contrib-munin/plugins/ssl/ssl_

#!/bin/sh
# -*- sh -*-

: << =cut

=head1 NAME

ssl_ - Plugin to monitor certificate expiration

=head1 CONFIGURATION

This plugin does not normally require configuration.

To set warning and critical levels do like this:

  [ssl_*]
      env.warning 30:

=head1 AUTHOR

Pactrick Domack

Copyright (C) 2013 Patrick Domack <patrickdk@patrickdk.com>

=head1 LICENSE

=cut

# shellcheck disable=SC1090
. "$MUNIN_LIBDIR/plugins/plugin.sh"

ARGS=${0##*ssl_}
if echo "$ARGS" | grep -q "_"; then
    SITE=$(echo "$ARGS" | cut -f 1 -d "_")
    PORT=$(echo "$ARGS" | cut -f 2 -d "_")
else
    SITE=$ARGS
    PORT=443
fi


# Read data including a certificate from stdin and output the (fractional) number of days left
# until the expiry of this certificate. The output is empty if parsing failed.
parse_valid_days_from_certificate() {
    local input_data
    local valid_until_string
    local valid_until_epoch
    local now_epoch
    local input_data
    input_data=$(cat)
    if echo "$input_data" | grep -q -- "-----BEGIN CERTIFICATE-----"; then
        valid_until_string=$(echo "$input_data" | openssl x509 -noout -enddate \
            | grep "^notAfter=" | cut -f 2 -d "=")
        if [ -n "$valid_until_string" ]; then
            valid_until_epoch=$(date --date="$valid_until_string" +%s)
            if [ -n "$valid_until_epoch" ]; then
                now_epoch=$(date +%s)
                # calculate the number of days left
                echo "$valid_until_epoch" "$now_epoch" | awk '{ print(($1 - $2) / (24 * 3600)); }'
            fi
        fi
    fi
}


case $1 in
    config)

        echo "graph_title $SITE SSL Certificate Expire"
        echo 'graph_args --base 1000'
        echo 'graph_vlabel days left'
        echo 'graph_category security'
        echo "graph_info This graph shows the days left for the certificate being served by $SITE"
        echo 'expire.label days'
        print_warning expire
        print_critical expire

        exit 0
        ;;
esac

cert=$(echo "" | openssl s_client -CApath /etc/ssl/certs -servername "${SITE}" -connect "${SITE}:${PORT}" 2>/dev/null);

days_left=$(echo "$cert" | parse_valid_days_from_certificate)
[ -n "$days_left" ] || days_left="U"

printf "expire.value %s\n" "$days_left"
plugins ssl_ and ssl-certificate-expiry: various improvements * simplify date parsing: use "date" instead of awk's "mktime" (requires gawk) * simplify structure * use the same function (copy'n'paste) for both plugins Closes: #893 2018-03-30 01:48:51 +02:00			`#!/bin/sh`
Added a plugin to check SSL certificate expiry times This plugin connects to remote hosts and checks the HTTPS certificate expiry time. Example: https://munin.buddycloud.com/ssl-day.html 2013-08-11 07:55:19 +02:00			`# -- sh --`

			`: << =cut`

			`=head1 NAME`

			`ssl_ - Plugin to monitor certificate expiration`

			`=head1 CONFIGURATION`

			`This plugin does not normally require configuration.`

			`To set warning and critical levels do like this:`

			`[ssl_*]`
			`env.warning 30:`

			`=head1 AUTHOR`

			`Pactrick Domack`

			`Copyright (C) 2013 Patrick Domack <patrickdk@patrickdk.com>`

			`=head1 LICENSE`

			`=cut`

plugins ssl_ and ssl-certificate-expiry: various improvements * simplify date parsing: use "date" instead of awk's "mktime" (requires gawk) * simplify structure * use the same function (copy'n'paste) for both plugins Closes: #893 2018-03-30 01:48:51 +02:00			`# shellcheck disable=SC1090`
[ssl_/multi_ssl] More legible cert-parsing code Signed-off-by: Olivier Mehani <shtrom@ssji.net> 2017-06-16 12:46:12 +02:00			`. "$MUNIN_LIBDIR/plugins/plugin.sh"`
Added a plugin to check SSL certificate expiry times This plugin connects to remote hosts and checks the HTTPS certificate expiry time. Example: https://munin.buddycloud.com/ssl-day.html 2013-08-11 07:55:19 +02:00
[ssl_] Allow to specify ports other than HTTPS Signed-off-by: Olivier Mehani <shtrom@ssji.net> 2016-08-05 05:13:28 +02:00			`ARGS=${0##*ssl_}`
plugins ssl_ and ssl-certificate-expiry: various improvements * simplify date parsing: use "date" instead of awk's "mktime" (requires gawk) * simplify structure * use the same function (copy'n'paste) for both plugins Closes: #893 2018-03-30 01:48:51 +02:00			`if echo "$ARGS" \| grep -q "_"; then`
			`SITE=$(echo "$ARGS" \| cut -f 1 -d "_")`
			`PORT=$(echo "$ARGS" \| cut -f 2 -d "_")`
			`else`
			`SITE=$ARGS`
			`PORT=443`
[ssl_] Allow to specify ports other than HTTPS Signed-off-by: Olivier Mehani <shtrom@ssji.net> 2016-08-05 05:13:28 +02:00			`fi`
Added a plugin to check SSL certificate expiry times This plugin connects to remote hosts and checks the HTTPS certificate expiry time. Example: https://munin.buddycloud.com/ssl-day.html 2013-08-11 07:55:19 +02:00
plugins ssl_ and ssl-certificate-expiry: various improvements * simplify date parsing: use "date" instead of awk's "mktime" (requires gawk) * simplify structure * use the same function (copy'n'paste) for both plugins Closes: #893 2018-03-30 01:48:51 +02:00
			`# Read data including a certificate from stdin and output the (fractional) number of days left`
			`# until the expiry of this certificate. The output is empty if parsing failed.`
			`parse_valid_days_from_certificate() {`
			`local input_data`
			`local valid_until_string`
			`local valid_until_epoch`
			`local now_epoch`
			`local input_data`
			`input_data=$(cat)`
			`if echo "$input_data" \| grep -q -- "-----BEGIN CERTIFICATE-----"; then`
			`valid_until_string=$(echo "$input_data" \| openssl x509 -noout -enddate \`
			`\| grep "^notAfter=" \| cut -f 2 -d "=")`
			`if [ -n "$valid_until_string" ]; then`
			`valid_until_epoch=$(date --date="$valid_until_string" +%s)`
			`if [ -n "$valid_until_epoch" ]; then`
			`now_epoch=$(date +%s)`
			`# calculate the number of days left`
			`echo "$valid_until_epoch" "$now_epoch" \| awk '{ print(($1 - $2) / (24 * 3600)); }'`
			`fi`
			`fi`
			`fi`
			`}`


Added a plugin to check SSL certificate expiry times This plugin connects to remote hosts and checks the HTTPS certificate expiry time. Example: https://munin.buddycloud.com/ssl-day.html 2013-08-11 07:55:19 +02:00			`case $1 in`
			`config)`

			`echo "graph_title $SITE SSL Certificate Expire"`
			`echo 'graph_args --base 1000'`
			`echo 'graph_vlabel days left'`
Category Tree: Reduce number of categories mogilefs -> fs (mogilefs) moodle -> cms (moodle) openvz -> virtualization (openvz) wowza -> streaming (wowza) varnish -> webserver (varnish) xbnbt -> torrent (xbnbt) 2017-02-23 15:31:40 +01:00			`echo 'graph_category security'`
Added a plugin to check SSL certificate expiry times This plugin connects to remote hosts and checks the HTTPS certificate expiry time. Example: https://munin.buddycloud.com/ssl-day.html 2013-08-11 07:55:19 +02:00			`echo "graph_info This graph shows the days left for the certificate being served by $SITE"`
			`echo 'expire.label days'`
			`print_warning expire`
			`print_critical expire`

			`exit 0`
			`;;`
			`esac`

[ssl_] Allow to specify ports other than HTTPS Signed-off-by: Olivier Mehani <shtrom@ssji.net> 2016-08-05 05:13:28 +02:00			`cert=$(echo "" \| openssl s_client -CApath /etc/ssl/certs -servername "${SITE}" -connect "${SITE}:${PORT}" 2>/dev/null);`
Added a plugin to check SSL certificate expiry times This plugin connects to remote hosts and checks the HTTPS certificate expiry time. Example: https://munin.buddycloud.com/ssl-day.html 2013-08-11 07:55:19 +02:00
plugins ssl_ and ssl-certificate-expiry: various improvements * simplify date parsing: use "date" instead of awk's "mktime" (requires gawk) * simplify structure * use the same function (copy'n'paste) for both plugins Closes: #893 2018-03-30 01:48:51 +02:00			`days_left=$(echo "$cert" \| parse_valid_days_from_certificate)`
			`[ -n "$days_left" ] \|\| days_left="U"`

			`printf "expire.value %s\n" "$days_left"`