Nagios插件-检查ssl证书
时间:2019-08-20 17:58:27 来源:igfitidea点击:
我们将创建了一个名为check_ssl_cert_expiry的Nagios插件。用于检查ssl证书的日期。
nagios插件将在SSL证书到期日之前发送警报。
check_ssl_cert_expiry的功能:
1.在SSL证书到期剩余天数之前发出警告和严重警报。
2.nagios服务器可能在不同时区运行。SSL证书的过期日期通常以GMT时区显示(正如我所看到的,它可能会有所不同)。所以这里我们必须根据Nagios服务器时区来改变天数。
因此,脚本以一种不管哪个时区SSL证书过期时区的方式来编写。它将和你的Nagios服务器时区兼容。
check_ssl_cert_expiry文件
#!/bin/bash ## Author: Hyman ## Description : Send Warning/Critical alert before expiry date of SSL Certificate. ## Version : 1.0 ## ## Usage example: /check_ssl_cert_expiry -h www.google.co.in -w 90 -c 60 ## -w = integer number (Warning days) ## -c = integer number (Critical days) # # Requirement : bc command should be available in system. # _HOST="" _WARNEXPIRYDAYS="" _CRITEXPIRYDAYS="" while getopts "h:w:c:" opt do case $opt in h ) _HOST=$OPTARG;; w ) _WARNEXPIRYDAYS=$OPTARG;; c ) _CRITEXPIRYDAYS=$OPTARG;; esac done if [ ! "$_HOST" ] then printf "ERROR - Either give Hostname in syntax as www.example.com or example.com with -h!n" exit 3 fi if [ ! "$_WARNEXPIRYDAYS" ] then printf "ERROR - Add WARNING expiry in days with -wn" exit 3 fi if [ ! "$_CRITEXPIRYDAYS" ] then printf "ERROR - Add CRITICAL expiry in days with -cn" exit 3 fi EXPIRYDATE=`echo "QUIT" | openssl s_client -connect $_HOST:443 2>/dev/null | openssl x509 -noout -enddate 2>/dev/null|sed 's/notAfter=//g'` #echo $EXPIRYDATE EXPIRYDATE_epoch=$(date --date "$EXPIRYDATE" +%s) CURRENT_DATE_epoch=`date +%s` #echo $EXPIRYDATE_epoch #echo $CURRENT_DATE_epoch #echo $dayDiff epochDiff=`echo "$EXPIRYDATE_epoch" - "$CURRENT_DATE_epoch"|bc` #echo $epochDiff ### Get difference of days dayDiff=`echo "$epochDiff"/86400|bc` #echo $dayDiff if [ "$dayDiff" -le "$_CRITEXPIRYDAYS" ] then echo "CRITICAL : $dayDiff days are left for SSL Certificate Expiration on Host $_HOST" exit 2 else if [ "$dayDiff" -le "$_WARNEXPIRYDAYS" ] then echo "WARNING : $dayDiff days are left for SSL Certificate Expiration on Host $_HOST" exit 1 else if [ "$dayDiff" -gt "$_WARNEXPIRYDAYS" ] then echo "OK: $dayDiff days are left for SSL Certificate Expiration on Host $_HOST" exit 0 fi fi fi