Select Git revision
upgrade.php
-
Tobias Reischmann authoredTobias Reischmann authored
monitor-certificates 1.97 KiB
#!/bin/bash
# We need current time+date to check for remaining time on certificates
NOW=$(date +%s)
# WARN if less than this amount of days is left on the certificate
CONFIG_WARN_DAYS_LEFT=30
# CRIT if less than this amount of days is left on the certificate
CONFIG_CRIT_DAYS_LEFT=14
# List of folders to process *.pem files in
# Example: CONFIG_CHECK_FOLDERS=( "/a/b/c" "/d/e/f" "/foo/bar/baz" )
CONFIG_CHECK_FOLDERS=( "/etc/hsh-certs" )
function process_folder {
folder="$1"
if [[ "" == "$folder" || ! -d "$folder" ]]; then
return
fi
pemfiles=$(find "$folder" -type f -name '*.pem')
for pemfile in $pemfiles; do
if [[ "$pemfile" =~ \.(dhparam|fullchain|chain|cacert)\.pem$ ]]; then
continue;
fi
pem_subject=$(openssl x509 -in "$pemfile" -noout -text 2>&1 | grep 'Subject:' | tr -s ' ' | cut -d ' ' -f 3-)
pem_cn=$(echo $pem_subject | rev | cut -d ' ' -f 1 | rev)
pem_expire_date=$(openssl x509 -in "$pemfile" -noout -text 2>&1 | grep 'Not After' | tr -s ' ' | cut -d ' ' -f 5-)
pem_expire_timestamp=$(date -d "$pem_expire_date" +%s)
pem_remaining_seconds=$(($pem_expire_timestamp - $NOW))
pem_remaining_days=$(($pem_remaining_seconds / 86400))
pem_status=""
checkmk_status="3"
if [[ $pem_remaining_days -lt 1 ]]; then
pem_status="EXPIRED"
checkmk_status="2"
else
pem_status="$pem_remaining_days days remaining"
# Default is OK, gets overridden by WARN, then by CRIT
checkmk_status="0"
if [[ $pem_remaining_days -le CONFIG_WARN_DAYS_LEFT ]]; then
checkmk_status="1"
fi
if [[ $pem_remaining_days -le CONFIG_CRIT_DAYS_LEFT ]]; then
checkmk_status="2"
fi
fi
echo "$checkmk_status Certificate_$pemfile - $pem_status (CN: $pem_cn)"
done
}
for folder in ${CONFIG_CHECK_FOLDERS[@]}; do
process_folder $folder
done