mdm-service/monitoring-zabbix
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

mdmcertcheck v1.0 - expire certholder

Browse Source
This commit is contained in:
Mike D'Morto 2021-02-12 11:41:51 +07:00
parent 575b3e1cf3
commit 4d82676b63
1 changed files with 23 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
mdmcertcheck/mdmcertcheck.sh
View File

@ -4,7 +4,7 @@
export LC_ALL="" export LC_ALL=""
export LANG="en_US.UTF-8" export LANG="en_US.UTF-8"
VERSION="0.3" VERSION="1.0"
CERTLIST="certlist.cfg" CERTLIST="certlist.cfg"
CTIMEOUT="1" CTIMEOUT="1"
@ -89,6 +89,26 @@ valid_status)
echo $RET; echo $RET;
;; ;;
expire)
#calculate expire days
parse_item $ITEM
get_cert
expire_date=$( echo "$CERT_BODY" | openssl x509 -noout -dates | grep '^notAfter' | cut -d'=' -f2 )
expire_date_epoch=$(date -d "$expire_date" +%s) || error "Failed to get expire date"
current_date_epoch=$(date +%s)
RET=$(( (expire_date_epoch - current_date_epoch)/(3600*24) ))
echo $RET
;;
certholder)
#get cert holder string
parse_item $ITEM
get_cert
# Note: new openssl versions can print multiple return codes for post-handshake session tickets, so we need to get only the first one
RET=$( echo "$CERT_BODY" | sed -n '/BEGIN CERTIFICATE/,/END CERT/p' | openssl x509 -text 2>/dev/null | sed -n 's/ *Issuer: *//p' | sed -n 's/.*CN=*//p')
echo $RET;
;;
script.version) script.version)
echo $VERSION echo $VERSION
;; ;;
@ -100,6 +120,8 @@ discovery - discovery items from config file
isexist - the script has access to server with cert isexist - the script has access to server with cert
valid - the cert is valid (1|0) valid - the cert is valid (1|0)
valid_status - the cert status in full text valid_status - the cert status in full text
expire - how many days for an unvalid state
certholder - certholder text
script.version - current version of this script script.version - current version of this script
}" }"
;; ;;