Add first release of plugin

2017-11-21 15:16:51 +01:00 · 2017-11-21 15:16:51 +01:00 · 6b26e90788
commit 6b26e90788
parent 387cfdd44d
1 changed files with 135 additions and 0 deletions
--- a/135
+++ b/135
@ -0,0 +1,135 @@
 #!/bin/bash
 #
 # Icinga/Nagios plugin to check X509 SSL certificate expiration date
 # using OpenSSL.
 #
 #  Usage: check_ssl_cert_file [options]
 #
 # Copyright (c) 2017 Benjamin Renard <brenard@easter-eggs.com>
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License version 3
 # as published by the Free Software Foundation.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 #
 DEBUG=0
 FILE=""
 WARN_LIMIT_DAYS=5
 CRIT_LIMIT_DAYS=3
 function usage() {
 	echo "Usage : $0 [cert file path]
 	-f [file]	Specify certificate file path
 	-w [integer]	Specify warning days limit
 	-c [integer]	Specify critial days limit
 	-d		Enable debug mode
 	-h		Show this message"
 }
 function check_int() {
 	echo "$1"|grep -c '^[0-9]\+$'
 }
 while getopts "f:w:c:dh-:" OPTION
 do
        case "$OPTION" in
                w)
                        WARN_LIMIT_DAYS="${OPTARG}"
 			[ $( check_int "$WARN_LIMIT_DAYS" ) -ne 1 ] && echo "UNKNOWN : Invalid -w parameter" && exit 3
                ;;
                c)
                        CRIT_LIMIT_DAYS="${OPTARG}"
 			[ $( check_int "$CRIT_LIMIT_DAYS" ) -ne 1 ] && echo "UNKNOWN : Invalid -c parameter" && exit 3
                ;;
                f)
                        FILE="${OPTARG}"
 			[ ! -e "$FILE" ] && echo "UNKNOWN : Invalid cert file path" && exit 3
                ;;
                d)
                        DEBUG=1
                ;;
                h)
                        usage
                        exit 0
                ;;
                *)
                        echo "Invalid parameter -$OPTION"
                        echo
                        usage
                        exit 1
                ;;
        esac
 done
 [ -z "$FILE" ] && usage && exit 3
 let WARN_LIMIT=24*3600*WARN_LIMIT_DAYS
 let CRIT_LIMIT=24*3600*CRIT_LIMIT_DAYS
 OSSL_OUT=$( openssl x509 -text -noout -in "$FILE" 2> /dev/null )
 if [ $? -ne 0 ]
 then
 	echo "UNKNOWN : Fail to read certificate file with openssl"
 	exit 3
 fi
 [ $DEBUG -eq 1 ] && echo -e "OpenSSL output : $OSSL_OUT"
 NOT_AFTER=$( echo -e "$OSSL_OUT"| grep 'Not After : '|sed 's/^.*Not After : //' )
 if [ -z "$NOT_AFTER" ]
 then
 	echo "UNKNOWN : Fail to detect expiration date in OpenSSL output"
 	exit 3
 fi
 [ $DEBUG -eq 1 ] && echo -e "Expiration date : $NOT_AFTER"
 NOT_AFTER_TIME=$( date +%s -d "$NOT_AFTER" )
 if [ $? -ne 0 ]
 then
 	echo "UNKNOWN : Fail to convert expiration date to timestamp"
 	echo "Expiration date : $NOT_AFTER"
 	exit 3
 fi
 [ $DEBUG -eq 1 ] && echo -e "Expiration timestamp : $NOT_AFTER_TIME"
 CUR_TIME=$( date +%s )
 [ $DEBUG -eq 1 ] && echo -e "Current timestamp : $CUR_TIME"
 if [ $CUR_TIME -ge $NOT_AFTER_TIME ]
 then
 	echo "CRITICAL : Certificate file expiry since $NOT_AFTER"
 	exit 2
 fi
 let DIFF=NOT_AFTER_TIME-CUR_TIME
 [ $DEBUG -eq 1 ] && echo -e "Diff time in seconds : $DIFF\nCritical/Warning limits : $CRIT_LIMIT / $WARN_LIMIT"
 if [ $DIFF -le $CRIT_LIMIT ]
 then
 	echo "CRITICAL : Certificate file expiry in less than $CRIT_LIMIT_DAYS day(s)"
 	echo "Expiration date : $NOT_AFTER"
 	exit 2
 elif [ $DIFF -le $WARN_LIMIT ]
 then
 	echo "WARNING : Certificate file expiry in less than $WARN_LIMIT_DAYS day(s)"
 	echo "Expiration date : $NOT_AFTER"
 	exit 1
 else
 	echo "OK : Certificate file expiry on $NOT_AFTER"
 	exit 0
 fi