#3298 - SSL monitoring script for icinga

check_ssl_cert.sh

Index: check_ssl_cert.sh
diff --git a/check_ssl_cert.sh b/check_ssl_cert.sh
new file mode 100755
index 0000000000000000000000000000000000000000..053357db64fd317a93e1e759aac90d4bb71af205
--- /dev/null
+++ b/check_ssl_cert.sh
@@ -0,0 +1,94 @@
+#!/bin/sh
+
+# Icinga plugin that checks how many days are left until SSL certificate expires
+# Usage: <PluginDir>/check_ssl_cert -H <HOSTNAME> -P <PORT> -c <CRITICAL> -w <WARNING>
+
+PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin"
+
+CURRENT_DATE=`date +%y%m%d`
+HOST="$2"
+PORT="$4"
+CRITICAL="$6"
+WARNING="$8"
+STATE_OK=0
+STATE_WARNING=1
+STATE_CRITICAL=2
+STATE_UNKNOWN=3
+
+OUTPUT=`openssl s_client -connect "$HOST":"$PORT" </dev/null 2>/dev/null | openssl x509 -noout -enddate 2>/dev/null`

[mathias, 2018/06/05 16:24:19]

Please place this in a function() and invoke it to assign the output, e.g.
OUTPUT=`function_name "$HOST" "$PORT"`.

+
+if [ ! "$OUTPUT" ]
+then
+  echo "UNKNOWN - Could not connect to $HOST via port $PORT"
+  exit "$STATE_UNKNOWN"
+fi
+
+DAY=`echo "$OUTPUT" | awk '{print $2}'`
+MONTH=`echo "$OUTPUT" | awk '{print $1}' | cut -c 10-`
+YEAR=`echo "$OUTPUT" | awk '{print $4}'`
+
+case "$MONTH" in
+
+  "Jan")
+    MONTH="01"
+    ;;
+  "Feb")
+    MONTH="02"
+    ;;
+  "Mar")
+    MONTH="03"
+    ;;
+  "Apr")
+    MONTH="04"
+    ;;
+  "May")
+    MONTH="05"
+    ;;
+  "Jun")
+    MONTH="06"
+    ;;
+  "Jul")
+    MONTH="07"
+    ;;
+  "Aug")
+    MONTH="08"
+    ;;
+  "Sep")
+    MONTH="09"
+    ;;
+  "Oct")
+    MONTH="10"
+    ;;
+  "Nov")
+    MONTH="11"
+    ;;
+  "Dec")
+    MONTH="12"
+    ;;
+  "*")
+    echo "An error occured"
+    exit 1
+    ;;
+esac
+
+EXPIRY_DATE_IN_SEC=`date -d "$YEAR""$MONTH""$DAY" +%s`

[mathias, 2018/06/05 16:24:19]

You can use "$YEAR$MONTH$DAY" or, even better, "${YEAR}${MONTH}${DAY}" here --
there's no need for the additional quotes.

+CURRENT_DATE_IN_SEC=`date -d "$CURRENT_DATE" +%s`
+DIFF=`expr "$EXPIRY_DATE_IN_SEC" - "$CURRENT_DATE_IN_SEC"`
+DIFF=`expr "$DIFF" / 86400`
+
+if [ "$DIFF" -le "$CRITICAL" ]
+then
+  echo "CRITICAL - $HOST: SSL certificate has been expired!"
+  exit "$STATE_CRITICAL"
+elif [ "$DIFF" -le "$WARNING" ]
+then
+  echo "WARNING - $HOST: SSL certificate will be expired in $DIFF days!"
+  exit "$STATE_WARNING"
+elif [ "$DIFF" -gt "$WARNING" ]
+then
+  echo "OK - $HOST: SSL certificate will be expired in $DIFF days"
+  exit "$STATE_OK"
+else
+  echo "UNKNOWN - $HOST: Could not retrieve data"
+  exit "$STATE_UNKNOWN"
+fi