23 lines
1.0 KiB
Bash
23 lines
1.0 KiB
Bash
#!/bin/bash
|
|
|
|
# checks certificate runtime of host locally f.e. if checkmk server cannot access monitored hosts ports directy (dmz, behind proxy, etc.)
|
|
# Copy this to /usr/lib/check_mk_agent/local and adjust hostname and port
|
|
# depending on service you need to set 'startls="-starttls xyz"'
|
|
# smtp on port 25: -starttls smtp
|
|
# ftp on port 21: -starttls ftp
|
|
# imap on port 143: -starttls imap
|
|
# pop3 on port 110: -starttls pop3
|
|
# more see openssl documentation
|
|
|
|
hostname=$(hostname -f)
|
|
port=993
|
|
starttls=
|
|
certificate_file=$(mktemp)
|
|
echo -n | openssl s_client -servername "$hostname" -connect "$hostname":$port $starttls 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > $certificate_file
|
|
date=$(openssl x509 -in $certificate_file -enddate -noout | sed "s/.*=\(.*\)/\1/")
|
|
date_s=$(date -d "${date}" +%s)
|
|
now_s=$(date -d now +%s)
|
|
date_diff=$(( (date_s - now_s) / 86400 ))
|
|
|
|
echo 'P "'$hostname':'$port' Cert-Runtime" days=-'$date_diff';-15;-10 Certificate of Service on '$hostname' Port '$port' expires in '$date_diff' days'
|