diff --git a/checks/check_cert_expire.sh b/checks/check_cert_expire.sh new file mode 100644 index 0000000..16fa674 --- /dev/null +++ b/checks/check_cert_expire.sh @@ -0,0 +1,165 @@ +#!/bin/bash + + +base_path="/etc/pki/ca-trust/source/anchors/" +tage="10" +#Certificate="$1" + +function certcheck(){ + filename="$1" + #cert_date=$(openssl x509 -enddate -noout -in /etc/pki/ca-trust/source/anchors/20190401-ProxyBw_SRB_EN-Zebel.crt | cut -d "=" -f 2-) + cert_date=$(openssl x509 -enddate -noout -in $filename | cut -d "=" -f 2-) + + cert_day=$(echo $cert_date | awk '{print $2}') + cert_month=$(echo $cert_date | awk '{print $1}') + cert_year=$(echo $cert_date | awk '{print $4}') + + cert_hour=$(printf '%0d' "$(echo $cert_date | awk '{print $3}' | awk -F: '{print $1}')") + #printf '%0d' "$cert_hour" + cert_minute=$(echo $cert_date | awk '{print $3}' | awk -F: '{print $2}') + cert_sec=$(echo $cert_date | awk '{print $3}' | awk -F: '{print $3}') + + #Montatsnamen umrechnen in Zahlen + case $cert_month in + "Jan") + cert_month="01" + ;; + "Feb") + cert_month="02" + ;; + "Mär"|"Mar") + cert_month="03" + ;; + "Apr") + cert_month="04" + ;; + "Mai"|"May") + cert_month="05" + ;; + "Jun") + cert_month="06" + ;; + "Jul") + cert_month="07" + ;; + "Aug") + cert_month="08" + ;; + "Sep") + cert_month="09" + ;; + "Okt"|"Oct") + cert_month="10" + ;; + "Nov") + cert_month="11" + ;; + "Dez"|"Dec") + cert_month="12" + ;; + *) + esac + + #Debug + #echo -e "Day:\t$cert_day\nMonth:\t$cert_month\nYear:\t$cert_year\n" + #echo -e "Hour:\t$cert_hour\nMinute:\t$cert_minute\nSec:\t$cert_sec\n" + + cert_date_in_sec=$(date +%s -d "$cert_year-$cert_month-$cert_day $cert_hour:$cert_minute:$cert_sec") + now_date_in_sec=$(date +%s) + + #Debug + #echo -e "Certdate:\t$cert_date_in_sec\nNowdate:\t$now_date_in_sec" + + #Debug + #echo -e "$cert_date_in_sec+($tage*24*60*60)" + + if [ "$cert_date_in_sec" -ge "$now_date_in_sec" ] + then + if [ "$(echo "$cert_date_in_sec+($tage*24*60*60)" | bc)" -ge "$now_date_in_sec" ] + then + #Debug + #echo "$filename: noch nicht abgelaufen" + return 0 + else + #Debug + #echo "$filename: läuft in weniger als $tage ab" + return 2 + fi + else + #Debug + #echo "$filename: Cert abgelaufen" + return 1 + fi + + } + + +#Variableninitialisierung +ok="" +ok_num="0" +ok_var="" +warn="" +warn_num="0" +warn_var="" +error="" +error_num="0" +error_var="" + +for cert in $base_path/* +do + [[ -e "$cert" ]] || break + #Debug + #echo $cert + + certcheck $cert + rueckgabe=$? + + #Debug + #echo "Rückgabewert: $rueckgabe" + cert_short=$(echo "$cert" | awk -F "/" '{print $NF}') + + case "$rueckgabe" in + 0) + ok="1" + ((ok_num++)) + ok_var="$ok_var $cert_short" + ;; + 1) + error="1" + ((error_num++)) + error_var="$error_var $cert_short" + ;; + 2) + warn="1" + ((warn_num++)) + warn_var="$warn_var $cert_short" + ;; + esac + + +done + +perfdata="$error_num;$warn_num;$ok_num" + +#Debug +#echo -e "ok:\t$ok\tok_var:\t$ok_var\nwarn:\t$warn\twarn_var:\t$warn_var\nerror:\t$error\terror_var:\t$error_var" +if [ "$error" = "1" ] +then + echo "cert_check ERROR: Cert's abgelaufen: $error_var | $perfdata" + exit 2 +elif [ "$warn" = "1" ] +then + echo "cert_check WARNING: Cert's laufen in < $tage Tag(en) ab: $warn_var | $perfdata" + exit 1 +elif [ "$ok" = "1" ] +then + echo "cert_check OK: Cert aktuell: $ok_var | $perfdata" + exit 0 +else + echo "cert_check UNKNOWN | $perfdata" + exit 3 +fi + +#certcheck $base_path/$Certificate + +