summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorErich Eckner <git@eckner.net>2020-05-10 10:20:08 +0200
committerErich Eckner <git@eckner.net>2020-05-10 10:57:30 +0200
commit2e932e03e18357904786147538f7777b3f7bf8b4 (patch)
tree67ab14cebf6a1501c10328da4c2351bd09122533
parentc8c2ca6cdb2cc711aca9bc8d03ab5303a1a2574b (diff)
downloadcrypt-expiry-check-2e932e03e18357904786147538f7777b3f7bf8b4.tar.xz
crypt-expiry-check: allow to specify different warning intervals per to-be-checked item
-rwxr-xr-xcrypt-expiry-check.in27
1 files changed, 18 insertions, 9 deletions
diff --git a/crypt-expiry-check.in b/crypt-expiry-check.in
index 4777ea8..25988ce 100755
--- a/crypt-expiry-check.in
+++ b/crypt-expiry-check.in
@@ -299,7 +299,7 @@ check_server_status() {
set_retcode 3
else
- check_file_status ${CERT_TMP} $1 $2
+ check_file_status ${CERT_TMP} $1 $2 $3
fi
}
@@ -315,6 +315,7 @@ check_file_status() {
CERTFILE=${1}
HOST=${2}
PORT=${3}
+ FWARNDAYS=${4:-${WARNDAYS}}
### Check to make sure the certificate file exists
if [ ! -r ${CERTFILE} ] || [ ! -s ${CERTFILE} ]
@@ -383,7 +384,7 @@ check_file_status() {
prints ${HOST} ${PORT} "Expired" "${CERTDATE}" "${CERTDIFF}" "${CERTISSUER}" "${COMMONNAME}" "${SERIAL}" >> ${STDOUT_TMP}
set_retcode 2
- elif [ ${CERTDIFF} -lt ${WARNDAYS} ]
+ elif [ ${CERTDIFF} -lt ${FWARNDAYS} ]
then
echo "The SSL certificate for ${HOST} \"(CN: ${COMMONNAME})\" will expire on ${CERTDATE}" >> ${MAILOUT_TMP}
prints ${HOST} ${PORT} "Expiring" "${CERTDATE}" "${CERTDIFF}" "${CERTISSUER}" "${COMMONNAME}" "${SERIAL}" >> ${STDOUT_TMP}
@@ -404,6 +405,7 @@ check_gpg_key_status() {
GPG_COMMAND="${1}"
GPG_ADDRESS="${2}"
+ FWARNDAYS=${3:-${WARNDAYS}}
### Check to make sure gpg is available
if [ ! -f "${GPG_COMMAND}" ]
@@ -445,7 +447,7 @@ check_gpg_key_status() {
prints "GPG" " ${GPG_ADDRESS}" "Expired" "${KEY_DATE_STR}" "${KEY_DIFF}" "" "" "" >> ${STDOUT_TMP}
set_retcode 2
- elif [ ${KEY_DIFF} -lt ${WARNDAYS} ]
+ elif [ ${KEY_DIFF} -lt ${FWARNDAYS} ]
then
echo "The GPG key for ${GPG_ADDRESS} will expire on ${KEY_DATE_STR}" >> ${MAILOUT_TMP}
prints "GPG" " ${GPG_ADDRESS}" "Expiring" "${KEY_DATE_STR}" "${KEY_DIFF}" "" "" "" >> ${STDOUT_TMP}
@@ -614,21 +616,28 @@ done
for (( i=0; i<${#SERVERFILES[@]}; i++ ))
do
- while read PORT HOST
+ while read FWARNDAYS PORT HOST
do
if [ "${PORT}" = "FILE" ]
then
- check_file_status "${HOST}" "FILE" "${HOST}"
+ check_file_status "${HOST}" "FILE" "${HOST}" "${FWARNDAYS}"
elif [ "${PORT}" = "GPG" ]
then
- check_gpg_key_status "${GPG}" "${HOST}"
+ check_gpg_key_status "${GPG}" "${HOST}" "${FWARNDAYS}"
elif [[ "${PORT}" = "GPG:"* ]]
then
- check_gpg_key_status "$(which ${PORT#*:})" "${HOST}"
+ check_gpg_key_status "$(which ${PORT#*:})" "${HOST}" "${FWARNDAYS}"
else
- check_server_status "${HOST}" "${PORT}"
+ check_server_status "${HOST}" "${PORT}" "${FWARNDAYS}"
fi
- done < <(sed '/^#|^$/d;s/\(.*\S\) \+\(\S\+\)/\2 \1/' ${SERVERFILES[${i}]})
+ done < <(
+ sed '
+ /^#|^$/d
+ s/^\([0-9]\+\) \+\(.*\S\) \+\(\S\+\)$/\1 \3 \2/
+ t
+ s/^\(.*\S\) \+\(\S\+\)$/'"${WARNDAYS}"' \2 \1/
+ ' ${SERVERFILES[${i}]}
+ )
done
for (( i=0; i<${#CERTFILES[@]}; i++ ))