From 8479a9f3935c76948d94d7952b75366942bb3cd6 Mon Sep 17 00:00:00 2001 From: Erich Eckner Date: Fri, 25 Nov 2016 17:33:37 +0100 Subject: crypt-expiry-check kann jetzt auch was anderes statt gpg verwenden --- crypt-expiry-check.in | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-) diff --git a/crypt-expiry-check.in b/crypt-expiry-check.in index e631140..d70bb32 100755 --- a/crypt-expiry-check.in +++ b/crypt-expiry-check.in @@ -202,13 +202,14 @@ usage() >&2 echo " -e E-mail address E-mail address to send expiration notices" >&2 echo " -f cert file File with a list of FQDNs and ports" >&2 echo " -g E-mail address E-mail address to check expiry of gpg-key from" + >&2 echo " -G executbl:E-mail Use 'executbl' instead of 'gpg' for checking expiry of E-mail's key. Must accept --list-keys and --list-secret-keys as gpg does." >&2 echo " -h Print this screen" >&2 echo " -i Print the issuer of the certificate" >&2 echo " -k password PKCS12 file password" >&2 echo " -n Run as a Nagios plugin" + >&2 echo " -q Don't print anything on the console" >&2 echo " -s commmon_name:port Server and Port to connect to (interactive mode)" >&2 echo " -t type Specify the certificate type" - >&2 echo " -q Don't print anything on the console" >&2 echo " -v Specify a specific protocol version to use (tls, ssl2, ssl3)" >&2 echo " -V Only print validation data" >&2 echo " -x days Certificate expiration interval (eg. if cert_date < days)" @@ -395,16 +396,16 @@ check_file_status() { check_gpg_key_status() { ### Check to make sure gpg is available - if [ ! -f ${GPG} ] + if [ ! -f "${1}" ] then - >&2 echo "ERROR: The gnupg binary does not exist in ${GPG}." - >&2 echo "FIX: Please modify the \${GPG} variable in the program header or ommit testing of gpg-keys." + >&2 echo "ERROR: The gnupg binary does not exist in ${1}." + >&2 echo "FIX: Please modify the \${GPG} variable in the program header, provide alternative executable via -G or ommit testing of gpg-keys." exit 1 fi - GPG_ADDRESS="${1}" - KEY_INFO="$(${GPG} --list-secret-keys ${GPG_ADDRESS} 2> /dev/null)" - [ -z "${KEY_INFO}" ] && KEY_INFO="$(${GPG} --list-keys ${GPG_ADDRESS})" + GPG_ADDRESS="${2}" + KEY_INFO="$(${1} --list-secret-keys ${GPG_ADDRESS} 2> /dev/null)" + [ -z "${KEY_INFO}" ] && KEY_INFO="$(${1} --list-keys ${GPG_ADDRESS})" KEY_DATE_STR="$( echo "${KEY_INFO}" | \ @@ -449,7 +450,7 @@ check_gpg_key_status() { ################################# ### Start of main program ################################# -while getopts abc:e:f:g:hik:nqs:t:x:v:VZ option +while getopts abc:e:f:g:G:hik:nqs:t:x:v:VZ option do case "${option}" in @@ -470,6 +471,11 @@ do ;; g) CHECKADDRESSES[${#CHECKADDRESSES[@]}]=${OPTARG} + CHECKADDRESSBINARIES[${#CHECKADDRESSBINARIES[@]}]=${GPG} + ;; + G) + CHECKADDRESSES[${#CHECKADDRESSES[@]}]=${OPTARG#*:} + CHECKADDRESSBINARIES[${#CHECKADDRESSBINARIES[@]}]=$(which ${OPTARG%%:*}) ;; i) ISSUER=true @@ -606,7 +612,10 @@ do check_file_status "${HOST}" "FILE" "${HOST}" elif [ "${PORT}" = "GPG" ] then - check_gpg_key_status "${HOST}" + check_gpg_key_status "${GPG}" "${HOST}" + elif [[ "${PORT}" = "GPG:"* ]] + then + check_gpg_key_status "$(which ${PORT#*:})" "${HOST}" else check_server_status "${HOST}" "${PORT}" fi @@ -620,7 +629,7 @@ done for (( i=0; i<${#CHECKADDRESSES[@]}; i++ )) do - check_gpg_key_status "${CHECKADDRESSES[${i}]}" + check_gpg_key_status "${CHECKADDRESSBINARIES[${i}]}" "${CHECKADDRESSES[${i}]}" done if ! ${QUIET} -- cgit v1.2.3