bundles/sshmon: import from work repository

2020-11-09 20:31:06 +01:00 · 2020-11-09 20:31:06 +01:00 · c7362df6c4
commit c7362df6c4
parent eaf268aea9
12 changed files with 773 additions and 0 deletions
--- a/bundles/sshmon/files/check_https_certificate_at_url
+++ b/bundles/sshmon/files/check_https_certificate_at_url
@ -0,0 +1,42 @@
+#!/bin/bash
+
+host=$1
+port=$2
+
+cert=$(echo | openssl s_client -connect "$host":"$port" -servername "$host" 2>/dev/null | openssl x509)
+issuer_hash=$(echo "$cert" | openssl x509 -noout -issuer_hash)
+not_after=$(echo "$cert" | openssl x509 -noout -dates | grep '^notAfter=')
+
+if [[ -z "$cert" ]] || [[ -z "$issuer_hash" ]] || [[ -z "$not_after" ]]
+then
+    echo "UNKNOWN - Could not retrieve certificate! [$host:$port]"
+    exit 3
+fi
+
+warn_days=60
+crit_days=30
+
+case "$issuer_hash" in
+    # issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
+    4f06f81d)
+        warn_days=10
+        crit_days=3
+        ;;
+esac
+
+if ! echo "$cert" | openssl x509 -noout -checkend 0 >/dev/null 2>&1
+then
+    echo "CRITICAL - Certificate has expired! [$host:$port] [$not_after]"
+    exit 2
+elif ! echo "$cert" | openssl x509 -noout -checkend $((86400 * crit_days)) >/dev/null 2>&1
+then
+    echo "CRITICAL - Certificate will expire really soon: [$host:$port] [$not_after]"
+    exit 2
+elif ! echo "$cert" | openssl x509 -noout -checkend $((86400 * warn_days)) >/dev/null 2>&1
+then
+    echo "WARNING - Certificate will expire soon: [$host:$port] [$not_after]"
+    exit 1
+fi
+
+echo "OK - [$host:$port] [$not_after]"
+exit 0