1
0
Fork 0
scripts-admin-quickndirty-p.../nagios/check_crl

200 lines
4.9 KiB
Text
Raw Permalink Normal View History

#!/usr/bin/perl -w
#
#
# check_crl -f <filename> -w <warn> -c <crit>
#
# Script to check the "Next Update" time of a revocation list within the apache
# webserver (users.crl).
# Warn and crit are the number of days left before the expiration date is reached.
#
# Changes and Modifications
# =========================
# 23.05.2007 - 1.0.0 R. Kaiser autinform
# Created
#
use Time::Local;
use POSIX;
use strict;
use Getopt::Long;
use vars qw($opt_c $opt_w $opt_f $opt_h $opt_V);
use vars qw($PROGNAME);
use vars qw($REVISION);
use lib "/usr/lib/nagios/plugins" ;
use utils qw($TIMEOUT %ERRORS &print_revision &support &usage);
# Programname and version
$PROGNAME = "check_crl";
$REVISION = "\$Revision: 1.0.0 \$";
# Definition of my defaults
my $def_warn=10;
my $def_crit=4;
sub print_help ();
sub print_usage ();
sub zeit_wandeln_in_sek ();
Getopt::Long::Configure('bundling');
GetOptions
("V" => \$opt_V, "version" => \$opt_V,
"h" => \$opt_h, "help" => \$opt_h,
"f=s" => \$opt_f, "file=s" => \$opt_f,
"w=i" => \$opt_w, "warning=i" => \$opt_w,
"c=i" => \$opt_c, "critical=i" => \$opt_c);
if ($opt_V) {
print_revision($PROGNAME,$REVISION);
exit $ERRORS{'OK'};
}
if ($opt_h) {print_help(); exit 0;}
($opt_f) || ($opt_f = shift) || usage("File not specified\n");
my $datei = $1 if ($opt_f =~ /^([\/-_.A-Za-z0-9]+)$/);
($datei) || usage("Invalid filename: $opt_f\n");
($opt_w) || ($opt_w = shift) || ($opt_w = $def_warn);
my $warn = $1 if ($opt_w =~ /^([0-9]{1,4})$/);
($warn) || usage("Invalid warning threshold: $opt_w\n");
($opt_c) || ($opt_c = shift) || ($opt_c = $def_crit);
my $crit = $1 if ($opt_c =~ /^([0-9]{1,4})$/);
($crit) || usage("Invalid critical threshold: $opt_c\n");
# verify warning is less than critical
unless ( $warn > $crit ) {
usage("days left: warning ($opt_w) should be greater than critical ($opt_c)\n");
}
# check file access
unless ( -r $datei ) {
usage("File ($datei) not found or not accessable.\n");
}
# end of params checking
my $state = "OK";
my $answer = undef;
my $res = undef;
my @lines = undef;
my $datum = undef;
my $monat= undef;
my $timesec = undef;
# Just in case of problems, let's not hang Nagios
$SIG{'ALRM'} = sub {
print "No Answer from Client\n";
exit $ERRORS{"UNKNOWN"};
};
alarm($TIMEOUT);
########## Action
# Get the "Next Update" line of the crl.
my $crl_zeit = qx(/usr/bin/openssl crl -noout -text -in $datei | /bin/grep " Next Update:");
$crl_zeit =~ s/^ +//g; # remove leading blanks
$crl_zeit =~ s/\n$//; # remove trailing linefeed
$crl_zeit =~ s/ / /g; # remove multiple blanks
my ($nix1, $nix2, $mon, $tag, $zeit, $jahr, $dattyp) = split (/ /, $crl_zeit);
# change month from string to number
my $mon_liste = "JanFebMarAprMayJunJulAugSepOctNovDec";
$monat = (index($mon_liste, $mon) / 3) + 1;
# change to seconds since 01.01.1970
$timesec = zeit_wandeln_in_sek();
# get current time and check the difference
my $act_time = time();
my $SekDiff = $timesec - $act_time;
my $SekRest = $SekDiff;
# make the difference human readable
my $Tage = int($SekRest / (24 * 3600));
$SekRest = $SekRest - ($Tage * 24 * 3600);
my $Stunden = int($SekRest / 3600);
$SekRest = $SekRest - ($Stunden * 3600);
my $Minuten = int($SekRest / 60);
$SekRest = $SekRest - ($Minuten * 60);
#Turn off alarm
alarm(0);
# and now build the answer
my $txt_Tage = "Tage";
my $txt_Stun = "Stunden";
my $txt_Minu = "Minuten";
my $txt_Seku = "Sekunden";
$txt_Tage = "Tag" if ( $Tage == 1 );
$txt_Stun = "Stunde" if ( $Stunden == 1 );
$txt_Minu = "Minute" if ( $Minuten == 1 );
$txt_Seku = "Sekunde" if ( $SekRest == 1 );
$answer = "CRL Restzeit: $Tage $txt_Tage, $Stunden $txt_Stun, $Minuten $txt_Minu und $SekRest $txt_Seku.\n";
# check the time left with warn and crit
if ( $SekDiff <= ($warn * 24 * 3600) ) {
$state = "WARNING";
}
if ( $SekDiff <= ($crit * 24 * 3600) ) {
$state = "CRITICAL";
}
print $state." ".$answer;
exit $ERRORS{$state};
############################################################################
sub zeit_wandeln_in_sek () {
# Den Monat fuer Perl anpassen.
$monat = $monat - 1;
# Die Zeitangabe auseinander nehmen.
my ($stunde,$minute,$sekunde) = split /\:/, $zeit;
if ( $dattyp eq "GMT" ) {
my $timesec=timegm($sekunde,$minute,$stunde,$tag,$monat,$jahr);
}
elsif ( $dattyp eq "LOC" ) {
my $timesec=timelocal($sekunde,$minute,$stunde,$tag,$monat,$jahr);
}
else {
$timesec=0;
}
}
###
sub print_usage () {
print_revision($PROGNAME,$REVISION);
print "Usage: $PROGNAME -f <filename> [-w <warn> -c <crit>]\n";
}
###
sub print_help () {
print "Checking the expiration date (Next Update) of a revocation list.
";
print_usage();
print "
-f, --filename=STRING
name and location of the revocation list file
-w, --warning=INTEGER
Number of days left (Defaults: $def_warn)
-c, --critical=INTEGER
Number of days left (Defaults: $def_crit)
";
}