diff options
| author | Erich Eckner <git@eckner.net> | 2020-05-10 10:20:08 +0200 |
|---|---|---|
| committer | Erich Eckner <git@eckner.net> | 2020-05-10 10:57:30 +0200 |
| commit | 2e932e03e18357904786147538f7777b3f7bf8b4 (patch) | |
| tree | 67ab14cebf6a1501c10328da4c2351bd09122533 | |
| parent | c8c2ca6cdb2cc711aca9bc8d03ab5303a1a2574b (diff) | |
| download | crypt-expiry-check-2e932e03e18357904786147538f7777b3f7bf8b4.tar.xz | |
crypt-expiry-check: allow to specify different warning intervals per to-be-checked item
| -rwxr-xr-x | crypt-expiry-check.in | 27 |
1 files changed, 18 insertions, 9 deletions
diff --git a/crypt-expiry-check.in b/crypt-expiry-check.in index 4777ea8..25988ce 100755 --- a/crypt-expiry-check.in +++ b/crypt-expiry-check.in @@ -299,7 +299,7 @@ check_server_status() { set_retcode 3 else - check_file_status ${CERT_TMP} $1 $2 + check_file_status ${CERT_TMP} $1 $2 $3 fi } @@ -315,6 +315,7 @@ check_file_status() { CERTFILE=${1} HOST=${2} PORT=${3} + FWARNDAYS=${4:-${WARNDAYS}} ### Check to make sure the certificate file exists if [ ! -r ${CERTFILE} ] || [ ! -s ${CERTFILE} ] @@ -383,7 +384,7 @@ check_file_status() { prints ${HOST} ${PORT} "Expired" "${CERTDATE}" "${CERTDIFF}" "${CERTISSUER}" "${COMMONNAME}" "${SERIAL}" >> ${STDOUT_TMP} set_retcode 2 - elif [ ${CERTDIFF} -lt ${WARNDAYS} ] + elif [ ${CERTDIFF} -lt ${FWARNDAYS} ] then echo "The SSL certificate for ${HOST} \"(CN: ${COMMONNAME})\" will expire on ${CERTDATE}" >> ${MAILOUT_TMP} prints ${HOST} ${PORT} "Expiring" "${CERTDATE}" "${CERTDIFF}" "${CERTISSUER}" "${COMMONNAME}" "${SERIAL}" >> ${STDOUT_TMP} @@ -404,6 +405,7 @@ check_gpg_key_status() { GPG_COMMAND="${1}" GPG_ADDRESS="${2}" + FWARNDAYS=${3:-${WARNDAYS}} ### Check to make sure gpg is available if [ ! -f "${GPG_COMMAND}" ] @@ -445,7 +447,7 @@ check_gpg_key_status() { prints "GPG" " ${GPG_ADDRESS}" "Expired" "${KEY_DATE_STR}" "${KEY_DIFF}" "" "" "" >> ${STDOUT_TMP} set_retcode 2 - elif [ ${KEY_DIFF} -lt ${WARNDAYS} ] + elif [ ${KEY_DIFF} -lt ${FWARNDAYS} ] then echo "The GPG key for ${GPG_ADDRESS} will expire on ${KEY_DATE_STR}" >> ${MAILOUT_TMP} prints "GPG" " ${GPG_ADDRESS}" "Expiring" "${KEY_DATE_STR}" "${KEY_DIFF}" "" "" "" >> ${STDOUT_TMP} @@ -614,21 +616,28 @@ done for (( i=0; i<${#SERVERFILES[@]}; i++ )) do - while read PORT HOST + while read FWARNDAYS PORT HOST do if [ "${PORT}" = "FILE" ] then - check_file_status "${HOST}" "FILE" "${HOST}" + check_file_status "${HOST}" "FILE" "${HOST}" "${FWARNDAYS}" elif [ "${PORT}" = "GPG" ] then - check_gpg_key_status "${GPG}" "${HOST}" + check_gpg_key_status "${GPG}" "${HOST}" "${FWARNDAYS}" elif [[ "${PORT}" = "GPG:"* ]] then - check_gpg_key_status "$(which ${PORT#*:})" "${HOST}" + check_gpg_key_status "$(which ${PORT#*:})" "${HOST}" "${FWARNDAYS}" else - check_server_status "${HOST}" "${PORT}" + check_server_status "${HOST}" "${PORT}" "${FWARNDAYS}" fi - done < <(sed '/^#|^$/d;s/\(.*\S\) \+\(\S\+\)/\2 \1/' ${SERVERFILES[${i}]}) + done < <( + sed ' + /^#|^$/d + s/^\([0-9]\+\) \+\(.*\S\) \+\(\S\+\)$/\1 \3 \2/ + t + s/^\(.*\S\) \+\(\S\+\)$/'"${WARNDAYS}"' \2 \1/ + ' ${SERVERFILES[${i}]} + ) done for (( i=0; i<${#CERTFILES[@]}; i++ )) |