now_epoch=$(date +%s)
|
||||
expiry_diff=$(( (expiry_epoch - now_epoch) / 86400 ))
|
||||
|
||||
# Logic for Nagios status
|
||||
if [[ $expiry_diff -le $CRIT_DAYS ]]; then
|
||||
output_msg+="$(basename "$cert") EXPIRES IN $expiry_diff DAYS; "
|
||||
final_status=$STATE_CRITICAL
|
||||
elif [[ $expiry_diff -le $WARN_DAYS ]]; then
|
||||
output_msg+="$(basename "$cert") expires in $expiry_diff days; "
|
||||
[[ $final_status -lt $STATE_WARNING ]] && final_status=$STATE_WARNING
|
||||
fi
|
||||
done
|
||||
done
|
||||
|
||||
# Final Output
|
||||
if [[ $final_status -eq $STATE_OK ]]; then
|
||||
echo "OK: All certificates are valid for more than $WARN_DAYS days."
|
||||
else
|
||||
echo "STATUS: $output_msg"
|
||||
fi
|
||||
|
||||
exit $final_status
|
||||
Reference in New Issue
Block a user