diff -Nur smeserver-zabbix-agent-0.1/root/etc/e-smith/templates/etc/zabbix/zabbix_agentd.conf/90UserParameters_certExpire smeserver-zabbix-agent-0.1_mod/root/etc/e-smith/templates/etc/zabbix/zabbix_agentd.conf/90UserParameters_certExpire --- smeserver-zabbix-agent-0.1/root/etc/e-smith/templates/etc/zabbix/zabbix_agentd.conf/90UserParameters_certExpire 1970-01-01 01:00:00.000000000 +0100 +++ smeserver-zabbix-agent-0.1_mod/root/etc/e-smith/templates/etc/zabbix/zabbix_agentd.conf/90UserParameters_certExpire 2012-06-07 17:57:15.655057818 +0200 @@ -0,0 +1,13 @@ +# Certificate expiration + +# Description: Remaining days +# Type: Agent or Agent (active) +# Key: crt.expire[] +# Type of information: Numeric (integer 64bit) +# Units: days +# Use multiplier: No +# Update interval: 86400 +# Store Value: As is +# Show Value: As is + +UserParameter=crt.expire[*],/var/lib/zabbix/bin/cert_expire.pl -p $1 diff -Nur smeserver-zabbix-agent-0.1/root/var/lib/zabbix/bin/cert_expire.pl smeserver-zabbix-agent-0.1_mod/root/var/lib/zabbix/bin/cert_expire.pl --- smeserver-zabbix-agent-0.1/root/var/lib/zabbix/bin/cert_expire.pl 1970-01-01 01:00:00.000000000 +0100 +++ smeserver-zabbix-agent-0.1_mod/root/var/lib/zabbix/bin/cert_expire.pl 2012-06-07 17:38:47.540200078 +0200 @@ -0,0 +1,142 @@ +#!/usr/bin/perl -w +# Check peer certificate validity for Zabbix +# Require perl module : IO::Socket, Net::SSLeay, Date::Parse +# Require unix programs : openssl, echo, sendmail +# +# Based on sslexpire from Emmanuel Lacour +# +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 2, or (at your option) any +# later version. +# +# This file is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied warranty +# of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this file; see the file COPYING. If not, write to the Free +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA +# 02110-1301, USA. +# + + +use strict; +use IO::Socket; +use Net::SSLeay; +use Getopt::Long; +use Date::Parse; + +Net::SSLeay::SSLeay_add_ssl_algorithms(); +Net::SSLeay::randomize(); + +# Default values +my $opensslpath = "/usr/bin/openssl"; + +my $host = '127.0.0.1'; +my $port = '443'; + +my %opts; +GetOptions (\%opts, + 'host|h=s', + 'port|p=s', + 'help', +); + +if ($opts{'host'}) { + $host = $opts{'host'}; +} +if ($opts{'port'}){ + $port = $opts{'port'}; +} + +if ($opts{'help'}) { + &usage; +} + +# Print program usage +sub usage { + print "Usage: sslexpire [OPTION]... +-h, --host=HOST check this host +-p, --port=TCPPORT check this port on the previous host + --help print this help, then exit +"; + exit; +} + + +# This will return the expiration date +sub getExpire { + + my ($l_host,$l_port) = @_; + my ($l_expdate,$l_comment); + + # Connect to $l_host:$l_port + my $socket = IO::Socket::INET->new( + Proto => "tcp", + PeerAddr => $l_host, + PeerPort => $l_port + ); + # If we connected successfully + if ($socket) { + # Intiate ssl + my $l_ctx = Net::SSLeay::CTX_new(); + my $l_ssl = Net::SSLeay::new($l_ctx); + + Net::SSLeay::set_fd($l_ssl, fileno($socket)); + my $res = Net::SSLeay::connect($l_ssl); + + # Get peer certificate + my $l_x509 = Net::SSLeay::get_peer_certificate($l_ssl); + if ($l_x509) { + my $l_string = Net::SSLeay::PEM_get_string_X509($l_x509); + # Get the expiration date, using openssl + $l_expdate = `echo "$l_string" | $opensslpath x509 -enddate -noout 2>&1`; + $l_expdate =~ s/.*=//; + chomp($l_expdate); + } + else { + $l_expdate = 1; + } + + # Close and cleanup + Net::SSLeay::free($l_ssl); + Net::SSLeay::CTX_free($l_ctx); + close $socket; + } + else { + $l_expdate = 1; + } + return $l_expdate; +} + + +# Print remaining days before expiration +sub report { + # Convert date into epoch using date command + my ($l_expdate) = @_; + + if ($l_expdate ne "1") { + # The current date + my $l_today = time; + my $l_epochdate = str2time($l_expdate); + + # Calculate diff between expiration date and today + my $l_diff = ($l_epochdate - $l_today)/(3600*24); + + # Report if needed + printf "%.0f\n", $l_diff; + } + else { + print "Unable to read certificate!\n"; + exit (1); + } +} + +# Get expiration date +my $expdate = getExpire($host,$port); + +# Report +report("$expdate"); +