From 1bfeac89009135f189d8b4d1c535a5185a6e9dc3 Mon Sep 17 00:00:00 2001 From: Chl Date: Sun, 4 May 2025 19:38:14 +0200 Subject: [PATCH] Committing some small, forgotten modifications --- nagios/check_linux_memory2.sh | 2 ++ nagios/etc/76_netstat.cfg | 2 +- openssl-little-CA/CA.sh | 14 +++++++------- openssl-little-CA/readme.txt | 16 ++++++++++++++++ 4 files changed, 26 insertions(+), 8 deletions(-) diff --git a/nagios/check_linux_memory2.sh b/nagios/check_linux_memory2.sh index 5c27142..5f287a9 100755 --- a/nagios/check_linux_memory2.sh +++ b/nagios/check_linux_memory2.sh @@ -3,6 +3,8 @@ # Plugin to check system memory # by hugme (nagios@hugme.org) # You can find my checks here: https://github.com/hugme/Nag_checks +# Updated by Chl / https://code.bugness.org/chl/scripts-admin-quickndirty-public +# # Nagios script to check memory usage on linux server # version 2.0.0 # diff --git a/nagios/etc/76_netstat.cfg b/nagios/etc/76_netstat.cfg index 0eeee5c..f282aff 100644 --- a/nagios/etc/76_netstat.cfg +++ b/nagios/etc/76_netstat.cfg @@ -1,3 +1,3 @@ # Commande de check sur le nombre de connexions TCP et UDP command[check_netstat_connectioncount]=/usr/local/share/scripts-admin/nagios/check_netstat_connectioncount.sh -w 1:3 -c 1:5 -p 22 -#command[check_netstat_connectioncount]=/usr/local/share/scripts-admin/nagios/check_netstat_connectioncount.sh -w 1:3 -c 1:5 -p 22 -w 1:100 -c 1:200 -p80 -p 443 -p all -p listen-unix +#command[check_netstat_connectioncount]=/usr/local/share/scripts-admin/nagios/check_netstat_connectioncount.sh -w 1:3 -c 1:5 -p 22 -w 1:100 -c 1:200 -p80 -p 443 -p all -p listen-unix -p cmd:postgresql_container1_5432:"docker exec -u postgres container1 psql -A -t -c 'select count(*) from pg_stat_activity;'" diff --git a/openssl-little-CA/CA.sh b/openssl-little-CA/CA.sh index 36c31fb..8f7205d 100755 --- a/openssl-little-CA/CA.sh +++ b/openssl-little-CA/CA.sh @@ -177,13 +177,13 @@ case $1 in exit $RET ;; -sign|-signreq) - # Display a notice/warning when copy_extensions is disabled/enabled - # FIXME: we grep on the whole openssl.cnf file instead of just the 'ca' -> 'CA_default' section - if grep -q '^[[:space:]]*copy_extensions[[:space:]]*=[[:space:]]*copy' $( echo "$SSLEAY_CONFIG" | sed 's/-config//' ); then - echo "warning: copy_extensions is enabled, read the certificate carefully before signing." - else - echo "notice: copy_extensions disabled, extension such as SubjectAltName will be stripped." - fi + # Display a notice/warning when copy_extensions is disabled/enabled + # FIXME: we grep on the whole openssl.cnf file instead of just the 'ca' -> 'CA_default' section + if grep -q '^[[:space:]]*copy_extensions[[:space:]]*=[[:space:]]*copy' $( echo "$SSLEAY_CONFIG" | sed 's/-config//' ); then + echo "warning: copy_extensions is enabled, read the certificate carefully before signing." + else + echo "notice: copy_extensions disabled, extension such as SubjectAltName will be stripped." + fi $CA -policy policy_anything -out newcert.pem -days "$DAYS" -infiles newreq.pem RET=$? cat newcert.pem diff --git a/openssl-little-CA/readme.txt b/openssl-little-CA/readme.txt index 279c247..429edeb 100644 --- a/openssl-little-CA/readme.txt +++ b/openssl-little-CA/readme.txt @@ -17,3 +17,19 @@ Champs déjà customisés : - default_bits : par défaut, il était à 2048. Mis à 4096 parce que j'aime bien pousser les limites :) Champs à revoir en général : - countryName_default, stateOrProvinceName_default, etc. : permet d'éviter de les rentrer à chaque génération de certificate request. + +Aide mémoire : +- CSR rapide : +``` +# Génération de la clef (au choix: RSA, ECDSA, ...) +# - RSA +openssl genrsa -out $( hostname -f ).key 2048 +# - ECDSA +openssl ecparam -name prime256v1 -genkey -out $( hostname -f ).key + +# Génération du CSR : +openssl req -new -sha256 -key $( hostname -f ).key -subj "/CN=$( hostname -f )" > $( hostname -f ).csr +# ou, via les subjectAltName : +openssl req -new -sha256 -key domain.key -subj "/" -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:yoursite.com,DNS:www.yoursite.com")) > domain.csr +# + copy_extensions = copy dans openssl.cnf +```