Committing some small, forgotten modifications

nagios/check_linux_memory2.sh

@@ -3,6 +3,8 @@
 # Plugin to check system memory
 # by hugme (nagios@hugme.org)
 # You can find my checks here: https://github.com/hugme/Nag_checks
+# Updated by Chl / https://code.bugness.org/chl/scripts-admin-quickndirty-public
+#
 # Nagios script to check memory usage on linux server
 # version 2.0.0
 #

nagios/etc/76_netstat.cfg

@@ -1,3 +1,3 @@
 # Commande de check sur le nombre de connexions TCP et UDP
 command[check_netstat_connectioncount]=/usr/local/share/scripts-admin/nagios/check_netstat_connectioncount.sh -w 1:3 -c 1:5 -p 22
-#command[check_netstat_connectioncount]=/usr/local/share/scripts-admin/nagios/check_netstat_connectioncount.sh -w 1:3 -c 1:5 -p 22  -w 1:100 -c 1:200 -p80 -p 443  -p all -p listen-unix
+#command[check_netstat_connectioncount]=/usr/local/share/scripts-admin/nagios/check_netstat_connectioncount.sh -w 1:3 -c 1:5 -p 22  -w 1:100 -c 1:200 -p80 -p 443  -p all -p listen-unix -p cmd:postgresql_container1_5432:"docker exec -u postgres container1 psql -A -t -c 'select count(*) from pg_stat_activity;'"

openssl-little-CA/CA.sh

@@ -177,13 +177,13 @@ case $1 in
     exit $RET
     ;;
 -sign|-signreq)
-		# Display a notice/warning when copy_extensions is disabled/enabled
+    # Display a notice/warning when copy_extensions is disabled/enabled
-		# FIXME: we grep on the whole openssl.cnf file instead of just the 'ca' -> 'CA_default' section
+    # FIXME: we grep on the whole openssl.cnf file instead of just the 'ca' -> 'CA_default' section
-		if grep -q '^[[:space:]]*copy_extensions[[:space:]]*=[[:space:]]*copy' $( echo "$SSLEAY_CONFIG" | sed 's/-config//' ); then
+    if grep -q '^[[:space:]]*copy_extensions[[:space:]]*=[[:space:]]*copy' $( echo "$SSLEAY_CONFIG" | sed 's/-config//' ); then
-			echo "warning: copy_extensions is enabled, read the certificate carefully before signing."
+      echo "warning: copy_extensions is enabled, read the certificate carefully before signing."
-		else
+    else
-			echo "notice: copy_extensions disabled, extension such as SubjectAltName will be stripped."
+      echo "notice: copy_extensions disabled, extension such as SubjectAltName will be stripped."
-		fi
+    fi
     $CA -policy policy_anything -out newcert.pem -days "$DAYS" -infiles newreq.pem
     RET=$?
     cat newcert.pem

openssl-little-CA/readme.txt

@@ -17,3 +17,19 @@ Champs déjà customisés :
 - default_bits : par défaut, il était à 2048. Mis à 4096 parce que j'aime bien pousser les limites :)
 Champs à revoir en général :
 - countryName_default, stateOrProvinceName_default, etc. : permet d'éviter de les rentrer à chaque génération de certificate request.
+
+Aide mémoire :
+- CSR rapide :
+```
+# Génération de la clef (au choix: RSA, ECDSA, ...)
+# - RSA
+openssl genrsa -out $( hostname -f ).key 2048
+# - ECDSA
+openssl ecparam -name prime256v1 -genkey -out $( hostname -f ).key
+
+# Génération du CSR :
+openssl req -new -sha256 -key $( hostname -f ).key -subj "/CN=$( hostname -f )" > $( hostname -f ).csr
+# ou, via les subjectAltName :
+openssl req -new -sha256 -key domain.key -subj "/" -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:yoursite.com,DNS:www.yoursite.com")) > domain.csr
+# + copy_extensions = copy dans openssl.cnf
+```