summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.gitignore2
-rw-r--r--Makefile50
-rw-r--r--crypt-expiry-check.8.in73
-rwxr-xr-xcrypt-expiry-check.in (renamed from crypt-expiry-check)2
4 files changed, 127 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..ab6096c
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+crypt-expiry-check
+crypt-expiry-check.8
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..08ad7d2
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,50 @@
+#
+# crypt-expiry-check - check expiry of gpg-keys and X.509 certificates
+#
+# Copyright (c) 2013-2016 Erich Eckner <opensource at eckner dot net>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
+# USA.
+#
+
+DESTDIR =
+ETCDIR = /etc
+CRONDIR = /etc/cron.daily
+BINDIR = /usr/bin
+MANDIR = /usr/share/man
+
+VERSION = 4.0.1
+
+all: crypt-expiry-check crypt-expiry-check.8
+
+%: %.in
+ sed "s/#VERSION#/$(VERSION)/; s@#CRONDIR#@$(CRONDIR)@; s@#BINDIR#@$(BINDIR)@; s@#ETCDIR#@$(ETCDIR)@" $< > $@
+
+.PHONY: install dist clean
+
+install: all
+ install -D -m0755 crypt-expiry-check.cron $(DESTDIR)$(CRONDIR)/crypt-expiry-check
+ install -D -m0755 crypt-expiry-check $(DESTDIR)$(BINDIR)/crypt-expiry-check
+ install -D -m0644 crypt-expiry-check.8 $(DESTDIR)$(MANDIR)/man8/crypt-expiry-check.8
+ touch $(DESTDIR)$(ETCDIR)/crypt-expiry.checks
+ chown 644 $(DESTDIR)$(ETCDIR)/crypt-expiry.checks
+
+dist: clean
+ (cd .. && tar czvf crypt-expiry-check-$(VERSION).tar.gz crypt-expiry-check-$(VERSION))
+
+clean:
+ rm -f crypt-expiry-check{,.8}
+
+# End of file
diff --git a/crypt-expiry-check.8.in b/crypt-expiry-check.8.in
new file mode 100644
index 0000000..216f7ba
--- /dev/null
+++ b/crypt-expiry-check.8.in
@@ -0,0 +1,73 @@
+.TH crypt-expiry-check 8 "" "crypt-expiry-check #VERSION#" ""
+.SH NAME
+crypt-expiry-check \- check expiry of gpg-keys and X.509 certificates
+.SH SYNOPSIS
+\fBcrypt-expiry-check [options]\fP
+.SH DESCRIPTION
+\fBcrypt-expiry-check\fP checks expiration of gpg keys and X.509 certificates and sends emails if keys are about to expire.
+.SH OPTIONS
+.TP
+.B "\-a"
+send a warning message through e-mail
+.TP
+.B "\-b"
+will not print header
+.TP
+.B "\-c cert file"
+print the expiration date for the PEM or PKCS12 formatted certificate in cert file
+.TP
+.B "\-e e\-mail address"
+e-mail address to send expiration notices to
+.TP
+.B "\-f cert file"
+file with a list of (FQDN;port)s, gpg keys and certificate files to check
+.TP
+.B "\-g e\-mail address"
+e-mail address to check expiry of gpg-key of
+.TP
+.B "\-h"
+print this screen
+.TP
+.B "\-i"
+print the issuer of the certificate
+.TP
+.B "\-k password"
+PKCS12 file password
+.TP
+.B "\-n"
+run as a Nagios plugin
+.TP
+.B "\-s commmon_name:port"
+server and port to connect to (interactive mode)
+.TP
+.B "\-t type"
+specify the certificate type
+.TP
+.B "\-q"
+don't print anything on the console
+.TP
+.B "\-v"
+specify a specific protocol version to use (tls, ssl2, ssl3)
+.TP
+.B "\-V"
+only print validation data
+.TP
+.B "\-x days"
+certificate expiration interval (eg. if cert_date < days)
+.SH FILES
+.TP
+.B "#BINDIR#/crypt-expiry-check"
+program file
+.TP
+.B "#ETCDIR#/crypt-expiry.checks"
+contains keys to surveil
+.TP
+.B "#CRONDIR#/crypt-expiry-check.cron"
+cronfile to initiate daily checks
+.SH CONTRIBUTION
+Heavily based on \fBssl-cert-check\fP from \fBMatty < matty91 at gmail dot com >\fP.
+The original source can be found here: \fBhttp://prefetch.net/code/ssl-cert-check\fP
+.SH AUTHOR
+.nf
+Erich Eckner <opensource at eckner dot net>
+.fi
diff --git a/crypt-expiry-check b/crypt-expiry-check.in
index 6cc5dde..b8d1a13 100755
--- a/crypt-expiry-check
+++ b/crypt-expiry-check.in
@@ -192,6 +192,8 @@ print_heading()
##########################################
usage()
{
+ >&2 echo "This is crypt-expiry-check version #VERSION#"
+ >&2 echo ""
>&2 echo "Usage: $0 [ -e email address ] [ -x days ] [-q] [-a] [-b] [-h] [-i] [-n] [-v]"
>&2 echo " { [ -s common_name:port] } || { [ -f cert_file ] } || { [ -c certificate file ] } || { [ -g email address ] }"
>&2 echo ""