DigitalInfinity/CheckMK-Stuff
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first version with startls as option

Browse Source
This commit is contained in:
Alexander Gabriel 2025-01-16 21:01:05 +01:00
commit 4041f7a529
1 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
check_cert_runtime_local.sh Normal file
View File

@ -0,0 +1,22 @@
#!/bin/bash
# checks certificate runtime of host locally f.e. if checkmk server cannot access monitored hosts ports directy (dmz, behind proxy, etc.)
# Copy this to /usr/lib/check_mk_agent/local and adjust hostname and port
# depending on service you need to set 'startls="-starttls xyz"'
# smtp on port 25: -starttls smtp
# ftp on port 21: -starttls ftp
# imap on port 143: -starttls imap
# pop3 on port 110: -starttls pop3
# more see openssl documentation
hostname=$(hostname -f)
port=993
starttls=
certificate_file=$(mktemp)
echo -n | openssl s_client -servername "$hostname" -connect "$hostname":$port $starttls 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > $certificate_file
date=$(openssl x509 -in $certificate_file -enddate -noout | sed "s/.*=\(.*\)/\1/")
date_s=$(date -d "${date}" +%s)
now_s=$(date -d now +%s)
date_diff=$(( (date_s - now_s) / 86400 ))
echo 'P "'$hostname':'$port' Cert-Runtime" days=-'$date_diff';-15;-10 Certificate of Service on '$hostname' Port '$port' expires in '$date_diff' days'