mdm-service/monitoring-zabbix
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
monitoring-zabbix/mdmcertcheck/mdmcertcheck.sh

112 lines
2.2 KiB
Bash
Raw Blame History

#!/bin/bash
# mdmcertcheck.sh is the script for checking a cert status
# author mikedmorto 2021 year
export LC_ALL=""
export LANG="en_US.UTF-8"
VERSION="0.3"
CERTLIST="certlist.cfg"
CTIMEOUT="1"
error(){
echo "-1"
exit 1
}
JSON=""
##### PARAMETERS#####
METRIC="$1"
ITEM="$2"
CERT_DOMAIN=""
CERT_IP=""
CERT_PORT=""
CERT_BODY=""
parse_item(){
TITEM=$1
#parse item
#check empty item
if [ -z "$TITEM" ]
then
error
fi
CERT_DOMAIN=`echo $ITEM | awk -F"|" '{print $1}'`
CERT_IP=`echo $ITEM | awk -F"|" '{print $2}'`
CERT_PORT=`echo $ITEM | awk -F"|" '{print $3}'`
}
get_cert(){
if ! CERT_BODY=$( echo | timeout "$CTIMEOUT" openssl s_client -servername "$CERT_DOMAIN" -verify_hostname "$CERT_DOMAIN" -connect "$CERT_IP":"$CERT_PORT" 2>/dev/null )
then
error
fi
}
case "$METRIC" in
discovery)
#records from the config file
RECS=`cat $CERTLIST | awk -F: '/^[^#]/ { print $1 }' | grep -e "^cert=.*" | cut -f 2 -d "="`
JSON="{ \"data\":["
# append data
for REC_I in ${RECS}; do
JSON=${JSON}" {\"{#CERT}\":\"${REC_I}\"},"
done
# delete last simbol and add the end
JSON=${JSON::-1}
JSON=${JSON}"]}"
echo ${JSON}
exit 0
;;
isexist)
#validating the cert
parse_item $ITEM
get_cert
# if get_cert has not en error then all is ok.
echo 1
;;
valid)
#validating the cert
parse_item $ITEM
get_cert
# Note: new openssl versions can print multiple return codes for post-handshake session tickets, so we need to get only the first one
RET=$( echo "$CERT_BODY" | grep -E '^ *Verify return code:' | sed -n 1p | sed 's/^ *//' | tr -s ' ' | cut -d' ' -f4 )
if [ "$RET" -eq "0" ]; then echo "1"; else echo "0"; fi
;;
valid_status)
#validating the cert
parse_item $ITEM
get_cert
# Note: new openssl versions can print multiple return codes for post-handshake session tickets, so we need to get only the first one
RET=$( echo "$CERT_BODY" | grep -E '^ *Verify return code:')
echo $RET;
;;
script.version)
echo $VERSION
;;
help)
echo "please use these params
{
discovery - discovery items from config file
isexist - the script has access to server with cert
valid - the cert is valid (1|0)
valid_status - the cert status in full text
script.version - current version of this script
}"
;;
*)
echo ""
;;
esac
Reference in New Issue View Git Blame Copy Permalink