You've already forked nrpe
add ssl discover check
This commit is contained in:
Ludovic Cartier
@@ -0,0 +1,73 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Default thresholds (in days)
|
||||||
|
WARN_DAYS=30
|
||||||
|
CRIT_DAYS=15
|
||||||
|
|
||||||
|
# Nagios Exit Codes
|
||||||
|
STATE_OK=0
|
||||||
|
STATE_WARNING=1
|
||||||
|
STATE_CRITICAL=2
|
||||||
|
STATE_UNKNOWN=3
|
||||||
|
|
||||||
|
usage() {
|
||||||
|
echo "Usage: $0 -p <path1,path2> [-w <warn_days>] [-c <crit_days>]"
|
||||||
|
exit $STATE_UNKNOWN
|
||||||
|
}
|
||||||
|
|
||||||
|
# Parse arguments
|
||||||
|
while getopts "p:w:c:" opt; do
|
||||||
|
case $opt in
|
||||||
|
p) IFS=',' read -ra PATHS <<< "$OPTARG" ;;
|
||||||
|
w) WARN_DAYS=$OPTARG ;;
|
||||||
|
c) CRIT_DAYS=$OPTARG ;;
|
||||||
|
*) usage ;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
|
||||||
|
if [[ -z "${PATHS[*]}" ]]; then usage; fi
|
||||||
|
|
||||||
|
# Variables to track overall status
|
||||||
|
final_status=$STATE_OK
|
||||||
|
output_msg=""
|
||||||
|
|
||||||
|
for search_path in "${PATHS[@]}"; do
|
||||||
|
if [[ ! -d "$search_path" ]]; then
|
||||||
|
output_msg+="Path $search_path not found; "
|
||||||
|
final_status=$STATE_UNKNOWN
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Find common cert extensions
|
||||||
|
certs=$(find "$search_path" -type f \( -name "*.crt" -o -name "*.pem" \))
|
||||||
|
|
||||||
|
for cert in $certs; do
|
||||||
|
# Extract expiration date using openssl
|
||||||
|
expiry_date=$(openssl x509 -enddate -noout -in "$cert" 2>/dev/null | cut -d= -f2)
|
||||||
|
|
||||||
|
if [[ -z "$expiry_date" ]]; then continue; fi
|
||||||
|
|
||||||
|
# Convert dates to seconds for comparison
|
||||||
|
expiry_epoch=$(date -d "$expiry_date" +%s)
|
||||||
|
now_epoch=$(date +%s)
|
||||||
|
expiry_diff=$(( (expiry_epoch - now_epoch) / 86400 ))
|
||||||
|
|
||||||
|
# Logic for Nagios status
|
||||||
|
if [[ $expiry_diff -le $CRIT_DAYS ]]; then
|
||||||
|
output_msg+="$(basename "$cert") EXPIRES IN $expiry_diff DAYS; "
|
||||||
|
final_status=$STATE_CRITICAL
|
||||||
|
elif [[ $expiry_diff -le $WARN_DAYS ]]; then
|
||||||
|
output_msg+="$(basename "$cert") expires in $expiry_diff days; "
|
||||||
|
[[ $final_status -lt $STATE_WARNING ]] && final_status=$STATE_WARNING
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
done
|
||||||
|
|
||||||
|
# Final Output
|
||||||
|
if [[ $final_status -eq $STATE_OK ]]; then
|
||||||
|
echo "OK: All certificates are valid for more than $WARN_DAYS days."
|
||||||
|
else
|
||||||
|
echo "STATUS: $output_msg"
|
||||||
|
fi
|
||||||
|
|
||||||
|
exit $final_status
|
||||||
Reference in New Issue
Block a user