From 37903a19871b7dc783d1243bf5f3a5cbf6f3ee20 Mon Sep 17 00:00:00 2001 From: Niko Janceski Date: Thu, 12 Nov 2020 19:35:28 -0500 Subject: [PATCH 1/3] added option for critical nagios exit code on expiring certs --- ssl-cert-check | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/ssl-cert-check b/ssl-cert-check index da4ec95..6301352 100755 --- a/ssl-cert-check +++ b/ssl-cert-check @@ -305,6 +305,9 @@ NAGIOS="FALSE" # Don't summarize Nagios output by default (cmdline: -N) NAGIOSSUMMARY="FALSE" +# Expiring certs will default to warn exit code for nagios (cmdline: -o) +EXPIREEXIT=1 + # NULL out the PKCSDBPASSWD variable for later use (cmdline: -k) PKCSDBPASSWD="" @@ -630,6 +633,7 @@ usage() echo " -k password : PKCS12 file password" echo " -n : Run as a Nagios plugin" echo " -N : Run as a Nagios plugin and output one line summary (implies -n, requires -f or -d)" + echo " -o : Requires -n, override exit code to critical for any expiring certs (see -x)" echo " -p port : Port to connect to (interactive mode)" echo " -q : Don't print anything on the console" echo " -s commmon name : Server to connect to (interactive mode)" @@ -789,7 +793,7 @@ check_file_status() { "The SSL certificate for ${HOST} \"(CN: ${COMMONNAME})\" will expire on ${CERTDATE}" fi prints "${HOST}" "${PORT}" "Expiring" "${CERTDATE}" "${CERTDIFF}" "${CERTISSUER}" "${COMMONNAME}" "${SERIAL}" - RETCODE_LOCAL=1 + RETCODE_LOCAL=${EXPIREEXIT} else prints "${HOST}" "${PORT}" "Valid" "${CERTDATE}" "${CERTDIFF}" "${CERTISSUER}" "${COMMONNAME}" "${SERIAL}" @@ -804,7 +808,7 @@ check_file_status() { ################################# ### Start of main program ################################# -while getopts abc:d:e:E:f:hik:nNp:qs:St:Vx: option +while getopts abc:d:e:E:f:hik:nNop:qs:St:Vx: option do case "${option}" in a) ALARM="TRUE";; @@ -821,6 +825,7 @@ do n) NAGIOS="TRUE";; N) NAGIOS="TRUE" NAGIOSSUMMARY="TRUE";; + o) EXPIREEXIT=2;; p) PORT=$OPTARG;; q) QUIET="TRUE";; s) HOST=$OPTARG;; From 63507a4e2aec6b33691faf229ed460334eaa3895 Mon Sep 17 00:00:00 2001 From: Niko Janceski Date: Thu, 12 Nov 2020 19:39:17 -0500 Subject: [PATCH 2/3] added new option to usage and readme --- README.md | 1 + ssl-cert-check | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 35dfdb7..15de2e6 100644 --- a/README.md +++ b/README.md @@ -20,6 +20,7 @@ Usage: ./ssl-cert-check [ -e email address ] [ -E sender email address ] [ -x da -k password : PKCS12 file password -n : Run as a Nagios plugin -N : Run as a Nagios plugin and output one line summary (implies -n, requires -f or -d) + -o : Requires -n, override exit code to critical for any expiring certs (see -x) -p port : Port to connect to (interactive mode) -s commmon name : Server to connect to (interactive mode) -t type : Specify the certificate type diff --git a/ssl-cert-check b/ssl-cert-check index 6301352..3c1b328 100755 --- a/ssl-cert-check +++ b/ssl-cert-check @@ -618,7 +618,7 @@ set_summary() ########################################## usage() { - echo "Usage: $0 [ -e email address ] [-E sender email address] [ -x days ] [-q] [-a] [-b] [-h] [-i] [-n] [-N] [-v]" + echo "Usage: $0 [ -e email address ] [-E sender email address] [ -x days ] [-q] [-a] [-b] [-h] [-i] [-n] [-N] [-o] [-v]" echo " { [ -s common_name ] && [ -p port] } || { [ -f cert_file ] } || { [ -c cert file ] } || { [ -d cert dir ] }" echo "" echo " -a : Send a warning message through E-mail" From f26d03630bab60cb98b796ce45f1323b30f18097 Mon Sep 17 00:00:00 2001 From: Niko Janceski Date: Thu, 12 Nov 2020 19:46:07 -0500 Subject: [PATCH 3/3] forgot the readme --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 15de2e6..50a6034 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ ssl-cert-check is a Bourne shell script that can be used to report on expiring S # Usage:
 $ ./ssl-cert-check
-Usage: ./ssl-cert-check [ -e email address ] [ -E sender email address ] [ -x days ] [-q] [-a] [-b] [-h] [-i] [-n] [-N] [-v]
+Usage: ./ssl-cert-check [ -e email address ] [ -E sender email address ] [ -x days ] [-q] [-a] [-b] [-h] [-i] [-n] [-N] [-o] [-v]
        { [ -s common_name ] && [ -p port] } || { [ -f cert_file ] } || { [ -c cert file ] } || { [ -d cert dir ] }"
 
   -a                : Send a warning message through E-mail