1 |
diff -Nur smeserver-zabbix-agent-0.1/root/etc/e-smith/templates/etc/zabbix/zabbix_agentd.conf/90UserParameters_certExpire smeserver-zabbix-agent-0.1_mod/root/etc/e-smith/templates/etc/zabbix/zabbix_agentd.conf/90UserParameters_certExpire |
2 |
--- smeserver-zabbix-agent-0.1/root/etc/e-smith/templates/etc/zabbix/zabbix_agentd.conf/90UserParameters_certExpire 1970-01-01 01:00:00.000000000 +0100 |
3 |
+++ smeserver-zabbix-agent-0.1_mod/root/etc/e-smith/templates/etc/zabbix/zabbix_agentd.conf/90UserParameters_certExpire 2012-06-07 17:57:15.655057818 +0200 |
4 |
@@ -0,0 +1,13 @@ |
5 |
+# Certificate expiration |
6 |
+ |
7 |
+# Description: Remaining days |
8 |
+# Type: Agent or Agent (active) |
9 |
+# Key: crt.expire[<port>] |
10 |
+# Type of information: Numeric (integer 64bit) |
11 |
+# Units: days |
12 |
+# Use multiplier: No |
13 |
+# Update interval: 86400 |
14 |
+# Store Value: As is |
15 |
+# Show Value: As is |
16 |
+ |
17 |
+UserParameter=crt.expire[*],/var/lib/zabbix/bin/cert_expire.pl -p $1 |
18 |
diff -Nur smeserver-zabbix-agent-0.1/root/var/lib/zabbix/bin/cert_expire.pl smeserver-zabbix-agent-0.1_mod/root/var/lib/zabbix/bin/cert_expire.pl |
19 |
--- smeserver-zabbix-agent-0.1/root/var/lib/zabbix/bin/cert_expire.pl 1970-01-01 01:00:00.000000000 +0100 |
20 |
+++ smeserver-zabbix-agent-0.1_mod/root/var/lib/zabbix/bin/cert_expire.pl 2012-06-07 17:38:47.540200078 +0200 |
21 |
@@ -0,0 +1,142 @@ |
22 |
+#!/usr/bin/perl -w |
23 |
+# Check peer certificate validity for Zabbix |
24 |
+# Require perl module : IO::Socket, Net::SSLeay, Date::Parse |
25 |
+# Require unix programs : openssl, echo, sendmail |
26 |
+# |
27 |
+# Based on sslexpire from Emmanuel Lacour <elacour@home-dn.net> |
28 |
+# |
29 |
+# This file is free software; you can redistribute it and/or modify it |
30 |
+# under the terms of the GNU General Public License as published by the |
31 |
+# Free Software Foundation; either version 2, or (at your option) any |
32 |
+# later version. |
33 |
+# |
34 |
+# This file is distributed in the hope that it will be |
35 |
+# useful, but WITHOUT ANY WARRANTY; without even the implied warranty |
36 |
+# of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
37 |
+# General Public License for more details. |
38 |
+# |
39 |
+# You should have received a copy of the GNU General Public License |
40 |
+# along with this file; see the file COPYING. If not, write to the Free |
41 |
+# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA |
42 |
+# 02110-1301, USA. |
43 |
+# |
44 |
+ |
45 |
+ |
46 |
+use strict; |
47 |
+use IO::Socket; |
48 |
+use Net::SSLeay; |
49 |
+use Getopt::Long; |
50 |
+use Date::Parse; |
51 |
+ |
52 |
+Net::SSLeay::SSLeay_add_ssl_algorithms(); |
53 |
+Net::SSLeay::randomize(); |
54 |
+ |
55 |
+# Default values |
56 |
+my $opensslpath = "/usr/bin/openssl"; |
57 |
+ |
58 |
+my $host = '127.0.0.1'; |
59 |
+my $port = '443'; |
60 |
+ |
61 |
+my %opts; |
62 |
+GetOptions (\%opts, |
63 |
+ 'host|h=s', |
64 |
+ 'port|p=s', |
65 |
+ 'help', |
66 |
+); |
67 |
+ |
68 |
+if ($opts{'host'}) { |
69 |
+ $host = $opts{'host'}; |
70 |
+} |
71 |
+if ($opts{'port'}){ |
72 |
+ $port = $opts{'port'}; |
73 |
+} |
74 |
+ |
75 |
+if ($opts{'help'}) { |
76 |
+ &usage; |
77 |
+} |
78 |
+ |
79 |
+# Print program usage |
80 |
+sub usage { |
81 |
+ print "Usage: sslexpire [OPTION]... |
82 |
+-h, --host=HOST check this host |
83 |
+-p, --port=TCPPORT check this port on the previous host |
84 |
+ --help print this help, then exit |
85 |
+"; |
86 |
+ exit; |
87 |
+} |
88 |
+ |
89 |
+ |
90 |
+# This will return the expiration date |
91 |
+sub getExpire { |
92 |
+ |
93 |
+ my ($l_host,$l_port) = @_; |
94 |
+ my ($l_expdate,$l_comment); |
95 |
+ |
96 |
+ # Connect to $l_host:$l_port |
97 |
+ my $socket = IO::Socket::INET->new( |
98 |
+ Proto => "tcp", |
99 |
+ PeerAddr => $l_host, |
100 |
+ PeerPort => $l_port |
101 |
+ ); |
102 |
+ # If we connected successfully |
103 |
+ if ($socket) { |
104 |
+ # Intiate ssl |
105 |
+ my $l_ctx = Net::SSLeay::CTX_new(); |
106 |
+ my $l_ssl = Net::SSLeay::new($l_ctx); |
107 |
+ |
108 |
+ Net::SSLeay::set_fd($l_ssl, fileno($socket)); |
109 |
+ my $res = Net::SSLeay::connect($l_ssl); |
110 |
+ |
111 |
+ # Get peer certificate |
112 |
+ my $l_x509 = Net::SSLeay::get_peer_certificate($l_ssl); |
113 |
+ if ($l_x509) { |
114 |
+ my $l_string = Net::SSLeay::PEM_get_string_X509($l_x509); |
115 |
+ # Get the expiration date, using openssl |
116 |
+ $l_expdate = `echo "$l_string" | $opensslpath x509 -enddate -noout 2>&1`; |
117 |
+ $l_expdate =~ s/.*=//; |
118 |
+ chomp($l_expdate); |
119 |
+ } |
120 |
+ else { |
121 |
+ $l_expdate = 1; |
122 |
+ } |
123 |
+ |
124 |
+ # Close and cleanup |
125 |
+ Net::SSLeay::free($l_ssl); |
126 |
+ Net::SSLeay::CTX_free($l_ctx); |
127 |
+ close $socket; |
128 |
+ } |
129 |
+ else { |
130 |
+ $l_expdate = 1; |
131 |
+ } |
132 |
+ return $l_expdate; |
133 |
+} |
134 |
+ |
135 |
+ |
136 |
+# Print remaining days before expiration |
137 |
+sub report { |
138 |
+ # Convert date into epoch using date command |
139 |
+ my ($l_expdate) = @_; |
140 |
+ |
141 |
+ if ($l_expdate ne "1") { |
142 |
+ # The current date |
143 |
+ my $l_today = time; |
144 |
+ my $l_epochdate = str2time($l_expdate); |
145 |
+ |
146 |
+ # Calculate diff between expiration date and today |
147 |
+ my $l_diff = ($l_epochdate - $l_today)/(3600*24); |
148 |
+ |
149 |
+ # Report if needed |
150 |
+ printf "%.0f\n", $l_diff; |
151 |
+ } |
152 |
+ else { |
153 |
+ print "Unable to read certificate!\n"; |
154 |
+ exit (1); |
155 |
+ } |
156 |
+} |
157 |
+ |
158 |
+# Get expiration date |
159 |
+my $expdate = getExpire($host,$port); |
160 |
+ |
161 |
+# Report |
162 |
+report("$expdate"); |
163 |
+ |