summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorErich Eckner <git@eckner.net>2022-02-06 15:08:31 +0100
committerErich Eckner <git@eckner.net>2022-02-06 15:08:31 +0100
commitae364309616f04eace10ab78e641fa7378367a23 (patch)
tree7b0ac3b88117f7b7b289735a5e86ee26ce07a5d6
parentb7f4ccb09f01f5cf53192ec1b22b015cba4b3f6c (diff)
downloadcrypt-expiry-check-ae364309616f04eace10ab78e641fa7378367a23.tar.xz
nginx neu - aber nocht nicht perfekt
-rwxr-xr-xcrypt-expiry-check.in42
1 files changed, 40 insertions, 2 deletions
diff --git a/crypt-expiry-check.in b/crypt-expiry-check.in
index 3846d7f..34694cb 100755
--- a/crypt-expiry-check.in
+++ b/crypt-expiry-check.in
@@ -208,6 +208,7 @@ usage()
>&2 echo " -i Print the issuer of the certificate"
>&2 echo " -k password PKCS12 file password"
>&2 echo " -n Run as a Nagios plugin"
+ >&2 echo " -N directory Check nginx certificates in directory's config files."
>&2 echo " -q Don't print anything on the console"
>&2 echo " -s commmon_name:port Server and Port to connect to (interactive mode)"
>&2 echo " -t type Specify the certificate type"
@@ -330,6 +331,31 @@ check_remote_file_status() {
}
#####################################################
+### Check the expiration status of nginx certificates
+### Accepts one parameter:
+### $1 -> directory to nginx configurations
+#####################################################
+
+check_nginx_configuration() {
+ CONFIGDIR=${1}
+ FWARNDAYS=${2:-${WARNDAYS}}
+
+ find "${CONFIGDIR}" \
+ \( -type f -o -type l \) \
+ -exec sed -n '
+ s/^.*\bssl_certificate\s\+//
+ T
+ s/;.*$//
+ T
+ s@^@{} @
+ p
+ ' {} \; \
+ | while read -r config_file cert_file; do
+ check_file_status "${cert_file}" 'NGINX' "${config_file##*/}" "${WARNDAYS}"
+ done
+}
+
+#####################################################
### Check the expiration status of a certificate file
### Accepts three parameters:
### $1 -> certificate file to process
@@ -487,7 +513,7 @@ check_gpg_key_status() {
#################################
### Start of main program
#################################
-while getopts abc:e:f:g:G:hik:nqr:s:t:x:v:VZ option
+while getopts abc:e:f:g:G:hik:nN:qr:s:t:x:v:VZ option
do
case "${option}"
in
@@ -523,6 +549,9 @@ do
n)
NAGIOS=true
;;
+ N)
+ NGINXDIRS[${#NGINXDIRS[@]}]=${OPTARG}
+ ;;
q)
QUIET=true
;;
@@ -629,7 +658,7 @@ else
exit 1
fi
-if [ $[${#HOSTS[@]} + ${#SERVERFILES[@]} + ${#CERTFILES[@]} + ${#REMOTECERTFILES[@]} + ${#CHECKADDRESSES[@]}] -eq 0 ]
+if [ $[${#HOSTS[@]} + ${#SERVERFILES[@]} + ${#CERTFILES[@]} + ${#REMOTECERTFILES[@]} + ${#CHECKADDRESSES[@]} + ${#NGINXDIRS[@]}] -eq 0 ]
then
>&2 echo "ERROR: Nothing to check."
usage
@@ -643,6 +672,12 @@ do
check_server_status "${HOSTS[${i}]}" "${PORTS[${i}]}"
done
+for (( i=0; i<${#NGINXDIRS[@]}; i++ ))
+do
+ check_nginx_configuration "${NGINXDIRS[@]}"
+# check_file_status "${HOST}" "FILE" "${HOST}" "${FWARNDAYS}"
+done
+
for (( i=0; i<${#SERVERFILES[@]}; i++ ))
do
while read FWARNDAYS PORT HOST
@@ -653,6 +688,9 @@ do
elif [ "${PORT}" = "REMOTEFILE" ]
then
check_remote_file_status "${HOST}" "REMOTEFILE" "${HOST}" "${FWARNDAYS}"
+ elif [ "${PORT}" = "NGINX" ]
+ then
+ check_nginx_configuration "${HOST}" "${FWARNDAYS}"
elif [ "${PORT}" = "GPG" ]
then
check_gpg_key_status "${GPG}" "${HOST}" "${FWARNDAYS}"