Daniel Berteaud
13 years ago
parent
903736c78f
commit
72eb1cb416
2 changed files with 0 additions and 155 deletions
@ -1,13 +0,0 @@ |
||||
# Certificate expiration |
||||
|
||||
# Description: Remaining days |
||||
# Type: Agent or Agent (active) |
||||
# Key: crt.expire[<port>] |
||||
# Type of information: Numeric (integer 64bit) |
||||
# Units: days |
||||
# Use multiplier: No |
||||
# Update interval: 86400 |
||||
# Store Value: As is |
||||
# Show Value: As is |
||||
|
||||
UserParameter=crt.expire[*],/var/lib/zabbix/bin/cert_expire.pl -p $1 |
||||
@ -1,142 +0,0 @@ |
||||
#!/usr/bin/perl -w |
||||
# Check peer certificate validity for Zabbix |
||||
# Require perl module : IO::Socket, Net::SSLeay, Date::Parse |
||||
# Require unix programs : openssl, echo, sendmail |
||||
# |
||||
# Based on sslexpire from Emmanuel Lacour <elacour@home-dn.net> |
||||
# |
||||
# This file is free software; you can redistribute it and/or modify it |
||||
# under the terms of the GNU General Public License as published by the |
||||
# Free Software Foundation; either version 2, or (at your option) any |
||||
# later version. |
||||
# |
||||
# This file is distributed in the hope that it will be |
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied warranty |
||||
# of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
||||
# General Public License for more details. |
||||
# |
||||
# You should have received a copy of the GNU General Public License |
||||
# along with this file; see the file COPYING. If not, write to the Free |
||||
# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA |
||||
# 02110-1301, USA. |
||||
# |
||||
|
||||
|
||||
use strict; |
||||
use IO::Socket; |
||||
use Net::SSLeay; |
||||
use Getopt::Long; |
||||
use Date::Parse; |
||||
|
||||
Net::SSLeay::SSLeay_add_ssl_algorithms(); |
||||
Net::SSLeay::randomize(); |
||||
|
||||
# Default values |
||||
my $opensslpath = "/usr/bin/openssl"; |
||||
|
||||
my $host = '127.0.0.1'; |
||||
my $port = '443'; |
||||
|
||||
my %opts; |
||||
GetOptions (\%opts, |
||||
'host|h=s', |
||||
'port|p=s', |
||||
'help', |
||||
); |
||||
|
||||
if ($opts{'host'}) { |
||||
$host = $opts{'host'}; |
||||
} |
||||
if ($opts{'port'}){ |
||||
$port = $opts{'port'}; |
||||
} |
||||
|
||||
if ($opts{'help'}) { |
||||
&usage; |
||||
} |
||||
|
||||
# Print program usage |
||||
sub usage { |
||||
print "Usage: sslexpire [OPTION]... |
||||
-h, --host=HOST check this host |
||||
-p, --port=TCPPORT check this port on the previous host |
||||
--help print this help, then exit |
||||
"; |
||||
exit; |
||||
} |
||||
|
||||
|
||||
# This will return the expiration date |
||||
sub getExpire { |
||||
|
||||
my ($l_host,$l_port) = @_; |
||||
my ($l_expdate,$l_comment); |
||||
|
||||
# Connect to $l_host:$l_port |
||||
my $socket = IO::Socket::INET->new( |
||||
Proto => "tcp", |
||||
PeerAddr => $l_host, |
||||
PeerPort => $l_port |
||||
); |
||||
# If we connected successfully |
||||
if ($socket) { |
||||
# Intiate ssl |
||||
my $l_ctx = Net::SSLeay::CTX_new(); |
||||
my $l_ssl = Net::SSLeay::new($l_ctx); |
||||
|
||||
Net::SSLeay::set_fd($l_ssl, fileno($socket)); |
||||
my $res = Net::SSLeay::connect($l_ssl); |
||||
|
||||
# Get peer certificate |
||||
my $l_x509 = Net::SSLeay::get_peer_certificate($l_ssl); |
||||
if ($l_x509) { |
||||
my $l_string = Net::SSLeay::PEM_get_string_X509($l_x509); |
||||
# Get the expiration date, using openssl |
||||
$l_expdate = `echo "$l_string" | $opensslpath x509 -enddate -noout 2>&1`; |
||||
$l_expdate =~ s/.*=//; |
||||
chomp($l_expdate); |
||||
} |
||||
else { |
||||
$l_expdate = 1; |
||||
} |
||||
|
||||
# Close and cleanup |
||||
Net::SSLeay::free($l_ssl); |
||||
Net::SSLeay::CTX_free($l_ctx); |
||||
close $socket; |
||||
} |
||||
else { |
||||
$l_expdate = 1; |
||||
} |
||||
return $l_expdate; |
||||
} |
||||
|
||||
|
||||
# Print remaining days before expiration |
||||
sub report { |
||||
# Convert date into epoch using date command |
||||
my ($l_expdate) = @_; |
||||
|
||||
if ($l_expdate ne "1") { |
||||
# The current date |
||||
my $l_today = time; |
||||
my $l_epochdate = str2time($l_expdate); |
||||
|
||||
# Calculate diff between expiration date and today |
||||
my $l_diff = ($l_epochdate - $l_today)/(3600*24); |
||||
|
||||
# Report if needed |
||||
printf "%.0f\n", $l_diff; |
||||
} |
||||
else { |
||||
print "Unable to read certificate!\n"; |
||||
exit (1); |
||||
} |
||||
} |
||||
|
||||
# Get expiration date |
||||
my $expdate = getExpire($host,$port); |
||||
|
||||
# Report |
||||
report("$expdate"); |
||||
|
||||
Loading…
Reference in new issue