Nagios插件-检查ssl证书

时间:2019-08-20 17:58:27  来源:igfitidea点击:

我们将创建了一个名为check_ssl_cert_expiry的Nagios插件。用于检查ssl证书的日期。
nagios插件将在SSL证书到期日之前发送警报。

check_ssl_cert_expiry的功能:

1.在SSL证书到期剩余天数之前发出警告和严重警报。

2.nagios服务器可能在不同时区运行。SSL证书的过期日期通常以GMT时区显示(正如我所看到的,它可能会有所不同)。所以这里我们必须根据Nagios服务器时区来改变天数。

因此,脚本以一种不管哪个时区SSL证书过期时区的方式来编写。它将和你的Nagios服务器时区兼容。

check_ssl_cert_expiry文件

#!/bin/bash
## Author: Hyman
## Description : Send Warning/Critical alert before expiry date of SSL Certificate.
## Version : 1.0
##
## Usage example: /check_ssl_cert_expiry -h www.google.co.in -w 90 -c 60
## -w = integer number (Warning days)
## -c = integer number (Critical days)
#
# Requirement : bc command should be available in system.
#

_HOST=""
_WARNEXPIRYDAYS=""
_CRITEXPIRYDAYS=""

while getopts "h:w:c:" opt
do
case $opt in
h ) _HOST=$OPTARG;;
w ) _WARNEXPIRYDAYS=$OPTARG;;
c ) _CRITEXPIRYDAYS=$OPTARG;;
esac
done

if [ ! "$_HOST" ]
then
printf "ERROR - Either give Hostname in syntax as www.example.com or example.com with -h!n"
exit 3
fi
if [ ! "$_WARNEXPIRYDAYS" ]
then
printf "ERROR - Add WARNING expiry in days with -wn"
exit 3
fi
if [ ! "$_CRITEXPIRYDAYS" ]
then
printf "ERROR - Add CRITICAL expiry in days with -cn"
exit 3
fi

EXPIRYDATE=`echo "QUIT" | openssl s_client -connect $_HOST:443 2>/dev/null | openssl x509 -noout -enddate 2>/dev/null|sed 's/notAfter=//g'`
#echo $EXPIRYDATE

EXPIRYDATE_epoch=$(date --date "$EXPIRYDATE" +%s)

CURRENT_DATE_epoch=`date +%s`

#echo $EXPIRYDATE_epoch
#echo $CURRENT_DATE_epoch
#echo $dayDiff

epochDiff=`echo "$EXPIRYDATE_epoch" - "$CURRENT_DATE_epoch"|bc`
#echo $epochDiff

### Get difference of days
dayDiff=`echo "$epochDiff"/86400|bc`
#echo $dayDiff

if [ "$dayDiff" -le "$_CRITEXPIRYDAYS" ]
then
echo "CRITICAL : $dayDiff days are left for SSL Certificate Expiration on Host $_HOST"
exit 2
else
if [  "$dayDiff" -le "$_WARNEXPIRYDAYS" ]
then
echo  "WARNING : $dayDiff days are left for SSL Certificate Expiration on Host $_HOST"
exit 1
else
if [ "$dayDiff" -gt "$_WARNEXPIRYDAYS" ]
then
echo "OK: $dayDiff days are left for SSL Certificate Expiration on Host $_HOST"
exit 0
fi
fi
fi