tags/zabbix-agent-addons-0.2.20-1
0.1.14_el5
Daniel Berteaud
11 years ago
parent
904138523b
commit
0bb8a01798
3 changed files with 0 additions and 95 deletions
@ -1,13 +0,0 @@ |
|||||||
# Discovery of certificates and their status |
|
||||||
# Key: pki.certs.discovery |
|
||||||
# Macro: |
|
||||||
# - {#CRTCN} : contains the common name |
|
||||||
# - {#CRTSERIAL} : the serial number |
|
||||||
# - {#CRTSTATUS} : the status, as a string (valid, revoked, expired) |
|
||||||
# Available arguments: |
|
||||||
# --index : path to the index file |
|
||||||
# --path : directory where certificatres are stored, certificates should be named $serial.pem (in PEM format) |
|
||||||
|
|
||||||
UserParameter=pki.certs.discovery,/usr/bin/sudo /var/lib/zabbix/bin/disco_certs_sudo --index=/opt/phpki/phpki-store/CA/index.txt --path=/opt/phpki/phpki-store/CA/newcerts/ |
|
||||||
UserParameter=pki.certs[*],/usr/bin/sudo /var/lib/zabbix/bin/check_certs_sudo --what=$1 --cert=$2 |
|
||||||
|
|
||||||
@ -1,33 +0,0 @@ |
|||||||
#!/usr/bin/perl -w |
|
||||||
|
|
||||||
# Check a PEM certificate |
|
||||||
# --what: what to monitor. Only expire is supported for now, and returns the number of day before expiration |
|
||||||
# --cert: the path to the certificate you want to check |
|
||||||
|
|
||||||
use strict; |
|
||||||
use warnings; |
|
||||||
use Crypt::OpenSSL::X509; |
|
||||||
use Date::Parse; |
|
||||||
use Getopt::Long; |
|
||||||
|
|
||||||
my $what = 'expire'; |
|
||||||
my $cert = ''; |
|
||||||
|
|
||||||
GetOptions( |
|
||||||
"cert=s" => \$cert, |
|
||||||
"what=s" => \$what |
|
||||||
); |
|
||||||
|
|
||||||
die "Usage: $0 --what=status --cert=/path/to/pem/certificate\n" unless |
|
||||||
(-f $cert); |
|
||||||
|
|
||||||
$cert = Crypt::OpenSSL::X509->new_from_file( "$cert" ); |
|
||||||
my $expire_in = int ((str2time($cert->notAfter())-time())/(3600*24)); |
|
||||||
|
|
||||||
if ($what eq 'expire'){ |
|
||||||
print $expire_in; |
|
||||||
} |
|
||||||
else{ |
|
||||||
die "Only expire is supported for now"; |
|
||||||
} |
|
||||||
|
|
||||||
@ -1,49 +0,0 @@ |
|||||||
#!/usr/bin/perl -w |
|
||||||
|
|
||||||
use strict; |
|
||||||
use warnings; |
|
||||||
use Crypt::OpenSSL::X509; |
|
||||||
use Date::Parse; |
|
||||||
use Getopt::Long; |
|
||||||
use JSON; |
|
||||||
|
|
||||||
my $index = '/opt/phpki/phpki-store/CA/index.txt'; |
|
||||||
my $path = '/opt/phpki/phpki-store/CA/newcerts'; |
|
||||||
|
|
||||||
GetOptions( |
|
||||||
"index=s" => \$index, |
|
||||||
"path=s" => \$path |
|
||||||
); |
|
||||||
|
|
||||||
open INDEX, "$index" or die "Couldn't open $index\n"; |
|
||||||
|
|
||||||
my $json; |
|
||||||
|
|
||||||
foreach my $l (<INDEX>){ |
|
||||||
next unless $l =~ m/^([VR])\t\d+Z\t(\d+Z)?\t(\w+)\tunknown\t.*/; |
|
||||||
my $status = $1; |
|
||||||
my $serial = $3; |
|
||||||
my $cert = Crypt::OpenSSL::X509->new_from_file( "$path/$serial.pem" ); |
|
||||||
|
|
||||||
my $expire_in = int ((str2time($cert->notAfter())-time())/(3600*24)); |
|
||||||
if ($status eq 'V'){ |
|
||||||
$status = 'valid'; |
|
||||||
} |
|
||||||
elsif ($expire_in lt 0){ |
|
||||||
$status = 'expired'; |
|
||||||
} |
|
||||||
else{ |
|
||||||
$status = 'revoked'; |
|
||||||
} |
|
||||||
my $subject = $cert->subject; |
|
||||||
$subject =~ m/.*\sCN=(.*),/; |
|
||||||
my $cn = $1; |
|
||||||
|
|
||||||
push @{$json->{data}}, { |
|
||||||
"{#CRTCN}" => $cn, |
|
||||||
"{#CRTSERIAL}" => $serial, |
|
||||||
"{#CRTSTATUS}" => $status, |
|
||||||
}; |
|
||||||
} |
|
||||||
close INDEX; |
|
||||||
print to_json($json); |
|
||||||
Loading…
Reference in new issue