summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.gitignore4
-rw-r--r--Makefile16
-rwxr-xr-xcrypt-expiry-check.in44
-rw-r--r--man.commons.in30
4 files changed, 70 insertions, 24 deletions
diff --git a/.gitignore b/.gitignore
index 919177e..9ab43ca 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,5 @@
crypt-expiry-check
crypt-expiry-check.cron
-crypt-expiry-check.1
+man.commons
+*.common
+*.1
diff --git a/Makefile b/Makefile
index 2a82a8d..a808e4d 100644
--- a/Makefile
+++ b/Makefile
@@ -27,10 +27,18 @@ MANDIR = /usr/share/man
VERSION = 4.0.7
-all: crypt-expiry-check crypt-expiry-check.cron crypt-expiry-check.1
+all: man.commons crypt-expiry-check crypt-expiry-check.cron crypt-expiry-check.1
%: %.in
sed "s/#VERSION#/$(VERSION)/; s@#CRONDIR#@$(CRONDIR)@; s@#BINDIR#@$(BINDIR)@; s@#ETCDIR#@$(ETCDIR)@" $< > $@
+ [ "$@" = "crypt-expiry-check" ] && chmod +x "$@" || true
+
+%.1: % man.commons
+ grep -v "^$<(" man.commons | sed '/^\[SEE ALSO]$$/{n;:a;N;/\[/b;s/\n/, /;ta;}' > "$<.common" && \
+ help2man \
+ -n 'Check expiry of gpg-keys and X.509 certificates' \
+ -h -h -v -Z \
+ -o "$@" -N --include $<.common --no-discard-stderr "./$<"
.PHONY: install dist clean
@@ -41,8 +49,10 @@ install: all
install -D -m0644 -t $(DESTDIR)$(ETCDIR) crypt-expiry.checks
clean:
- rm -f crypt-expiry-check crypt-expiry-check.cron crypt-expiry-check.1
-
+ ls -A | \
+ grep "^\($(shell cat .gitignore | sed 's|\.|\\.|; s|\*|.*|; s|$$|\\|' | tr '\n' '\|' )\)\$$" | \
+ xargs -r rm
+
dist: clean
git status --porcelain 2> /dev/null | grep -q "\S" && (git add .; git commit -m"neue Version: $(VERSION)") || true
! git tag -d v$(VERSION) 2> /dev/null
diff --git a/crypt-expiry-check.in b/crypt-expiry-check.in
index f634650..e631140 100755
--- a/crypt-expiry-check.in
+++ b/crypt-expiry-check.in
@@ -192,27 +192,27 @@ print_heading()
##########################################
usage()
{
- >&2 echo "This is crypt-expiry-check version #VERSION#"
+ >&2 echo "$(basename "$0") checks expiration of gpg keys and X.509 certificates and sends emails if keys are about to expire."
>&2 echo ""
- >&2 echo "Usage: $0 [ -e email address ] [ -x days ] [-q] [-a] [-b] [-h] [-i] [-n] [-v]"
- >&2 echo " { [ -s common_name:port] } || { [ -f cert_file ] } || { [ -c certificate file ] } || { [ -g email address ] }"
+ >&2 echo "Usage: $0 [ -e email address ] [ -x days ] [-q] [-a] [-b] [-h] [-i] [-n] [-v] { [ -s common_name:port] } || { [ -f cert_file ] } || { [ -c certificate file ] } || { [ -g email address ] }"
>&2 echo ""
- >&2 echo " -a : Send a warning message through E-mail"
- >&2 echo " -b : Will not print header"
- >&2 echo " -c cert file : Print the expiration date for the PEM or PKCS12 formatted certificate in cert file"
- >&2 echo " -e E-mail address : E-mail address to send expiration notices"
- >&2 echo " -f cert file : File with a list of FQDNs and ports"
- >&2 echo " -g E-mail address : E-mail address to check expiry of gpg-key from"
- >&2 echo " -h : Print this screen"
- >&2 echo " -i : Print the issuer of the certificate"
- >&2 echo " -k password : PKCS12 file password"
- >&2 echo " -n : Run as a Nagios plugin"
- >&2 echo " -s commmon_name:port : Server and Port to connect to (interactive mode)"
- >&2 echo " -t type : Specify the certificate type"
- >&2 echo " -q : Don't print anything on the console"
- >&2 echo " -v : Specify a specific protocol version to use (tls, ssl2, ssl3)"
- >&2 echo " -V : Only print validation data"
- >&2 echo " -x days : Certificate expiration interval (eg. if cert_date < days)"
+ >&2 echo " -a Send a warning message through E-mail"
+ >&2 echo " -b Will not print header"
+ >&2 echo " -c cert file Print the expiration date for the PEM or PKCS12 formatted certificate in cert file"
+ >&2 echo " -e E-mail address E-mail address to send expiration notices"
+ >&2 echo " -f cert file File with a list of FQDNs and ports"
+ >&2 echo " -g E-mail address E-mail address to check expiry of gpg-key from"
+ >&2 echo " -h Print this screen"
+ >&2 echo " -i Print the issuer of the certificate"
+ >&2 echo " -k password PKCS12 file password"
+ >&2 echo " -n Run as a Nagios plugin"
+ >&2 echo " -s commmon_name:port Server and Port to connect to (interactive mode)"
+ >&2 echo " -t type Specify the certificate type"
+ >&2 echo " -q Don't print anything on the console"
+ >&2 echo " -v Specify a specific protocol version to use (tls, ssl2, ssl3)"
+ >&2 echo " -V Only print validation data"
+ >&2 echo " -x days Certificate expiration interval (eg. if cert_date < days)"
+ >&2 echo " -Z Print version"
>&2 echo ""
}
@@ -449,7 +449,7 @@ check_gpg_key_status() {
#################################
### Start of main program
#################################
-while getopts abc:e:f:g:hik:nqs:t:x:v:V option
+while getopts abc:e:f:g:hik:nqs:t:x:v:VZ option
do
case "${option}"
in
@@ -499,6 +499,10 @@ do
x)
WARNDAYS=${OPTARG}
;;
+ Z)
+ echo '#VERSION#'
+ exit 0
+ ;;
*)
usage
exit 1
diff --git a/man.commons.in b/man.commons.in
new file mode 100644
index 0000000..cc4cbe4
--- /dev/null
+++ b/man.commons.in
@@ -0,0 +1,30 @@
+[CONFIG]
+\fB#ETCDIR#/crypt-expiry.checks\fP contains the information which certificates and keys to surveil.
+Empty lines and lines starting with \fB#\fP are being ignored.
+The following non-comment lines are understood:
+.TP
+.B "\fIfqdn\fP \fIport\fP"
+surveil certificate of \fIhttps://fqdn:port\fP
+.TP
+.B "\fIemail-address\fP GPG"
+surveil gpg key of \fIemail-address\fP
+.TP
+.B "\fIfile\fP FILE"
+surveil certificate in \fIfile\fP
+[FILES]
+.TP
+.B "#BINDIR#/crypt-expiry-check"
+program file
+.TP
+.B "#ETCDIR#/crypt-expiry.checks"
+contains keys to surveil
+.TP
+.B "#CRONDIR#/crypt-expiry-check.cron"
+cronfile to initiate daily checks
+[CONTRIBUTION]
+Heavily based on \fBssl-cert-check\fP from \fBMatty < matty91 at gmail dot com >\fP.
+The original source can be found here: \fBhttp://prefetch.net/code/ssl-cert-check\fP
+[AUTHOR]
+.nf
+Erich Eckner <opensource at eckner dot net>
+.fi