check_cert_expire erstellt

Dies ist ein Icinga2 Check, der die Systemzertifikate auf Ablauf prüft
2019-10-21 16:16:29 +02:00 · 2019-10-21 16:16:29 +02:00 · 8bf5f48fb5
commit 8bf5f48fb5
parent e615e21f37
1 changed files with 165 additions and 0 deletions
--- a/checks/check_cert_expire.sh
+++ b/checks/check_cert_expire.sh
@ -0,0 +1,165 @@
+#!/bin/bash
+
+
+base_path="/etc/pki/ca-trust/source/anchors/"
+tage="10"
+#Certificate="$1"
+
+function certcheck(){
+	filename="$1"
+	#cert_date=$(openssl x509 -enddate -noout -in /etc/pki/ca-trust/source/anchors/20190401-ProxyBw_SRB_EN-Zebel.crt | cut -d "=" -f 2-)
+	cert_date=$(openssl x509 -enddate -noout -in $filename | cut -d "=" -f 2-)
+
+	cert_day=$(echo $cert_date | awk '{print $2}')
+	cert_month=$(echo $cert_date | awk '{print $1}')
+	cert_year=$(echo $cert_date | awk '{print $4}')
+
+	cert_hour=$(printf '%0d' "$(echo $cert_date | awk '{print $3}' | awk -F: '{print $1}')")
+	#printf '%0d' "$cert_hour"
+	cert_minute=$(echo $cert_date | awk '{print $3}' | awk -F: '{print $2}')
+	cert_sec=$(echo $cert_date | awk '{print $3}' | awk -F: '{print $3}')
+
+	#Montatsnamen umrechnen in Zahlen
+	case $cert_month in
+		"Jan")
+			cert_month="01"
+		;;
+		"Feb")
+			cert_month="02"
+		;;
+		"Mär"|"Mar")
+			cert_month="03"
+		;;
+		"Apr")
+			cert_month="04"
+		;;
+		"Mai"|"May")
+			cert_month="05"
+		;;
+		"Jun")
+			cert_month="06"
+		;;
+		"Jul")
+			cert_month="07"
+		;;
+		"Aug")
+			cert_month="08"
+		;;
+		"Sep")
+			cert_month="09"
+		;;
+		"Okt"|"Oct")
+			cert_month="10"
+		;;
+		"Nov")
+			cert_month="11"
+		;;
+		"Dez"|"Dec")
+			cert_month="12"
+		;;
+		*)
+	esac
+	
+	#Debug
+	#echo -e "Day:\t$cert_day\nMonth:\t$cert_month\nYear:\t$cert_year\n"
+	#echo -e "Hour:\t$cert_hour\nMinute:\t$cert_minute\nSec:\t$cert_sec\n"
+	
+	cert_date_in_sec=$(date +%s -d "$cert_year-$cert_month-$cert_day $cert_hour:$cert_minute:$cert_sec")
+	now_date_in_sec=$(date +%s)
+	
+	#Debug
+	#echo -e "Certdate:\t$cert_date_in_sec\nNowdate:\t$now_date_in_sec"
+	
+	#Debug
+	#echo -e "$cert_date_in_sec+($tage*24*60*60)"
+	
+	if [ "$cert_date_in_sec" -ge "$now_date_in_sec" ]
+	then
+		if [ "$(echo "$cert_date_in_sec+($tage*24*60*60)" | bc)" -ge "$now_date_in_sec" ] 
+		then
+			#Debug
+			#echo "$filename: noch nicht abgelaufen"
+			return 0
+		else
+			#Debug
+			#echo "$filename: läuft in weniger als $tage ab"
+			return 2
+		fi
+	else
+		#Debug
+		#echo "$filename: Cert abgelaufen"
+		return 1
+	fi
+	
+	}
+
+
+#Variableninitialisierung
+ok=""
+ok_num="0"
+ok_var=""
+warn=""
+warn_num="0"
+warn_var=""
+error=""
+error_num="0"
+error_var=""
+
+for cert in $base_path/*
+do
+	[[ -e "$cert" ]] || break
+	#Debug
+	#echo $cert
+	
+	certcheck $cert
+	rueckgabe=$?
+	
+	#Debug
+	#echo "Rückgabewert: $rueckgabe"
+	cert_short=$(echo "$cert" | awk -F "/" '{print $NF}')
+
+	case "$rueckgabe" in
+		0)
+			ok="1"
+			((ok_num++))
+			ok_var="$ok_var $cert_short"
+		;;
+		1)
+			error="1"
+			((error_num++))
+			error_var="$error_var $cert_short"
+		;;
+		2)
+			warn="1"
+			((warn_num++))
+			warn_var="$warn_var $cert_short"
+		;;
+	esac
+
+
+done
+
+perfdata="$error_num;$warn_num;$ok_num"
+
+#Debug
+#echo -e "ok:\t$ok\tok_var:\t$ok_var\nwarn:\t$warn\twarn_var:\t$warn_var\nerror:\t$error\terror_var:\t$error_var"
+if [ "$error" = "1" ]
+then
+	echo "cert_check ERROR: Cert's abgelaufen: $error_var | $perfdata"
+	exit 2
+elif [ "$warn" = "1" ]
+then
+	echo "cert_check WARNING: Cert's laufen in < $tage Tag(en) ab: $warn_var | $perfdata"
+	exit 1
+elif [ "$ok" = "1" ]
+then
+        echo "cert_check OK: Cert aktuell: $ok_var | $perfdata"
+        exit 0
+else
+	echo "cert_check UNKNOWN | $perfdata"
+	exit 3
+fi
+
+#certcheck $base_path/$Certificate
+
+