diff options
-rw-r--r-- | .gitignore | 2 | ||||
-rw-r--r-- | Makefile | 50 | ||||
-rw-r--r-- | crypt-expiry-check.8.in | 73 | ||||
-rwxr-xr-x | crypt-expiry-check.in (renamed from crypt-expiry-check) | 2 |
4 files changed, 127 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..ab6096c --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +crypt-expiry-check +crypt-expiry-check.8 diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..08ad7d2 --- /dev/null +++ b/Makefile @@ -0,0 +1,50 @@ +# +# crypt-expiry-check - check expiry of gpg-keys and X.509 certificates +# +# Copyright (c) 2013-2016 Erich Eckner <opensource at eckner dot net> +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, +# USA. +# + +DESTDIR = +ETCDIR = /etc +CRONDIR = /etc/cron.daily +BINDIR = /usr/bin +MANDIR = /usr/share/man + +VERSION = 4.0.1 + +all: crypt-expiry-check crypt-expiry-check.8 + +%: %.in + sed "s/#VERSION#/$(VERSION)/; s@#CRONDIR#@$(CRONDIR)@; s@#BINDIR#@$(BINDIR)@; s@#ETCDIR#@$(ETCDIR)@" $< > $@ + +.PHONY: install dist clean + +install: all + install -D -m0755 crypt-expiry-check.cron $(DESTDIR)$(CRONDIR)/crypt-expiry-check + install -D -m0755 crypt-expiry-check $(DESTDIR)$(BINDIR)/crypt-expiry-check + install -D -m0644 crypt-expiry-check.8 $(DESTDIR)$(MANDIR)/man8/crypt-expiry-check.8 + touch $(DESTDIR)$(ETCDIR)/crypt-expiry.checks + chown 644 $(DESTDIR)$(ETCDIR)/crypt-expiry.checks + +dist: clean + (cd .. && tar czvf crypt-expiry-check-$(VERSION).tar.gz crypt-expiry-check-$(VERSION)) + +clean: + rm -f crypt-expiry-check{,.8} + +# End of file diff --git a/crypt-expiry-check.8.in b/crypt-expiry-check.8.in new file mode 100644 index 0000000..216f7ba --- /dev/null +++ b/crypt-expiry-check.8.in @@ -0,0 +1,73 @@ +.TH crypt-expiry-check 8 "" "crypt-expiry-check #VERSION#" "" +.SH NAME +crypt-expiry-check \- check expiry of gpg-keys and X.509 certificates +.SH SYNOPSIS +\fBcrypt-expiry-check [options]\fP +.SH DESCRIPTION +\fBcrypt-expiry-check\fP checks expiration of gpg keys and X.509 certificates and sends emails if keys are about to expire. +.SH OPTIONS +.TP +.B "\-a" +send a warning message through e-mail +.TP +.B "\-b" +will not print header +.TP +.B "\-c cert file" +print the expiration date for the PEM or PKCS12 formatted certificate in cert file +.TP +.B "\-e e\-mail address" +e-mail address to send expiration notices to +.TP +.B "\-f cert file" +file with a list of (FQDN;port)s, gpg keys and certificate files to check +.TP +.B "\-g e\-mail address" +e-mail address to check expiry of gpg-key of +.TP +.B "\-h" +print this screen +.TP +.B "\-i" +print the issuer of the certificate +.TP +.B "\-k password" +PKCS12 file password +.TP +.B "\-n" +run as a Nagios plugin +.TP +.B "\-s commmon_name:port" +server and port to connect to (interactive mode) +.TP +.B "\-t type" +specify the certificate type +.TP +.B "\-q" +don't print anything on the console +.TP +.B "\-v" +specify a specific protocol version to use (tls, ssl2, ssl3) +.TP +.B "\-V" +only print validation data +.TP +.B "\-x days" +certificate expiration interval (eg. if cert_date < days) +.SH FILES +.TP +.B "#BINDIR#/crypt-expiry-check" +program file +.TP +.B "#ETCDIR#/crypt-expiry.checks" +contains keys to surveil +.TP +.B "#CRONDIR#/crypt-expiry-check.cron" +cronfile to initiate daily checks +.SH CONTRIBUTION +Heavily based on \fBssl-cert-check\fP from \fBMatty < matty91 at gmail dot com >\fP. +The original source can be found here: \fBhttp://prefetch.net/code/ssl-cert-check\fP +.SH AUTHOR +.nf +Erich Eckner <opensource at eckner dot net> +.fi diff --git a/crypt-expiry-check b/crypt-expiry-check.in index 6cc5dde..b8d1a13 100755 --- a/crypt-expiry-check +++ b/crypt-expiry-check.in @@ -192,6 +192,8 @@ print_heading() ########################################## usage() { + >&2 echo "This is crypt-expiry-check version #VERSION#" + >&2 echo "" >&2 echo "Usage: $0 [ -e email address ] [ -x days ] [-q] [-a] [-b] [-h] [-i] [-n] [-v]" >&2 echo " { [ -s common_name:port] } || { [ -f cert_file ] } || { [ -c certificate file ] } || { [ -g email address ] }" >&2 echo "" |