From 11f828726ca4703fa9d1b15278f726ccdedd2e58 Mon Sep 17 00:00:00 2001 From: svogal Date: Sat, 20 Mar 2021 13:28:52 +0100 Subject: [PATCH] JSON output option added --- README.md | 14 +++++++++++++- ssl-cert-check | 31 +++++++++++++++++++++++++------ 2 files changed, 38 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 35dfdb7..1c64f09 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ ssl-cert-check is a Bourne shell script that can be used to report on expiring S # Usage: 
 $ ./ssl-cert-check
-Usage: ./ssl-cert-check [ -e email address ] [ -E sender email address ] [ -x days ] [-q] [-a] [-b] [-h] [-i] [-n] [-N] [-v]
+Usage: ./ssl-cert-check [ -e email address ] [ -E sender email address ] [ -x days ] [-q] [-a] [-b] [-h] [-i] [-j] [-n] [-N] [-v]
        { [ -s common_name ] && [ -p port] } || { [ -f cert_file ] } || { [ -c cert file ] } || { [ -d cert dir ] }"
 
   -a                : Send a warning message through E-mail
@@ -17,6 +17,7 @@ Usage: ./ssl-cert-check [ -e email address ] [ -E sender email address ] [ -x da
   -f cert file      : File with a list of FQDNs and ports
   -h                : Print this screen
   -i                : Print the issuer of the certificate
+  -j                : Print each line as a JSON object
   -k password       : PKCS12 file password
   -n                : Run as a Nagios plugin
   -N                : Run as a Nagios plugin and output one line summary (implies -n, requires -f or -d)
@@ -61,6 +62,17 @@ Send an e-mail to admin@prefetch.net if a domain listed in ssldomains will expir
 $ ssl-cert-check -a -f ssldomains -q -x 60 -e admin@prefetch.net
+Print the expiration times as JSONL (every line is a separate JSON document): + +
+$ ssl-cert-check -j -f ssldomains
+{"host":"www.prefetch.com","port":"443","status":"Unable to resolve the DNS name www.prefetch.com","expires":"Unknown","days":""}
+{"host":"mail.prefetch.net","port":"993","status":"Unable to resolve the DNS name mail.prefetch.net","expires":"Unknown","days":""}
+{"host":"gmail.google.com","port":"443","status":"Valid","expires":"May 18 15:36:55 2021 GMT","days":"59"}
+{"host":"www.sun.com","port":"443","status":"Expired","expires":"","days":"-2459294"}
+{"host":"www.spotch.com","port":"443","status":"Valid","expires":"Apr 24 11:04:05 2021 GMT","days":"35"}
+
+ # Additional Documentation Documentation And Examples: http://prefetch.net/articles/checkcertificate.html diff --git a/ssl-cert-check b/ssl-cert-check index da4ec95..874a003 100755 --- a/ssl-cert-check +++ b/ssl-cert-check @@ -305,6 +305,9 @@ NAGIOS="FALSE" # Don't summarize Nagios output by default (cmdline: -N) NAGIOSSUMMARY="FALSE" +# Don't print each line as a JSON object by default (cmdline: -j) +JSONL="FALSE" + # NULL out the PKCSDBPASSWD variable for later use (cmdline: -k) PKCSDBPASSWD="" @@ -498,23 +501,34 @@ prints() if [ "${QUIET}" != "TRUE" ] && [ "${ISSUER}" = "TRUE" ] && [ "${VALIDATION}" != "TRUE" ]; then MIN_DATE=$(echo "$4" | "${AWK}" '{ printf "%3s %2d %4d", $1, $2, $4 }') - if [ "${NAGIOS}" = "TRUE" ]; then + if [ "${JSONL}" = "TRUE" ]; then + echo "{\"host\":\"$1\",\"port\":\"$2\",\"issuer\":\"$6\",\"status\":\"$3\",\"expires\":\"$4\",\"days\":\"$5\"}" + elif [ "${NAGIOS}" = "TRUE" ]; then ${PRINTF} "%-35s %-17s %-8s %-11s %s\n" "$1:$2" "$6" "$3" "$MIN_DATE" "|days=$5" else ${PRINTF} "%-35s %-17s %-8s %-11s %4d\n" "$1:$2" "$6" "$3" "$MIN_DATE" "$5" fi elif [ "${QUIET}" != "TRUE" ] && [ "${ISSUER}" = "TRUE" ] && [ "${VALIDATION}" = "TRUE" ]; then - ${PRINTF} "%-35s %-35s %-32s %-17s\n" "$1:$2" "$7" "$8" "$6" - + if [ "${JSONL}" = "TRUE" ]; then + echo "{\"host\":\"$1\",\"port\":\"$2\",\"common_name\":\"$7\",\"serial\":\"$8\",\"issuer\":\"$6\"}" + else + ${PRINTF} "%-35s %-35s %-32s %-17s\n" "$1:$2" "$7" "$8" "$6" + fi elif [ "${QUIET}" != "TRUE" ] && [ "${VALIDATION}" != "TRUE" ]; then MIN_DATE=$(echo "$4" | "${AWK}" '{ printf "%3s %2d, %4d", $1, $2, $4 }') - if [ "${NAGIOS}" = "TRUE" ]; then + if [ "${JSONL}" = "TRUE" ]; then + echo "{\"host\":\"$1\",\"port\":\"$2\",\"status\":\"$3\",\"expires\":\"$4\",\"days\":\"$5\"}" + elif [ "${NAGIOS}" = "TRUE" ]; then ${PRINTF} "%-47s %-12s %-12s %s\n" "$1:$2" "$3" "$MIN_DATE" "|days=$5" else ${PRINTF} "%-47s %-12s %-12s %4d\n" "$1:$2" "$3" "$MIN_DATE" "$5" fi elif [ "${QUIET}" != "TRUE" ] && [ "${VALIDATION}" = "TRUE" ]; then - ${PRINTF} "%-35s %-35s %-32s\n" "$1:$2" "$7" "$8" + if [ "${JSONL}" = "TRUE" ]; then + echo "{\"host\":\"$1\",\"port\":\"$2\",\"common_name\":\"$7\",\"serial\":\"$8\"}" + else + ${PRINTF} "%-35s %-35s %-32s\n" "$1:$2" "$7" "$8" + fi fi } @@ -526,6 +540,9 @@ prints() #################################################### print_heading() { + if [ "${JSONL}" = "TRUE" ]; then + return + fi if [ "${NOHEADER}" != "TRUE" ]; then if [ "${QUIET}" != "TRUE" ] && [ "${ISSUER}" = "TRUE" ] && [ "${NAGIOS}" != "TRUE" ] && [ "${VALIDATION}" != "TRUE" ]; then ${PRINTF} "\n%-35s %-17s %-8s %-11s %-4s\n" "Host" "Issuer" "Status" "Expires" "Days" @@ -627,6 +644,7 @@ usage() echo " -f cert file : File with a list of FQDNs and ports" echo " -h : Print this screen" echo " -i : Print the issuer of the certificate" + echo " -j : Print each line as a JSON object" echo " -k password : PKCS12 file password" echo " -n : Run as a Nagios plugin" echo " -N : Run as a Nagios plugin and output one line summary (implies -n, requires -f or -d)" @@ -804,7 +822,7 @@ check_file_status() { ################################# ### Start of main program ################################# -while getopts abc:d:e:E:f:hik:nNp:qs:St:Vx: option +while getopts abc:d:e:E:f:hijk:nNp:qs:St:Vx: option do case "${option}" in a) ALARM="TRUE";; @@ -817,6 +835,7 @@ do h) usage exit 1;; i) ISSUER="TRUE";; + j) JSONL="TRUE";; k) PKCSDBPASSWD=${OPTARG};; n) NAGIOS="TRUE";; N) NAGIOS="TRUE"