| 1 |
vip-ire |
1.1 |
diff -Nur smeserver-zabbix-agent-0.1/root/etc/e-smith/templates/etc/zabbix/zabbix_agentd.conf/90UserParameters_certExpire smeserver-zabbix-agent-0.1_mod/root/etc/e-smith/templates/etc/zabbix/zabbix_agentd.conf/90UserParameters_certExpire |
| 2 |
|
|
--- smeserver-zabbix-agent-0.1/root/etc/e-smith/templates/etc/zabbix/zabbix_agentd.conf/90UserParameters_certExpire 1970-01-01 01:00:00.000000000 +0100 |
| 3 |
|
|
+++ smeserver-zabbix-agent-0.1_mod/root/etc/e-smith/templates/etc/zabbix/zabbix_agentd.conf/90UserParameters_certExpire 2012-06-07 17:57:15.655057818 +0200 |
| 4 |
|
|
@@ -0,0 +1,13 @@ |
| 5 |
|
|
+# Certificate expiration |
| 6 |
|
|
+ |
| 7 |
|
|
+# Description: Remaining days |
| 8 |
|
|
+# Type: Agent or Agent (active) |
| 9 |
|
|
+# Key: crt.expire[<port>] |
| 10 |
|
|
+# Type of information: Numeric (integer 64bit) |
| 11 |
|
|
+# Units: days |
| 12 |
|
|
+# Use multiplier: No |
| 13 |
|
|
+# Update interval: 86400 |
| 14 |
|
|
+# Store Value: As is |
| 15 |
|
|
+# Show Value: As is |
| 16 |
|
|
+ |
| 17 |
|
|
+UserParameter=crt.expire[*],/var/lib/zabbix/bin/cert_expire.pl -p $1 |
| 18 |
|
|
diff -Nur smeserver-zabbix-agent-0.1/root/var/lib/zabbix/bin/cert_expire.pl smeserver-zabbix-agent-0.1_mod/root/var/lib/zabbix/bin/cert_expire.pl |
| 19 |
|
|
--- smeserver-zabbix-agent-0.1/root/var/lib/zabbix/bin/cert_expire.pl 1970-01-01 01:00:00.000000000 +0100 |
| 20 |
|
|
+++ smeserver-zabbix-agent-0.1_mod/root/var/lib/zabbix/bin/cert_expire.pl 2012-06-07 17:38:47.540200078 +0200 |
| 21 |
|
|
@@ -0,0 +1,142 @@ |
| 22 |
|
|
+#!/usr/bin/perl -w |
| 23 |
|
|
+# Check peer certificate validity for Zabbix |
| 24 |
|
|
+# Require perl module : IO::Socket, Net::SSLeay, Date::Parse |
| 25 |
|
|
+# Require unix programs : openssl, echo, sendmail |
| 26 |
|
|
+# |
| 27 |
|
|
+# Based on sslexpire from Emmanuel Lacour <elacour@home-dn.net> |
| 28 |
|
|
+# |
| 29 |
|
|
+# This file is free software; you can redistribute it and/or modify it |
| 30 |
|
|
+# under the terms of the GNU General Public License as published by the |
| 31 |
|
|
+# Free Software Foundation; either version 2, or (at your option) any |
| 32 |
|
|
+# later version. |
| 33 |
|
|
+# |
| 34 |
|
|
+# This file is distributed in the hope that it will be |
| 35 |
|
|
+# useful, but WITHOUT ANY WARRANTY; without even the implied warranty |
| 36 |
|
|
+# of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| 37 |
|
|
+# General Public License for more details. |
| 38 |
|
|
+# |
| 39 |
|
|
+# You should have received a copy of the GNU General Public License |
| 40 |
|
|
+# along with this file; see the file COPYING. If not, write to the Free |
| 41 |
|
|
+# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA |
| 42 |
|
|
+# 02110-1301, USA. |
| 43 |
|
|
+# |
| 44 |
|
|
+ |
| 45 |
|
|
+ |
| 46 |
|
|
+use strict; |
| 47 |
|
|
+use IO::Socket; |
| 48 |
|
|
+use Net::SSLeay; |
| 49 |
|
|
+use Getopt::Long; |
| 50 |
|
|
+use Date::Parse; |
| 51 |
|
|
+ |
| 52 |
|
|
+Net::SSLeay::SSLeay_add_ssl_algorithms(); |
| 53 |
|
|
+Net::SSLeay::randomize(); |
| 54 |
|
|
+ |
| 55 |
|
|
+# Default values |
| 56 |
|
|
+my $opensslpath = "/usr/bin/openssl"; |
| 57 |
|
|
+ |
| 58 |
|
|
+my $host = '127.0.0.1'; |
| 59 |
|
|
+my $port = '443'; |
| 60 |
|
|
+ |
| 61 |
|
|
+my %opts; |
| 62 |
|
|
+GetOptions (\%opts, |
| 63 |
|
|
+ 'host|h=s', |
| 64 |
|
|
+ 'port|p=s', |
| 65 |
|
|
+ 'help', |
| 66 |
|
|
+); |
| 67 |
|
|
+ |
| 68 |
|
|
+if ($opts{'host'}) { |
| 69 |
|
|
+ $host = $opts{'host'}; |
| 70 |
|
|
+} |
| 71 |
|
|
+if ($opts{'port'}){ |
| 72 |
|
|
+ $port = $opts{'port'}; |
| 73 |
|
|
+} |
| 74 |
|
|
+ |
| 75 |
|
|
+if ($opts{'help'}) { |
| 76 |
|
|
+ &usage; |
| 77 |
|
|
+} |
| 78 |
|
|
+ |
| 79 |
|
|
+# Print program usage |
| 80 |
|
|
+sub usage { |
| 81 |
|
|
+ print "Usage: sslexpire [OPTION]... |
| 82 |
|
|
+-h, --host=HOST check this host |
| 83 |
|
|
+-p, --port=TCPPORT check this port on the previous host |
| 84 |
|
|
+ --help print this help, then exit |
| 85 |
|
|
+"; |
| 86 |
|
|
+ exit; |
| 87 |
|
|
+} |
| 88 |
|
|
+ |
| 89 |
|
|
+ |
| 90 |
|
|
+# This will return the expiration date |
| 91 |
|
|
+sub getExpire { |
| 92 |
|
|
+ |
| 93 |
|
|
+ my ($l_host,$l_port) = @_; |
| 94 |
|
|
+ my ($l_expdate,$l_comment); |
| 95 |
|
|
+ |
| 96 |
|
|
+ # Connect to $l_host:$l_port |
| 97 |
|
|
+ my $socket = IO::Socket::INET->new( |
| 98 |
|
|
+ Proto => "tcp", |
| 99 |
|
|
+ PeerAddr => $l_host, |
| 100 |
|
|
+ PeerPort => $l_port |
| 101 |
|
|
+ ); |
| 102 |
|
|
+ # If we connected successfully |
| 103 |
|
|
+ if ($socket) { |
| 104 |
|
|
+ # Intiate ssl |
| 105 |
|
|
+ my $l_ctx = Net::SSLeay::CTX_new(); |
| 106 |
|
|
+ my $l_ssl = Net::SSLeay::new($l_ctx); |
| 107 |
|
|
+ |
| 108 |
|
|
+ Net::SSLeay::set_fd($l_ssl, fileno($socket)); |
| 109 |
|
|
+ my $res = Net::SSLeay::connect($l_ssl); |
| 110 |
|
|
+ |
| 111 |
|
|
+ # Get peer certificate |
| 112 |
|
|
+ my $l_x509 = Net::SSLeay::get_peer_certificate($l_ssl); |
| 113 |
|
|
+ if ($l_x509) { |
| 114 |
|
|
+ my $l_string = Net::SSLeay::PEM_get_string_X509($l_x509); |
| 115 |
|
|
+ # Get the expiration date, using openssl |
| 116 |
|
|
+ $l_expdate = `echo "$l_string" | $opensslpath x509 -enddate -noout 2>&1`; |
| 117 |
|
|
+ $l_expdate =~ s/.*=//; |
| 118 |
|
|
+ chomp($l_expdate); |
| 119 |
|
|
+ } |
| 120 |
|
|
+ else { |
| 121 |
|
|
+ $l_expdate = 1; |
| 122 |
|
|
+ } |
| 123 |
|
|
+ |
| 124 |
|
|
+ # Close and cleanup |
| 125 |
|
|
+ Net::SSLeay::free($l_ssl); |
| 126 |
|
|
+ Net::SSLeay::CTX_free($l_ctx); |
| 127 |
|
|
+ close $socket; |
| 128 |
|
|
+ } |
| 129 |
|
|
+ else { |
| 130 |
|
|
+ $l_expdate = 1; |
| 131 |
|
|
+ } |
| 132 |
|
|
+ return $l_expdate; |
| 133 |
|
|
+} |
| 134 |
|
|
+ |
| 135 |
|
|
+ |
| 136 |
|
|
+# Print remaining days before expiration |
| 137 |
|
|
+sub report { |
| 138 |
|
|
+ # Convert date into epoch using date command |
| 139 |
|
|
+ my ($l_expdate) = @_; |
| 140 |
|
|
+ |
| 141 |
|
|
+ if ($l_expdate ne "1") { |
| 142 |
|
|
+ # The current date |
| 143 |
|
|
+ my $l_today = time; |
| 144 |
|
|
+ my $l_epochdate = str2time($l_expdate); |
| 145 |
|
|
+ |
| 146 |
|
|
+ # Calculate diff between expiration date and today |
| 147 |
|
|
+ my $l_diff = ($l_epochdate - $l_today)/(3600*24); |
| 148 |
|
|
+ |
| 149 |
|
|
+ # Report if needed |
| 150 |
|
|
+ printf "%.0f\n", $l_diff; |
| 151 |
|
|
+ } |
| 152 |
|
|
+ else { |
| 153 |
|
|
+ print "Unable to read certificate!\n"; |
| 154 |
|
|
+ exit (1); |
| 155 |
|
|
+ } |
| 156 |
|
|
+} |
| 157 |
|
|
+ |
| 158 |
|
|
+# Get expiration date |
| 159 |
|
|
+my $expdate = getExpire($host,$port); |
| 160 |
|
|
+ |
| 161 |
|
|
+# Report |
| 162 |
|
|
+report("$expdate"); |
| 163 |
|
|
+ |
Parent Directory
| 
Revision Log
| 
Revision Graph
