Skip to content
Commits on Source (10)
Show whitespace changes
Inline Side-by-side
check_httpd_status/check_httpd_status
View file @ 92bea70f
......@@ -235,6 +235,10 @@ logD("Web content :\n----------------------------\n".$webcontent."\n------------
my $patternFound = 0;
my $Uptime = 0;
# if ( $webcontent =~ m/Uptime: (.*?)\n/) {
# $Uptime = $1;
# $patternFound++;
# }
### FIXME XH 20171204 catch ServerUptimeSeconds, not [Server]Uptime. Change in server-status between 2.2 & 2.4
if ( $webcontent =~ m/\b(ServerUptimeSeconds|Uptime): (\d+)\n/) {
$Uptime = $2;
......
check_httpd_status/control
View file @ 92bea70f
Homepage: http://cvs.orion.education.fr/viewvc/viewvc.cgi/nagios-plugins-perl/trunk/plugins/check_httpd_status.pl?view=log
Watch: http://cvs.orion.education.fr/viewvc/viewvc.cgi/nagios-plugins-perl/trunk/plugins/check_httpd_status.pl?view=log <a name="(rev[^"]+)"></a>
Recommends: liblocale-gettext-perl, libmonitoring-plugin-perl | libnagios-plugin-perl, liblwp-useragent-determined-perl
Version: rev193
Version: rev204
Uploaders: Jan Wagner <waja@cyconet.org>
Description: plugin checking Apache or Lighthttpd
server-status page (using mod_status)
check_ssl_cert/check_ssl_cert-1.73.0/AUTHORS check_ssl_cert/check_ssl_cert-1.76.0/AUTHORS
View file @ 92bea70f
......@@ -73,3 +73,5 @@ Thanks:
* Many thanks to Vojtech Horky (https://github.com/vhotspur) for the --format patch
* Many thanks to Markus Frosch (https://github.com/lazyfrosch) for the cleanup patch
* Many thanks to Ricardo Bartels (https://github.com/bb-Ricardo) for the patches fixing unit tests, long output on Linux, extending the issuer checks to the whole chain
* Many thanks to eimamagi (https://github.com/eimamagi) for the client key patch
* Many thanks to Stefan Schlesinger for the HTTP_REQUEST patch
\ No newline at end of file
check_ssl_cert/check_ssl_cert-1.73.0/ChangeLog check_ssl_cert/check_ssl_cert-1.76.0/ChangeLog
View file @ 92bea70f
2018-10-19 Matteo Corti <matteo@corti.li>
* check_ssl_cert: Fixed the HTTP request string
2018-10-18 eimamagi <https://github.com/eimamagi>
* check_ssl_cert: Allow to specify a client certificate key
2018-10-15 Matteo Corti <matteo@corti.li>
* check_ssl_cert (exec_with_timeout): fixed the check on the the return value
2018-08-10 Matteo Corti <matteo@corti.li>
* check_ssl_cert: disabling OCSP checks if no OCSP host is found
......
check_ssl_cert/check_ssl_cert-1.73.0/NEWS check_ssl_cert/check_ssl_cert-1.76.0/NEWS
View file @ 92bea70f
2018-10-19 Version 1.76.0: Sends a correct HTTP request
2018-10-18 Version 1.75.0: Allow to specify a client certificate key
2018-10-15 Version 1.74.0: Fixed a bug generating a confusing error message on timeout
2018-09-10 Version 1.73.0: Fixed a bug in the cleanup of temporary files, fixed a bug with certificates without OCSP
Fixed tests with more reliable hosts
Allows to check against all the issuers in the CA chain
......
check_ssl_cert/check_ssl_cert-1.73.0/check_ssl_cert check_ssl_cert/check_ssl_cert-1.76.0/check_ssl_cert
View file @ 92bea70f
......@@ -19,7 +19,7 @@
################################################################################
# Constants
VERSION=1.73.0
VERSION=1.76.0
SHORTNAME="SSL_CERT"
VALID_ATTRIBUTES=",startdate,enddate,subject,issuer,serial,modulus,serial,hash,email,ocsp_uri,fingerprint,"
......@@ -81,6 +81,7 @@ usage() {
echo " --ignore-ssl-labs-cache Forces a new check by SSL Labs (see -L)"
echo " -i,--issuer issuer pattern to match the issuer of the certificate"
echo " --issuer-cert-cache dir directory where to store issuer certificates cache"
echo " -K,--clientkey path use client certificate key to authenticate"
echo " -L,--check-ssl-labs grade SSL Labs assessment"
echo " (please check https://www.ssllabs.com/about/terms.html)"
echo " --long-output list append the specified comma separated (no spaces) list"
......@@ -264,15 +265,25 @@ exec_with_timeout() {
eval "${TIMEOUT_BIN} $time $command" > /dev/null 2>&1
if [ $? = 137 ] ; then
if [ $? -eq 137 ] ; then
critical "Timeout after ${time} seconds"
fi
elif [ -n "${EXPECT}" ] ; then
if [ -n "${DEBUG}" ] ; then
echo "[DBG] expect -c \"set echo \\\"-noecho\\\"; set timeout $time; spawn -noecho $command; expect timeout { exit 1 } eof { exit 0 }\""
fi
expect -c "set echo \"-noecho\"; set timeout $time; spawn -noecho $command; expect timeout { exit 1 } eof { exit 0 }"
if [ $? = 1 ] ; then
RET=$?
if [ -n "${DEBUG}" ] ; then
echo "[DBG] expect returned ${RET}"
fi
if [ "${RET}" -eq 1 ] ; then
critical "Timeout after ${time} seconds"
fi
......@@ -435,7 +446,7 @@ fetch_certificate() {
else
exec_with_timeout "$TIMEOUT" "echo 'Q' | $OPENSSL s_client ${CLIENT} ${CLIENTPASS} -connect $HOST:$PORT ${SERVERNAME} -showcerts -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} 2> ${ERROR} 1> ${CERT}"
exec_with_timeout "$TIMEOUT" "echo '${HTTP_REQUEST}' | $OPENSSL s_client ${CLIENT} ${CLIENTPASS} -crlf -ign_eof -connect $HOST:$PORT ${SERVERNAME} -showcerts -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} 2> ${ERROR} 1> ${CERT}"
RET=$?
fi
......@@ -829,6 +840,14 @@ main() {
unknown "-c,--clientcert requires an argument"
fi
;;
-K|--clientkey)
if [ $# -gt 1 ]; then
CLIENT_KEY="$2"
shift 2
else
unknown "-K,--clientkey requires an argument"
fi
;;
--clientpass)
if [ $# -gt 1 ]; then
CLIENT_PASS="$2"
......@@ -964,6 +983,14 @@ main() {
fi
if [ -n "${CLIENT_KEY}" ] ; then
if [ ! -r "${CLIENT_KEY}" ] ; then
unknown "Cannot read client certificate key ${CLIENT_KEY}"
fi
fi
if [ -n "${CRITICAL}" ] ; then
if ! echo "${CRITICAL}" | grep -q '^[0-9][0-9]*$' ; then
......@@ -1224,6 +1251,15 @@ main() {
fi
fi
################################################################################
# define the HTTP request string
if [ -n "${SNI}" ]; then
HOST_HEADER="${SNI}"
else
HOST_HEADER="${HOST}"
fi
HTTP_REQUEST="HEAD / HTTP/1.1\\nHost: ${HOST_HEADER}\\nUser-Agent: check_ssl_cert/${VERSION}\\nConnection: close\\n\\n"
################################################################################
# Fetch the X.509 certificate
......@@ -1250,6 +1286,9 @@ main() {
if [ -n "${CLIENT_CERT}" ] ; then
CLIENT="-cert ${CLIENT_CERT}"
fi
if [ -n "${CLIENT_KEY}" ] ; then
CLIENT="${CLIENT} -key ${CLIENT_KEY}"
fi
CLIENTPASS=""
if [ -n "${CLIENT_PASS}" ] ; then
......@@ -1415,7 +1454,7 @@ main() {
echo "checking OCSP stapling"
fi
exec_with_timeout "$TIMEOUT" "echo QUIT | openssl s_client -connect ${HOST}:${PORT} ${SERVERNAME} -status 2> /dev/null | grep -A 17 'OCSP response:' > $OCSP_RESPONSE_TMP"
exec_with_timeout "$TIMEOUT" "echo '${HTTP_REQUEST}' | openssl s_client -connect ${HOST}:${PORT} ${SERVERNAME} -status 2> /dev/null | grep -A 17 'OCSP response:' > $OCSP_RESPONSE_TMP"
if [ -n "${DEBUG}" ] ; then
sed 's/^/[DBG]\ /' "${OCSP_RESPONSE_TMP}"
......
check_ssl_cert/check_ssl_cert-1.73.0/check_ssl_cert.1 check_ssl_cert/check_ssl_cert-1.76.0/check_ssl_cert.1
View file @ 92bea70f
.\" Process this file with
.\" groff -man -Tascii foo.1
.\"
.TH "check_ssl_cert" 1 "September, 2018" "1.73.0" "USER COMMANDS"
.TH "check_ssl_cert" 1 "October, 2018" "1.76.0" "USER COMMANDS"
.SH NAME
check_ssl_cert \- checks the validity of X.509 certificates
.SH SYNOPSIS
......@@ -81,6 +81,9 @@ directory where to store issuer certificates cache
.BR "-i,--issuer" " issuer"
pattern to match the issuer of the certificate
.TP
.BR "-K,--clientkey" " path"
use client certificate key to authenticate
.TP
.BR "-L,--check-ssl-labs grade"
SSL Labs assestment (please check https://www.ssllabs.com/about/terms.html)
.TP
......
check_ssl_cert/check_ssl_cert-1.73.0/check_ssl_cert.spec check_ssl_cert/check_ssl_cert-1.76.0/check_ssl_cert.spec
View file @ 92bea70f
%define version 1.73.0
%define version 1.76.0
%define release 0
%define sourcename check_ssl_cert
%define packagename nagios-plugins-check_ssl_cert
......@@ -45,6 +45,15 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man1/%{sourcename}.1*
%changelog
* Thu Oct 19 2018 Matteo Corti <matteo@corti.li> - 1.76.0-0
- Updated to 1.76.0
* Thu Oct 18 2018 Matteo Corti <matteo@corti.li> - 1.75.0-0
- Updated to 1.75.0
* Mon Oct 15 2018 Matteo Corti <matteo@corti.li> - 1.74.0-0
- Updated to 1.74.0
* Mon Sep 10 2018 Matteo Corti <matteo@corti.li> - 1.73.0-0
- Updated to 1.73.0
......