Daniel Berteaud
13 years ago
parent
903736c78f
commit
72eb1cb416
2 changed files with 0 additions and 155 deletions
@ -1,13 +0,0 @@ |
|||||||
# Certificate expiration |
|
||||||
|
|
||||||
# Description: Remaining days |
|
||||||
# Type: Agent or Agent (active) |
|
||||||
# Key: crt.expire[<port>] |
|
||||||
# Type of information: Numeric (integer 64bit) |
|
||||||
# Units: days |
|
||||||
# Use multiplier: No |
|
||||||
# Update interval: 86400 |
|
||||||
# Store Value: As is |
|
||||||
# Show Value: As is |
|
||||||
|
|
||||||
UserParameter=crt.expire[*],/var/lib/zabbix/bin/cert_expire.pl -p $1 |
|
||||||
@ -1,142 +0,0 @@ |
|||||||
#!/usr/bin/perl -w |
|
||||||
# Check peer certificate validity for Zabbix |
|
||||||
# Require perl module : IO::Socket, Net::SSLeay, Date::Parse |
|
||||||
# Require unix programs : openssl, echo, sendmail |
|
||||||
# |
|
||||||
# Based on sslexpire from Emmanuel Lacour <elacour@home-dn.net> |
|
||||||
# |
|
||||||
# This file is free software; you can redistribute it and/or modify it |
|
||||||
# under the terms of the GNU General Public License as published by the |
|
||||||
# Free Software Foundation; either version 2, or (at your option) any |
|
||||||
# later version. |
|
||||||
# |
|
||||||
# This file is distributed in the hope that it will be |
|
||||||
# useful, but WITHOUT ANY WARRANTY; without even the implied warranty |
|
||||||
# of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
|
||||||
# General Public License for more details. |
|
||||||
# |
|
||||||
# You should have received a copy of the GNU General Public License |
|
||||||
# along with this file; see the file COPYING. If not, write to the Free |
|
||||||
# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA |
|
||||||
# 02110-1301, USA. |
|
||||||
# |
|
||||||
|
|
||||||
|
|
||||||
use strict; |
|
||||||
use IO::Socket; |
|
||||||
use Net::SSLeay; |
|
||||||
use Getopt::Long; |
|
||||||
use Date::Parse; |
|
||||||
|
|
||||||
Net::SSLeay::SSLeay_add_ssl_algorithms(); |
|
||||||
Net::SSLeay::randomize(); |
|
||||||
|
|
||||||
# Default values |
|
||||||
my $opensslpath = "/usr/bin/openssl"; |
|
||||||
|
|
||||||
my $host = '127.0.0.1'; |
|
||||||
my $port = '443'; |
|
||||||
|
|
||||||
my %opts; |
|
||||||
GetOptions (\%opts, |
|
||||||
'host|h=s', |
|
||||||
'port|p=s', |
|
||||||
'help', |
|
||||||
); |
|
||||||
|
|
||||||
if ($opts{'host'}) { |
|
||||||
$host = $opts{'host'}; |
|
||||||
} |
|
||||||
if ($opts{'port'}){ |
|
||||||
$port = $opts{'port'}; |
|
||||||
} |
|
||||||
|
|
||||||
if ($opts{'help'}) { |
|
||||||
&usage; |
|
||||||
} |
|
||||||
|
|
||||||
# Print program usage |
|
||||||
sub usage { |
|
||||||
print "Usage: sslexpire [OPTION]... |
|
||||||
-h, --host=HOST check this host |
|
||||||
-p, --port=TCPPORT check this port on the previous host |
|
||||||
--help print this help, then exit |
|
||||||
"; |
|
||||||
exit; |
|
||||||
} |
|
||||||
|
|
||||||
|
|
||||||
# This will return the expiration date |
|
||||||
sub getExpire { |
|
||||||
|
|
||||||
my ($l_host,$l_port) = @_; |
|
||||||
my ($l_expdate,$l_comment); |
|
||||||
|
|
||||||
# Connect to $l_host:$l_port |
|
||||||
my $socket = IO::Socket::INET->new( |
|
||||||
Proto => "tcp", |
|
||||||
PeerAddr => $l_host, |
|
||||||
PeerPort => $l_port |
|
||||||
); |
|
||||||
# If we connected successfully |
|
||||||
if ($socket) { |
|
||||||
# Intiate ssl |
|
||||||
my $l_ctx = Net::SSLeay::CTX_new(); |
|
||||||
my $l_ssl = Net::SSLeay::new($l_ctx); |
|
||||||
|
|
||||||
Net::SSLeay::set_fd($l_ssl, fileno($socket)); |
|
||||||
my $res = Net::SSLeay::connect($l_ssl); |
|
||||||
|
|
||||||
# Get peer certificate |
|
||||||
my $l_x509 = Net::SSLeay::get_peer_certificate($l_ssl); |
|
||||||
if ($l_x509) { |
|
||||||
my $l_string = Net::SSLeay::PEM_get_string_X509($l_x509); |
|
||||||
# Get the expiration date, using openssl |
|
||||||
$l_expdate = `echo "$l_string" | $opensslpath x509 -enddate -noout 2>&1`; |
|
||||||
$l_expdate =~ s/.*=//; |
|
||||||
chomp($l_expdate); |
|
||||||
} |
|
||||||
else { |
|
||||||
$l_expdate = 1; |
|
||||||
} |
|
||||||
|
|
||||||
# Close and cleanup |
|
||||||
Net::SSLeay::free($l_ssl); |
|
||||||
Net::SSLeay::CTX_free($l_ctx); |
|
||||||
close $socket; |
|
||||||
} |
|
||||||
else { |
|
||||||
$l_expdate = 1; |
|
||||||
} |
|
||||||
return $l_expdate; |
|
||||||
} |
|
||||||
|
|
||||||
|
|
||||||
# Print remaining days before expiration |
|
||||||
sub report { |
|
||||||
# Convert date into epoch using date command |
|
||||||
my ($l_expdate) = @_; |
|
||||||
|
|
||||||
if ($l_expdate ne "1") { |
|
||||||
# The current date |
|
||||||
my $l_today = time; |
|
||||||
my $l_epochdate = str2time($l_expdate); |
|
||||||
|
|
||||||
# Calculate diff between expiration date and today |
|
||||||
my $l_diff = ($l_epochdate - $l_today)/(3600*24); |
|
||||||
|
|
||||||
# Report if needed |
|
||||||
printf "%.0f\n", $l_diff; |
|
||||||
} |
|
||||||
else { |
|
||||||
print "Unable to read certificate!\n"; |
|
||||||
exit (1); |
|
||||||
} |
|
||||||
} |
|
||||||
|
|
||||||
# Get expiration date |
|
||||||
my $expdate = getExpire($host,$port); |
|
||||||
|
|
||||||
# Report |
|
||||||
report("$expdate"); |
|
||||||
|
|
||||||
Loading…
Reference in new issue