#!/usr/bin/perl
use strict;
use POSIX qw( mktime ctime );
my $warn_value = 30;
my $crit_value = 7;
my @config_paths = ('/etc/apache2/sites-enabled/', '/etc/apache2/conf.d/');
my @cert_files;
sub get_days_left () {
my ($file) = @_;
my %months = (
'Jan' => 0,
'Feb' => 1,
'Mar' => 2,
'Apr' => 3,
'May' => 4,
'Jun' => 5,
'Jul' => 6,
'Aug' => 7,
'Sep' => 8,
'Oct' => 9,
'Nov' => 10,
'Dec' => 11,
);
my $cert_exp_str = `openssl x509 -enddate -noout -in $file`;
$cert_exp_str =~ s/\s*[a-zA-Z]{3}\s?$//;
$cert_exp_str =~ s/^[a-zA-Z]+=\s?//;
my ($month, $day, $hour, $minute, $second, $year) = split(/[\s:]+/, $cert_exp_str);
my $days_left = (mktime($second, $minute, $hour, $day, $months{$month}, $year - 1900) - time()) /60 /60 /24;
$days_left =~ s/\.[0-9]*//;
return $days_left;
}
my $config_path;
foreach $config_path (@config_paths) {
if ( -d $config_path) {
opendir(CONFIG_PATH, $config_path) or print "ERROR: $!\n" and exit 3;
my @config_files = readdir(CONFIG_PATH);
closedir(CONFIG_PATH);
my $config_file;
foreach $config_file (@config_files) {
open(CONFIG_FILE, ') {
if (/^\s*SSLCertificateFile\s+\S+$/) {
my $cert_file = $_;
$cert_file =~ s/^\s*SSLCertificateFile\s+(\S+)$/\1/;
push @cert_files, $cert_file;
}
}
close(CONFIG_FILE);
}
}
}
my $min_exp;
my $days_left;
my $file;
my $num_certs = 0;
my $cert_file;
my $bad_cert;
foreach $cert_file (@cert_files) {
$days_left = &get_days_left($cert_file);
if ($num_certs == 0 or $min_exp > $days_left) {
$min_exp = $days_left;
$bad_cert = $cert_file;
}
$num_certs++;
}
$bad_cert =~ s/^\S*\/(\S+)\n$/\1/;
if ($num_certs $warn_value) {
print "OK - " . $min_exp . " days left\n";
exit 0;
}
elsif ($min_exp > $crit_value) {
print "WARNING - " . $min_exp . " days left ( " . $bad_cert . " )\n";
exit 1;
}
else{
print "CRITICAL - " . $min_exp . " days left ( " . $bad_cert . " )\n";
exit 2;
}
}
Nagios nrpe-plugin for checking apache2 ssl-certificates
Share Tweet ShareA simple perl script for use as a nagios nrpe plugin for checking the validity of configured ssl certificates. No doubt, exceeded ssl-certificates are annoying. To avoid this, here is my nagios nrpe-plugin for checking these issues in all apache2-config files…