diff --git a/nagios/check_apache_access_log.pl b/nagios/check_apache_access_log.pl index f4c7ac6..8dbf74f 100755 --- a/nagios/check_apache_access_log.pl +++ b/nagios/check_apache_access_log.pl @@ -79,7 +79,7 @@ sub print_from_offset { while () { if ($_ =~ /^([[:xdigit:].:]+) (.+) (.+) (\[[[:alnum:]\/:]+ \+[[:digit:]]{4}\]) (".*") ([[:digit:]]{3}) ([[:digit:]]+) "(.*)" "(.*)"$/) { #We ignore some IP address - next if ($1 eq '::1' or $1 eq '127.0.0.1'); + next if ($1 eq '::1' or $1 eq '127.0.0.1' or $1 eq '2a01:e35:2ef3:b360::abac:22' or $1 eq '192.168.0.34'); if ($6 >= 200 && $6 < 300) { ++$outputCpt{'2XX'}; diff --git a/script_refresh-proxied-certs.sh b/script_refresh-proxied-certs.sh deleted file mode 100755 index 7b48e18..0000000 --- a/script_refresh-proxied-certs.sh +++ /dev/null @@ -1,50 +0,0 @@ -#!/bin/sh - -# This script is used on a proxy to refresh the certificates -# from the original servers. -# -# Typical arborescence is : -# /etc/ssl/proxy-certs/www.foobar.com.crt -# /etc/ssl/proxy-certs/www.foobar.com.key -# -# note : don't forget to make the webserver reload the new certificates. - -# Stop at the first error -set -e - -EXIT_STATUS=0 -TMPFILE="$( mktemp )" - -for i in *.crt; do - FQDN_HOSTNAME="$( echo $i | sed 's/\.crt$//' )" - - # We don't refresh when there is a certificate request: - # those are locally served websites - if [ ! -f "$FQDN_HOSTNAME.csr" ] && [ "$FQDN_HOSTNAME.key" ]; then - # Fetch the certificate from the origin server and store - # in a temporary file. - openssl s_client \ - -showcerts \ - -servername "$FQDN_HOSTNAME" \ - -connect "$FQDN_HOSTNAME:443" < /dev/null 2>/dev/null | \ - sed -n '/^-----BEGIN CERTIFICATE-----$/,/^-----END CERTIFICATE-----$/p' > "$TMPFILE" - - # Check that the new cert still match the local key - if [ "$( ( openssl x509 -noout -modulus -in "$FQDN_HOSTNAME.crt"; openssl rsa -noout -modulus -in "$FQDN_HOSTNAME.key" ) | uniq | wc -l )" -ne 1 ]; then - # Mismatch : raise an alert - echo "WARNING: retrieved certificate does not match '$FQDN_HOSTNAME.key'" >&2 - EXIT_STATUS=1 - else - # Note: we try not to uselessly write and update the files' mtime, - # but do it anyway if 'diff' is not available. - if ! which diff >/dev/null || ! diff -q "$FQDN_HOSTNAME.crt" "$TMPFILE" >/dev/null ; then - # Update the local certificate without changing ACL - cat "$TMPFILE" > "$FQDN_HOSTNAME.crt" - fi - fi - fi -done - -# Cleanup and exit -rm -f "$TMPFILE" -exit "$EXIT_STATUS"