Add first release of plugin

check_ssl_cert_file

@@ -0,0 +1,135 @@
+#!/bin/bash
+#
+# Icinga/Nagios plugin to check X509 SSL certificate expiration date
+# using OpenSSL.
+#
+#  Usage: check_ssl_cert_file [options]
+#
+# Copyright (c) 2017 Benjamin Renard <brenard@easter-eggs.com>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License version 3
+# as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+
+DEBUG=0
+FILE=""
+WARN_LIMIT_DAYS=5
+CRIT_LIMIT_DAYS=3
+
+function usage() {
+	echo "Usage : $0 [cert file path]
+	-f [file]	Specify certificate file path
+	-w [integer]	Specify warning days limit
+	-c [integer]	Specify critial days limit
+	-d		Enable debug mode
+	-h		Show this message"
+}
+
+function check_int() {
+	echo "$1"|grep -c '^[0-9]\+$'
+}
+
+while getopts "f:w:c:dh-:" OPTION
+do
+        case "$OPTION" in
+                w)
+                        WARN_LIMIT_DAYS="${OPTARG}"
+			[ $( check_int "$WARN_LIMIT_DAYS" ) -ne 1 ] && echo "UNKNOWN : Invalid -w parameter" && exit 3
+                ;;
+                c)
+                        CRIT_LIMIT_DAYS="${OPTARG}"
+			[ $( check_int "$CRIT_LIMIT_DAYS" ) -ne 1 ] && echo "UNKNOWN : Invalid -c parameter" && exit 3
+                ;;
+                f)
+                        FILE="${OPTARG}"
+			[ ! -e "$FILE" ] && echo "UNKNOWN : Invalid cert file path" && exit 3
+                ;;
+                d)
+                        DEBUG=1
+                ;;
+                h)
+                        usage
+                        exit 0
+                ;;
+                *)
+                        echo "Invalid parameter -$OPTION"
+                        echo
+                        usage
+                        exit 1
+                ;;
+        esac
+done
+
+[ -z "$FILE" ] && usage && exit 3
+
+let WARN_LIMIT=24*3600*WARN_LIMIT_DAYS
+let CRIT_LIMIT=24*3600*CRIT_LIMIT_DAYS
+
+
+OSSL_OUT=$( openssl x509 -text -noout -in "$FILE" 2> /dev/null )
+
+if [ $? -ne 0 ]
+then
+	echo "UNKNOWN : Fail to read certificate file with openssl"
+	exit 3
+fi
+
+[ $DEBUG -eq 1 ] && echo -e "OpenSSL output : $OSSL_OUT"
+
+NOT_AFTER=$( echo -e "$OSSL_OUT"| grep 'Not After : '|sed 's/^.*Not After : //' )
+if [ -z "$NOT_AFTER" ]
+then
+	echo "UNKNOWN : Fail to detect expiration date in OpenSSL output"
+	exit 3
+fi
+
+[ $DEBUG -eq 1 ] && echo -e "Expiration date : $NOT_AFTER"
+
+NOT_AFTER_TIME=$( date +%s -d "$NOT_AFTER" )
+if [ $? -ne 0 ]
+then
+	echo "UNKNOWN : Fail to convert expiration date to timestamp"
+	echo "Expiration date : $NOT_AFTER"
+	exit 3
+fi
+
+[ $DEBUG -eq 1 ] && echo -e "Expiration timestamp : $NOT_AFTER_TIME"
+
+CUR_TIME=$( date +%s )
+
+[ $DEBUG -eq 1 ] && echo -e "Current timestamp : $CUR_TIME"
+
+if [ $CUR_TIME -ge $NOT_AFTER_TIME ]
+then
+	echo "CRITICAL : Certificate file expiry since $NOT_AFTER"
+	exit 2
+fi
+
+let DIFF=NOT_AFTER_TIME-CUR_TIME
+
+[ $DEBUG -eq 1 ] && echo -e "Diff time in seconds : $DIFF\nCritical/Warning limits : $CRIT_LIMIT / $WARN_LIMIT"
+
+if [ $DIFF -le $CRIT_LIMIT ]
+then
+	echo "CRITICAL : Certificate file expiry in less than $CRIT_LIMIT_DAYS day(s)"
+	echo "Expiration date : $NOT_AFTER"
+	exit 2
+elif [ $DIFF -le $WARN_LIMIT ]
+then
+	echo "WARNING : Certificate file expiry in less than $WARN_LIMIT_DAYS day(s)"
+	echo "Expiration date : $NOT_AFTER"
+	exit 1
+else
+	echo "OK : Certificate file expiry on $NOT_AFTER"
+	exit 0
+fi