diff options
-rwxr-xr-x | crypt-expiry-check.in | 42 |
1 files changed, 40 insertions, 2 deletions
diff --git a/crypt-expiry-check.in b/crypt-expiry-check.in index 3846d7f..34694cb 100755 --- a/crypt-expiry-check.in +++ b/crypt-expiry-check.in @@ -208,6 +208,7 @@ usage() >&2 echo " -i Print the issuer of the certificate" >&2 echo " -k password PKCS12 file password" >&2 echo " -n Run as a Nagios plugin" + >&2 echo " -N directory Check nginx certificates in directory's config files." >&2 echo " -q Don't print anything on the console" >&2 echo " -s commmon_name:port Server and Port to connect to (interactive mode)" >&2 echo " -t type Specify the certificate type" @@ -330,6 +331,31 @@ check_remote_file_status() { } ##################################################### +### Check the expiration status of nginx certificates +### Accepts one parameter: +### $1 -> directory to nginx configurations +##################################################### + +check_nginx_configuration() { + CONFIGDIR=${1} + FWARNDAYS=${2:-${WARNDAYS}} + + find "${CONFIGDIR}" \ + \( -type f -o -type l \) \ + -exec sed -n ' + s/^.*\bssl_certificate\s\+// + T + s/;.*$// + T + s@^@{} @ + p + ' {} \; \ + | while read -r config_file cert_file; do + check_file_status "${cert_file}" 'NGINX' "${config_file##*/}" "${WARNDAYS}" + done +} + +##################################################### ### Check the expiration status of a certificate file ### Accepts three parameters: ### $1 -> certificate file to process @@ -487,7 +513,7 @@ check_gpg_key_status() { ################################# ### Start of main program ################################# -while getopts abc:e:f:g:G:hik:nqr:s:t:x:v:VZ option +while getopts abc:e:f:g:G:hik:nN:qr:s:t:x:v:VZ option do case "${option}" in @@ -523,6 +549,9 @@ do n) NAGIOS=true ;; + N) + NGINXDIRS[${#NGINXDIRS[@]}]=${OPTARG} + ;; q) QUIET=true ;; @@ -629,7 +658,7 @@ else exit 1 fi -if [ $[${#HOSTS[@]} + ${#SERVERFILES[@]} + ${#CERTFILES[@]} + ${#REMOTECERTFILES[@]} + ${#CHECKADDRESSES[@]}] -eq 0 ] +if [ $[${#HOSTS[@]} + ${#SERVERFILES[@]} + ${#CERTFILES[@]} + ${#REMOTECERTFILES[@]} + ${#CHECKADDRESSES[@]} + ${#NGINXDIRS[@]}] -eq 0 ] then >&2 echo "ERROR: Nothing to check." usage @@ -643,6 +672,12 @@ do check_server_status "${HOSTS[${i}]}" "${PORTS[${i}]}" done +for (( i=0; i<${#NGINXDIRS[@]}; i++ )) +do + check_nginx_configuration "${NGINXDIRS[@]}" +# check_file_status "${HOST}" "FILE" "${HOST}" "${FWARNDAYS}" +done + for (( i=0; i<${#SERVERFILES[@]}; i++ )) do while read FWARNDAYS PORT HOST @@ -653,6 +688,9 @@ do elif [ "${PORT}" = "REMOTEFILE" ] then check_remote_file_status "${HOST}" "REMOTEFILE" "${HOST}" "${FWARNDAYS}" + elif [ "${PORT}" = "NGINX" ] + then + check_nginx_configuration "${HOST}" "${FWARNDAYS}" elif [ "${PORT}" = "GPG" ] then check_gpg_key_status "${GPG}" "${HOST}" "${FWARNDAYS}" |