200 lines
4.9 KiB
Perl
200 lines
4.9 KiB
Perl
#!/usr/bin/perl -w
|
|
#
|
|
#
|
|
# check_crl -f <filename> -w <warn> -c <crit>
|
|
#
|
|
# Script to check the "Next Update" time of a revocation list within the apache
|
|
# webserver (users.crl).
|
|
# Warn and crit are the number of days left before the expiration date is reached.
|
|
#
|
|
# Changes and Modifications
|
|
# =========================
|
|
# 23.05.2007 - 1.0.0 R. Kaiser autinform
|
|
# Created
|
|
#
|
|
|
|
use Time::Local;
|
|
use POSIX;
|
|
use strict;
|
|
use Getopt::Long;
|
|
use vars qw($opt_c $opt_w $opt_f $opt_h $opt_V);
|
|
use vars qw($PROGNAME);
|
|
use vars qw($REVISION);
|
|
use lib "/usr/lib/nagios/plugins" ;
|
|
use utils qw($TIMEOUT %ERRORS &print_revision &support &usage);
|
|
|
|
# Programname and version
|
|
$PROGNAME = "check_crl";
|
|
$REVISION = "\$Revision: 1.0.0 \$";
|
|
|
|
# Definition of my defaults
|
|
my $def_warn=10;
|
|
my $def_crit=4;
|
|
|
|
sub print_help ();
|
|
sub print_usage ();
|
|
sub zeit_wandeln_in_sek ();
|
|
|
|
Getopt::Long::Configure('bundling');
|
|
GetOptions
|
|
("V" => \$opt_V, "version" => \$opt_V,
|
|
"h" => \$opt_h, "help" => \$opt_h,
|
|
"f=s" => \$opt_f, "file=s" => \$opt_f,
|
|
"w=i" => \$opt_w, "warning=i" => \$opt_w,
|
|
"c=i" => \$opt_c, "critical=i" => \$opt_c);
|
|
|
|
if ($opt_V) {
|
|
print_revision($PROGNAME,$REVISION);
|
|
exit $ERRORS{'OK'};
|
|
}
|
|
|
|
if ($opt_h) {print_help(); exit 0;}
|
|
|
|
($opt_f) || ($opt_f = shift) || usage("File not specified\n");
|
|
my $datei = $1 if ($opt_f =~ /^([\/-_.A-Za-z0-9]+)$/);
|
|
($datei) || usage("Invalid filename: $opt_f\n");
|
|
|
|
($opt_w) || ($opt_w = shift) || ($opt_w = $def_warn);
|
|
my $warn = $1 if ($opt_w =~ /^([0-9]{1,4})$/);
|
|
($warn) || usage("Invalid warning threshold: $opt_w\n");
|
|
|
|
($opt_c) || ($opt_c = shift) || ($opt_c = $def_crit);
|
|
my $crit = $1 if ($opt_c =~ /^([0-9]{1,4})$/);
|
|
($crit) || usage("Invalid critical threshold: $opt_c\n");
|
|
|
|
|
|
# verify warning is less than critical
|
|
unless ( $warn > $crit ) {
|
|
usage("days left: warning ($opt_w) should be greater than critical ($opt_c)\n");
|
|
}
|
|
|
|
# check file access
|
|
unless ( -r $datei ) {
|
|
usage("File ($datei) not found or not accessable.\n");
|
|
}
|
|
|
|
# end of params checking
|
|
|
|
|
|
my $state = "OK";
|
|
my $answer = undef;
|
|
my $res = undef;
|
|
my @lines = undef;
|
|
my $datum = undef;
|
|
my $monat= undef;
|
|
my $timesec = undef;
|
|
|
|
# Just in case of problems, let's not hang Nagios
|
|
$SIG{'ALRM'} = sub {
|
|
print "No Answer from Client\n";
|
|
exit $ERRORS{"UNKNOWN"};
|
|
};
|
|
alarm($TIMEOUT);
|
|
|
|
########## Action
|
|
|
|
# Get the "Next Update" line of the crl.
|
|
my $crl_zeit = qx(/usr/bin/openssl crl -noout -text -in $datei | /bin/grep " Next Update:");
|
|
$crl_zeit =~ s/^ +//g; # remove leading blanks
|
|
$crl_zeit =~ s/\n$//; # remove trailing linefeed
|
|
$crl_zeit =~ s/ / /g; # remove multiple blanks
|
|
|
|
my ($nix1, $nix2, $mon, $tag, $zeit, $jahr, $dattyp) = split (/ /, $crl_zeit);
|
|
|
|
# change month from string to number
|
|
my $mon_liste = "JanFebMarAprMayJunJulAugSepOctNovDec";
|
|
$monat = (index($mon_liste, $mon) / 3) + 1;
|
|
|
|
# change to seconds since 01.01.1970
|
|
$timesec = zeit_wandeln_in_sek();
|
|
|
|
# get current time and check the difference
|
|
my $act_time = time();
|
|
my $SekDiff = $timesec - $act_time;
|
|
my $SekRest = $SekDiff;
|
|
|
|
# make the difference human readable
|
|
my $Tage = int($SekRest / (24 * 3600));
|
|
$SekRest = $SekRest - ($Tage * 24 * 3600);
|
|
|
|
my $Stunden = int($SekRest / 3600);
|
|
$SekRest = $SekRest - ($Stunden * 3600);
|
|
|
|
my $Minuten = int($SekRest / 60);
|
|
$SekRest = $SekRest - ($Minuten * 60);
|
|
|
|
#Turn off alarm
|
|
alarm(0);
|
|
|
|
# and now build the answer
|
|
|
|
my $txt_Tage = "Tage";
|
|
my $txt_Stun = "Stunden";
|
|
my $txt_Minu = "Minuten";
|
|
my $txt_Seku = "Sekunden";
|
|
$txt_Tage = "Tag" if ( $Tage == 1 );
|
|
$txt_Stun = "Stunde" if ( $Stunden == 1 );
|
|
$txt_Minu = "Minute" if ( $Minuten == 1 );
|
|
$txt_Seku = "Sekunde" if ( $SekRest == 1 );
|
|
|
|
$answer = "CRL Restzeit: $Tage $txt_Tage, $Stunden $txt_Stun, $Minuten $txt_Minu und $SekRest $txt_Seku.\n";
|
|
|
|
# check the time left with warn and crit
|
|
|
|
if ( $SekDiff <= ($warn * 24 * 3600) ) {
|
|
$state = "WARNING";
|
|
}
|
|
if ( $SekDiff <= ($crit * 24 * 3600) ) {
|
|
$state = "CRITICAL";
|
|
}
|
|
|
|
print $state." ".$answer;
|
|
exit $ERRORS{$state};
|
|
|
|
|
|
############################################################################
|
|
|
|
sub zeit_wandeln_in_sek () {
|
|
|
|
# Den Monat fuer Perl anpassen.
|
|
$monat = $monat - 1;
|
|
|
|
# Die Zeitangabe auseinander nehmen.
|
|
my ($stunde,$minute,$sekunde) = split /\:/, $zeit;
|
|
|
|
if ( $dattyp eq "GMT" ) {
|
|
my $timesec=timegm($sekunde,$minute,$stunde,$tag,$monat,$jahr);
|
|
}
|
|
elsif ( $dattyp eq "LOC" ) {
|
|
my $timesec=timelocal($sekunde,$minute,$stunde,$tag,$monat,$jahr);
|
|
}
|
|
else {
|
|
$timesec=0;
|
|
}
|
|
}
|
|
|
|
###
|
|
|
|
sub print_usage () {
|
|
print_revision($PROGNAME,$REVISION);
|
|
print "Usage: $PROGNAME -f <filename> [-w <warn> -c <crit>]\n";
|
|
}
|
|
|
|
###
|
|
|
|
sub print_help () {
|
|
print "Checking the expiration date (Next Update) of a revocation list.
|
|
|
|
";
|
|
print_usage();
|
|
print "
|
|
-f, --filename=STRING
|
|
name and location of the revocation list file
|
|
-w, --warning=INTEGER
|
|
Number of days left (Defaults: $def_warn)
|
|
-c, --critical=INTEGER
|
|
Number of days left (Defaults: $def_crit)
|
|
|
|
";
|
|
}
|