check_cert_expire erstellt

Dies ist ein Icinga2 Check, der die Systemzertifikate auf Ablauf prüft
This commit is contained in:
Patrick Schindelmann 2019-10-21 16:16:29 +02:00
parent e615e21f37
commit 8bf5f48fb5

165
checks/check_cert_expire.sh Normal file
View File

@ -0,0 +1,165 @@
#!/bin/bash
base_path="/etc/pki/ca-trust/source/anchors/"
tage="10"
#Certificate="$1"
function certcheck(){
filename="$1"
#cert_date=$(openssl x509 -enddate -noout -in /etc/pki/ca-trust/source/anchors/20190401-ProxyBw_SRB_EN-Zebel.crt | cut -d "=" -f 2-)
cert_date=$(openssl x509 -enddate -noout -in $filename | cut -d "=" -f 2-)
cert_day=$(echo $cert_date | awk '{print $2}')
cert_month=$(echo $cert_date | awk '{print $1}')
cert_year=$(echo $cert_date | awk '{print $4}')
cert_hour=$(printf '%0d' "$(echo $cert_date | awk '{print $3}' | awk -F: '{print $1}')")
#printf '%0d' "$cert_hour"
cert_minute=$(echo $cert_date | awk '{print $3}' | awk -F: '{print $2}')
cert_sec=$(echo $cert_date | awk '{print $3}' | awk -F: '{print $3}')
#Montatsnamen umrechnen in Zahlen
case $cert_month in
"Jan")
cert_month="01"
;;
"Feb")
cert_month="02"
;;
"Mär"|"Mar")
cert_month="03"
;;
"Apr")
cert_month="04"
;;
"Mai"|"May")
cert_month="05"
;;
"Jun")
cert_month="06"
;;
"Jul")
cert_month="07"
;;
"Aug")
cert_month="08"
;;
"Sep")
cert_month="09"
;;
"Okt"|"Oct")
cert_month="10"
;;
"Nov")
cert_month="11"
;;
"Dez"|"Dec")
cert_month="12"
;;
*)
esac
#Debug
#echo -e "Day:\t$cert_day\nMonth:\t$cert_month\nYear:\t$cert_year\n"
#echo -e "Hour:\t$cert_hour\nMinute:\t$cert_minute\nSec:\t$cert_sec\n"
cert_date_in_sec=$(date +%s -d "$cert_year-$cert_month-$cert_day $cert_hour:$cert_minute:$cert_sec")
now_date_in_sec=$(date +%s)
#Debug
#echo -e "Certdate:\t$cert_date_in_sec\nNowdate:\t$now_date_in_sec"
#Debug
#echo -e "$cert_date_in_sec+($tage*24*60*60)"
if [ "$cert_date_in_sec" -ge "$now_date_in_sec" ]
then
if [ "$(echo "$cert_date_in_sec+($tage*24*60*60)" | bc)" -ge "$now_date_in_sec" ]
then
#Debug
#echo "$filename: noch nicht abgelaufen"
return 0
else
#Debug
#echo "$filename: läuft in weniger als $tage ab"
return 2
fi
else
#Debug
#echo "$filename: Cert abgelaufen"
return 1
fi
}
#Variableninitialisierung
ok=""
ok_num="0"
ok_var=""
warn=""
warn_num="0"
warn_var=""
error=""
error_num="0"
error_var=""
for cert in $base_path/*
do
[[ -e "$cert" ]] || break
#Debug
#echo $cert
certcheck $cert
rueckgabe=$?
#Debug
#echo "Rückgabewert: $rueckgabe"
cert_short=$(echo "$cert" | awk -F "/" '{print $NF}')
case "$rueckgabe" in
0)
ok="1"
((ok_num++))
ok_var="$ok_var $cert_short"
;;
1)
error="1"
((error_num++))
error_var="$error_var $cert_short"
;;
2)
warn="1"
((warn_num++))
warn_var="$warn_var $cert_short"
;;
esac
done
perfdata="$error_num;$warn_num;$ok_num"
#Debug
#echo -e "ok:\t$ok\tok_var:\t$ok_var\nwarn:\t$warn\twarn_var:\t$warn_var\nerror:\t$error\terror_var:\t$error_var"
if [ "$error" = "1" ]
then
echo "cert_check ERROR: Cert's abgelaufen: $error_var | $perfdata"
exit 2
elif [ "$warn" = "1" ]
then
echo "cert_check WARNING: Cert's laufen in < $tage Tag(en) ab: $warn_var | $perfdata"
exit 1
elif [ "$ok" = "1" ]
then
echo "cert_check OK: Cert aktuell: $ok_var | $perfdata"
exit 0
else
echo "cert_check UNKNOWN | $perfdata"
exit 3
fi
#certcheck $base_path/$Certificate