Home Explore Help
Sign In
kolter
/
zabbix-plugins
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 847e1bfcc3
Branches Tags
zabbix-plugins
/
plugins
/
server
/
ssl
/
scripts
/
ssl

ssl 2.4 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495 
  1. #!/bin/sh
    2. 

  2. 

  3. RESULT=1
    4. 

  4. CAPATH="/etc/ssl/certs"
    5. 

  5. DATE_CHECK=0
    6. 

  6. 

  7. usage() {
    8. 

  8. cat <<EOH
    9. 

  9. USAGE: $(basename "$0") [-t] -u URI
    10. 

  10. 

  11. Options:
    12. 

  12.     -u  Specify the URI to check
    13. 

  13.     -t  Count and print the certificate expiration interval in days
    14. 

  14. 

  15. URI Examples:
    16. 

  16.   - tls+smtp://smtp.googlemail.com:submission
    17. 

  17.   - tls+imap://imap.no-log.org:imap
    18. 

  18.   - ssl://imap.free.fr:imaps
    19. 

  19.   - ssl://pop.free.fr:pop3s
    20. 

  20.   - tls+xmpp://jabber.org:xmpp-client
    21. 

  21.   - ssl://www.google.com:https
    22. 

  22. 

  23. Return:
    24. 

  24.   print 0 on stdout if the certificate is valid
    25. 

  25.   print 1 on stdout if the certificate is not valid
    26. 

  26.   print the certificate expiration interval in days (only with option -t)
    27. 

  27. EOH
    28. 

  28. }
    29. 

  29. 

  30. while getopts htu: option ; do
    31. 

  31.     case "${option}" in
    32. 

  32.         h)
    33. 

  33.             usage
    34. 

  34.             exit 1
    35. 

  35.             ;;
    36. 

  36.         t)
    37. 

  37.             DATE_CHECK=1
    38. 

  38.             ;;
    39. 

  39.         u)
    40. 

  40.             URI="${OPTARG}"
    41. 

  41.         ;;
    42. 

  42.     esac
    43. 

  43. done
    44. 

  44. 

  45. if [ -z "${URI}" ]; then
    46. 

  46.     printf "Error: URI not found\n\n" >&2
    47. 

  47.     usage
    48. 

  48.     exit 1
    49. 

  49. fi
    50. 

  50. 

  51. eval $(echo "${URI}" | sed -r -n 's/^(ssl|tls)(\+(.+))?:\/\/([^:]+)(:([^:]+))?$/layer="\1"\nproto="\3"\nhost="\4"\nport="\6"/p')
    52. 

  52. 

  53. tls_opts=
    54. 

  54. if [ "${layer}" = "tls" ] && [ "${proto}" != "" ]; then
    55. 

  55.     tls_opts="$tls_opts -starttls ${proto}"
    56. 

  56. fi
    57. 

  57. 

  58. certs_data=$(mktemp -t "$(basename "$(readlink -f "${0}")")-certs.XXXXXXXX")
    59. 

  59. errors_log=$(mktemp -t "$(basename "$(readlink -f "${0}")")-errors.XXXXXXXX")
    60. 

  60. 

  61. openssl s_client \
    62. 

  62.     -CApath "${CAPATH}" \
    63. 

  63.     -servername "${host}" \
    64. 

  64.     -connect "${host}:${port}" \
    65. 

  65.     ${tls_opts} \
    66. 

  66.     -showcerts < /dev/null 2>"${errors_log}" > "${certs_data}"
    67. 

  67. 

  68. if [ $? != 0 ]; then
    69. 

  69.     printf "Error (openssl): %s\n" "$(head -n 2 "${errors_log}" | tr '\n' ',')" >&2
    70. 

  70.     exit 1
    71. 

  71. fi
    72. 

  72. 

  73. if [ "${DATE_CHECK}" = 1 ]; then
    74. 

  74.     cert_enddate="$(sed -n '/BEGIN CERTIFICATE/,/END CERTIFICATE/p' < "${certs_data}" | openssl x509 -text 2>/dev/null | sed -n 's/ *Not After : *//p')"
    75. 

  75.     if [ -z "${cert_enddate}" ]; then
    76. 

  76.         printf "Error: unable to find certificate end date\n" >&2
    77. 

  77.         exit 1
    78. 

  78.     fi
    79. 

  79.     cert_enddate_seconds=$(date '+%s' --date "${cert_enddate}")
    80. 

  80.     now_seconds=$(date '+%s')
    81. 

  81.     diff_seconds=$(( ${cert_enddate_seconds} - ${now_seconds} ))
    82. 

  82.     diff_days=$(( ${diff_seconds} / 3600 / 24 ))
    83. 

  83.     RESULT="${diff_days}"
    84. 

  84. else
    85. 

  85.     return_code=$(cat "${certs_data}" | sed -r -n 's/^\s*Verify return code: ([0-9]+) (.*)$/\1/p')
    86. 

  86.     if [ "${return_code}" = 0 ]; then
    87. 

  87.         RESULT=0
    88. 

  88.     fi
    89. 

  89. fi
    90. 

  90. 

  91. rm -f "${certs_data}" "${errors_log}"
    92. 

  92. 

  93. printf "${RESULT}\n"
    94. 

  94. 

  95. exit 0
    96.