Mirrors/Munin-Contrib
1
0
Fork 0
mirror of https://github.com/munin-monitoring/contrib.git synced 2025-07-22 14:16:00 +00:00
Code Issues Releases Wiki Activity

Merge remote-tracking branch 'origin/master'

Browse source
This commit is contained in:
cortices 2021-01-01 14:11:50 +11:00
commit cf44597b58
1 changed files with 30 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

50
plugins/ssl/certificate_file_expiry
View file

@ -18,7 +18,7 @@ For letsencrypt certificates
[certificate_file_expiry] [certificate_file_expiry]
user root user root
env.CERTS x509:/etc/letsencrypt/live/domain1.example.com/cert.pem x509:/etc/letsencrypt/live/domain2.example.com/cert.pem env.CERTS x509:/etc/letsencrypt/live/*/cert.pem
Warning and Critical levels can also be configured with env variables like this: Warning and Critical levels can also be configured with env variables like this:
@ -29,6 +29,14 @@ Warning and Critical levels can also be configured with env variables like this:
# critical when certificate will be invalid within 1 day # critical when certificate will be invalid within 1 day
env.critical 1: env.critical 1:
env.CERTS should be a space separated list of patterns prefixed by the type of certificate to check and a colon. All types of
certificates that openssl supports as standard commands and have a validity output are supported (e.g. x509, crl).
File patterns can be a single file (e.g. /etc/openvpn/easy-rsa/keys/crl.pem) or a pattern that matches multiple files
(e.g. /etc/letsencrypt/live/*/cert.pem).
env.warning and env.critical are configurable values for the warning and critical levels according to
http://munin-monitoring.org/wiki/fieldname.warning and http://munin-monitoring.org/wiki/fieldname.critical
=head1 Dependencies =head1 Dependencies
Dependencies: openssl Dependencies: openssl
@ -46,29 +54,31 @@ GPLv2
. "$MUNIN_LIBDIR/plugins/plugin.sh" . "$MUNIN_LIBDIR/plugins/plugin.sh"
if [ "$1" = "config" ] ; then if [ "$1" = "config" ] ; then
echo "graph_title Certificate validity" echo "graph_title Certificate validity"
echo "graph_args --logarithmic --base 1000" echo "graph_args --logarithmic --base 1000"
echo "graph_vlabel certificate validity in days" echo "graph_vlabel certificate validity in days"
echo "graph_category security" echo "graph_category security"
fi fi
now=$(date +%s) now=$(date +%s)
warning=${warning:-5:} warning=${warning:-5:}
critical=${critical:-1:} critical=${critical:-1:}
for cert in ${CERTS}; do for cert in ${CERTS}; do
cert_type=${cert%:*} cert_type=${cert%:*}
cert_file=${cert#*:} cert_pattern=${cert#*:}
cert_name=$(clean_fieldname "$cert_file") for cert_file in $cert_pattern; do
if [ "$1" = "config" ] ; then cert_name=$(clean_fieldname "$cert_file")
echo "${cert_name}.label ${cert_file}" if [ "$1" = "config" ] ; then
print_warning "$cert_name" echo "${cert_name}.label ${cert_file}"
print_critical "$cert_name" print_warning "$cert_name"
elif [ "$1" = "" ] ; then print_critical "$cert_name"
validity=$(/usr/bin/openssl "$cert_type" -text -noout -in "$cert_file" | grep -E '(Next Update|Not After)') elif [ "$1" = "" ] ; then
validity=${validity#*:} validity=$(/usr/bin/openssl "$cert_type" -text -noout -in "$cert_file" | grep -E '(Next Update|Not After)')
validity=$(date --date="$validity" +%s) validity=${validity#*:}
validity=$((validity - now)) validity=$(date --date="$validity" +%s)
validity=$(echo "$validity" | awk '{ print ($1 / 86400) }') validity=$((validity - now))
echo "${cert_name}.value $validity" validity=$(echo "$validity" | awk '{ print ($1 / 86400) }')
fi echo "${cert_name}.value $validity"
fi
done
done done