/[smecontribs]/rpms/smeserver-zabbix-agent/contribs7/smeserver-zabbix-agent-0.1-check_crt_expiration.patch
ViewVC logotype

Contents of /rpms/smeserver-zabbix-agent/contribs7/smeserver-zabbix-agent-0.1-check_crt_expiration.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (show annotations) (download)
Thu Jun 7 16:23:16 2012 UTC (12 years, 5 months ago) by vip-ire
Branch: MAIN
CVS Tags: smeserver-zabbix-agent-0_1-51_el4_sme, smeserver-zabbix-agent-0_1-52_el4_sme, HEAD
Error occurred while calculating annotation data.
* Thu Jun 7 2012 Daniel B. <daniel@firewall-services.com> - 0.1-51.sme
- Add certificate expiration script

1 diff -Nur smeserver-zabbix-agent-0.1/root/etc/e-smith/templates/etc/zabbix/zabbix_agentd.conf/90UserParameters_certExpire smeserver-zabbix-agent-0.1_mod/root/etc/e-smith/templates/etc/zabbix/zabbix_agentd.conf/90UserParameters_certExpire
2 --- smeserver-zabbix-agent-0.1/root/etc/e-smith/templates/etc/zabbix/zabbix_agentd.conf/90UserParameters_certExpire 1970-01-01 01:00:00.000000000 +0100
3 +++ smeserver-zabbix-agent-0.1_mod/root/etc/e-smith/templates/etc/zabbix/zabbix_agentd.conf/90UserParameters_certExpire 2012-06-07 17:57:15.655057818 +0200
4 @@ -0,0 +1,13 @@
5 +# Certificate expiration
6 +
7 +# Description: Remaining days
8 +# Type: Agent or Agent (active)
9 +# Key: crt.expire[<port>]
10 +# Type of information: Numeric (integer 64bit)
11 +# Units: days
12 +# Use multiplier: No
13 +# Update interval: 86400
14 +# Store Value: As is
15 +# Show Value: As is
16 +
17 +UserParameter=crt.expire[*],/var/lib/zabbix/bin/cert_expire.pl -p $1
18 diff -Nur smeserver-zabbix-agent-0.1/root/var/lib/zabbix/bin/cert_expire.pl smeserver-zabbix-agent-0.1_mod/root/var/lib/zabbix/bin/cert_expire.pl
19 --- smeserver-zabbix-agent-0.1/root/var/lib/zabbix/bin/cert_expire.pl 1970-01-01 01:00:00.000000000 +0100
20 +++ smeserver-zabbix-agent-0.1_mod/root/var/lib/zabbix/bin/cert_expire.pl 2012-06-07 17:38:47.540200078 +0200
21 @@ -0,0 +1,142 @@
22 +#!/usr/bin/perl -w
23 +# Check peer certificate validity for Zabbix
24 +# Require perl module : IO::Socket, Net::SSLeay, Date::Parse
25 +# Require unix programs : openssl, echo, sendmail
26 +#
27 +# Based on sslexpire from Emmanuel Lacour <elacour@home-dn.net>
28 +#
29 +# This file is free software; you can redistribute it and/or modify it
30 +# under the terms of the GNU General Public License as published by the
31 +# Free Software Foundation; either version 2, or (at your option) any
32 +# later version.
33 +#
34 +# This file is distributed in the hope that it will be
35 +# useful, but WITHOUT ANY WARRANTY; without even the implied warranty
36 +# of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
37 +# General Public License for more details.
38 +#
39 +# You should have received a copy of the GNU General Public License
40 +# along with this file; see the file COPYING. If not, write to the Free
41 +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
42 +# 02110-1301, USA.
43 +#
44 +
45 +
46 +use strict;
47 +use IO::Socket;
48 +use Net::SSLeay;
49 +use Getopt::Long;
50 +use Date::Parse;
51 +
52 +Net::SSLeay::SSLeay_add_ssl_algorithms();
53 +Net::SSLeay::randomize();
54 +
55 +# Default values
56 +my $opensslpath = "/usr/bin/openssl";
57 +
58 +my $host = '127.0.0.1';
59 +my $port = '443';
60 +
61 +my %opts;
62 +GetOptions (\%opts,
63 + 'host|h=s',
64 + 'port|p=s',
65 + 'help',
66 +);
67 +
68 +if ($opts{'host'}) {
69 + $host = $opts{'host'};
70 +}
71 +if ($opts{'port'}){
72 + $port = $opts{'port'};
73 +}
74 +
75 +if ($opts{'help'}) {
76 + &usage;
77 +}
78 +
79 +# Print program usage
80 +sub usage {
81 + print "Usage: sslexpire [OPTION]...
82 +-h, --host=HOST check this host
83 +-p, --port=TCPPORT check this port on the previous host
84 + --help print this help, then exit
85 +";
86 + exit;
87 +}
88 +
89 +
90 +# This will return the expiration date
91 +sub getExpire {
92 +
93 + my ($l_host,$l_port) = @_;
94 + my ($l_expdate,$l_comment);
95 +
96 + # Connect to $l_host:$l_port
97 + my $socket = IO::Socket::INET->new(
98 + Proto => "tcp",
99 + PeerAddr => $l_host,
100 + PeerPort => $l_port
101 + );
102 + # If we connected successfully
103 + if ($socket) {
104 + # Intiate ssl
105 + my $l_ctx = Net::SSLeay::CTX_new();
106 + my $l_ssl = Net::SSLeay::new($l_ctx);
107 +
108 + Net::SSLeay::set_fd($l_ssl, fileno($socket));
109 + my $res = Net::SSLeay::connect($l_ssl);
110 +
111 + # Get peer certificate
112 + my $l_x509 = Net::SSLeay::get_peer_certificate($l_ssl);
113 + if ($l_x509) {
114 + my $l_string = Net::SSLeay::PEM_get_string_X509($l_x509);
115 + # Get the expiration date, using openssl
116 + $l_expdate = `echo "$l_string" | $opensslpath x509 -enddate -noout 2>&1`;
117 + $l_expdate =~ s/.*=//;
118 + chomp($l_expdate);
119 + }
120 + else {
121 + $l_expdate = 1;
122 + }
123 +
124 + # Close and cleanup
125 + Net::SSLeay::free($l_ssl);
126 + Net::SSLeay::CTX_free($l_ctx);
127 + close $socket;
128 + }
129 + else {
130 + $l_expdate = 1;
131 + }
132 + return $l_expdate;
133 +}
134 +
135 +
136 +# Print remaining days before expiration
137 +sub report {
138 + # Convert date into epoch using date command
139 + my ($l_expdate) = @_;
140 +
141 + if ($l_expdate ne "1") {
142 + # The current date
143 + my $l_today = time;
144 + my $l_epochdate = str2time($l_expdate);
145 +
146 + # Calculate diff between expiration date and today
147 + my $l_diff = ($l_epochdate - $l_today)/(3600*24);
148 +
149 + # Report if needed
150 + printf "%.0f\n", $l_diff;
151 + }
152 + else {
153 + print "Unable to read certificate!\n";
154 + exit (1);
155 + }
156 +}
157 +
158 +# Get expiration date
159 +my $expdate = getExpire($host,$port);
160 +
161 +# Report
162 +report("$expdate");
163 +

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed