From ae364309616f04eace10ab78e641fa7378367a23 Mon Sep 17 00:00:00 2001 From: Erich Eckner Date: Sun, 6 Feb 2022 15:08:31 +0100 Subject: nginx neu - aber nocht nicht perfekt --- crypt-expiry-check.in | 42 ++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 40 insertions(+), 2 deletions(-) diff --git a/crypt-expiry-check.in b/crypt-expiry-check.in index 3846d7f..34694cb 100755 --- a/crypt-expiry-check.in +++ b/crypt-expiry-check.in @@ -208,6 +208,7 @@ usage() >&2 echo " -i Print the issuer of the certificate" >&2 echo " -k password PKCS12 file password" >&2 echo " -n Run as a Nagios plugin" + >&2 echo " -N directory Check nginx certificates in directory's config files." >&2 echo " -q Don't print anything on the console" >&2 echo " -s commmon_name:port Server and Port to connect to (interactive mode)" >&2 echo " -t type Specify the certificate type" @@ -329,6 +330,31 @@ check_remote_file_status() { } +##################################################### +### Check the expiration status of nginx certificates +### Accepts one parameter: +### $1 -> directory to nginx configurations +##################################################### + +check_nginx_configuration() { + CONFIGDIR=${1} + FWARNDAYS=${2:-${WARNDAYS}} + + find "${CONFIGDIR}" \ + \( -type f -o -type l \) \ + -exec sed -n ' + s/^.*\bssl_certificate\s\+// + T + s/;.*$// + T + s@^@{} @ + p + ' {} \; \ + | while read -r config_file cert_file; do + check_file_status "${cert_file}" 'NGINX' "${config_file##*/}" "${WARNDAYS}" + done +} + ##################################################### ### Check the expiration status of a certificate file ### Accepts three parameters: @@ -487,7 +513,7 @@ check_gpg_key_status() { ################################# ### Start of main program ################################# -while getopts abc:e:f:g:G:hik:nqr:s:t:x:v:VZ option +while getopts abc:e:f:g:G:hik:nN:qr:s:t:x:v:VZ option do case "${option}" in @@ -523,6 +549,9 @@ do n) NAGIOS=true ;; + N) + NGINXDIRS[${#NGINXDIRS[@]}]=${OPTARG} + ;; q) QUIET=true ;; @@ -629,7 +658,7 @@ else exit 1 fi -if [ $[${#HOSTS[@]} + ${#SERVERFILES[@]} + ${#CERTFILES[@]} + ${#REMOTECERTFILES[@]} + ${#CHECKADDRESSES[@]}] -eq 0 ] +if [ $[${#HOSTS[@]} + ${#SERVERFILES[@]} + ${#CERTFILES[@]} + ${#REMOTECERTFILES[@]} + ${#CHECKADDRESSES[@]} + ${#NGINXDIRS[@]}] -eq 0 ] then >&2 echo "ERROR: Nothing to check." usage @@ -643,6 +672,12 @@ do check_server_status "${HOSTS[${i}]}" "${PORTS[${i}]}" done +for (( i=0; i<${#NGINXDIRS[@]}; i++ )) +do + check_nginx_configuration "${NGINXDIRS[@]}" +# check_file_status "${HOST}" "FILE" "${HOST}" "${FWARNDAYS}" +done + for (( i=0; i<${#SERVERFILES[@]}; i++ )) do while read FWARNDAYS PORT HOST @@ -653,6 +688,9 @@ do elif [ "${PORT}" = "REMOTEFILE" ] then check_remote_file_status "${HOST}" "REMOTEFILE" "${HOST}" "${FWARNDAYS}" + elif [ "${PORT}" = "NGINX" ] + then + check_nginx_configuration "${HOST}" "${FWARNDAYS}" elif [ "${PORT}" = "GPG" ] then check_gpg_key_status "${GPG}" "${HOST}" "${FWARNDAYS}" -- cgit v1.2.3