mdm-service/monitoring-zabbix
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

mdmcertcheck v0.3 - valid valid_status isexist

Browse Source
This commit is contained in:
Mike D'Morto 2021-02-11 11:34:31 +07:00
parent b4acb96e35
commit 575b3e1cf3
1 changed files with 64 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
mdmcertcheck/mdmcertcheck.sh
View File

@ -4,15 +4,46 @@
export LC_ALL="" export LC_ALL=""
export LANG="en_US.UTF-8" export LANG="en_US.UTF-8"
VERSION="0.1" VERSION="0.3"
CERTLIST="certlist.cfg" CERTLIST="certlist.cfg"
CTIMEOUT="1"
error(){
echo "-1"
exit 1
}
JSON="" JSON=""
##### PARAMETERS##### ##### PARAMETERS#####
METRIC="$1" METRIC="$1"
ITEM="$2" ITEM="$2"
CERT_DOMAIN=""
CERT_IP=""
CERT_PORT=""
CERT_BODY=""
parse_item(){
TITEM=$1
#parse item
#check empty item
if [ -z "$TITEM" ]
then
error
fi
CERT_DOMAIN=`echo $ITEM | awk -F"|" '{print $1}'`
CERT_IP=`echo $ITEM | awk -F"|" '{print $2}'`
CERT_PORT=`echo $ITEM | awk -F"|" '{print $3}'`
}
get_cert(){
if ! CERT_BODY=$( echo | timeout "$CTIMEOUT" openssl s_client -servername "$CERT_DOMAIN" -verify_hostname "$CERT_DOMAIN" -connect "$CERT_IP":"$CERT_PORT" 2>/dev/null )
then
error
fi
}
case "$METRIC" in case "$METRIC" in
discovery) discovery)
#records from the config file #records from the config file
@ -31,6 +62,33 @@ discovery)
exit 0 exit 0
;; ;;
isexist)
#validating the cert
parse_item $ITEM
get_cert
# if get_cert has not en error then all is ok.
echo 1
;;
valid)
#validating the cert
parse_item $ITEM
get_cert
# Note: new openssl versions can print multiple return codes for post-handshake session tickets, so we need to get only the first one
RET=$( echo "$CERT_BODY" | grep -E '^ *Verify return code:' | sed -n 1p | sed 's/^ *//' | tr -s ' ' | cut -d' ' -f4 )
if [ "$RET" -eq "0" ]; then echo "1"; else echo "0"; fi
;;
valid_status)
#validating the cert
parse_item $ITEM
get_cert
# Note: new openssl versions can print multiple return codes for post-handshake session tickets, so we need to get only the first one
RET=$( echo "$CERT_BODY" | grep -E '^ *Verify return code:')
echo $RET;
;;
script.version) script.version)
echo $VERSION echo $VERSION
;; ;;
@ -38,8 +96,11 @@ script.version)
help) help)
echo "please use these params echo "please use these params
{ {
discovery discovery - discovery items from config file
script.version isexist - the script has access to server with cert
valid - the cert is valid (1|0)
valid_status - the cert status in full text
script.version - current version of this script
}" }"
;; ;;