From 38b34a37a2b2c4ebcee3dc91ac70f7c2a91380d4 Mon Sep 17 00:00:00 2001 From: "Hahn Axel (hahn)" <axel.hahn@unibe.ch> Date: Wed, 24 Apr 2024 09:19:57 +0200 Subject: [PATCH] add doc page for check_ssl_certs --- docs/20_Checks/_index.md | 2 +- docs/20_Checks/check_ssl_certs.md | 82 +++++++++++++++++++++++++++++++ 2 files changed, 83 insertions(+), 1 deletion(-) create mode 100644 docs/20_Checks/check_ssl_certs.md diff --git a/docs/20_Checks/_index.md b/docs/20_Checks/_index.md index 0a3a421..d9b92da 100644 --- a/docs/20_Checks/_index.md +++ b/docs/20_Checks/_index.md @@ -54,7 +54,7 @@ There is one include script used by all checks: * check_snmp_switch * [check_snmp_synology](check_snmp_synology.md) * check_ssl -* check_ssl_certs +* [check_ssl_certs](check_ssl_certs.md) * check_systemdservices * [check_systemdunit](check_systemdunit.md) * check_timesync diff --git a/docs/20_Checks/check_ssl_certs.md b/docs/20_Checks/check_ssl_certs.md new file mode 100644 index 0000000..a9dc336 --- /dev/null +++ b/docs/20_Checks/check_ssl_certs.md @@ -0,0 +1,82 @@ +# check SNMP data + +## Introduction + +**check_ssl_certs** is a plugin to check local certificats. + +It loops over 1 or multiple certificate files and reads the expiration date from is. +This functionality requires the openssl binary in $PATH. + +It sends performace data with count of days left. + +## Syntax + +Start the script with `-h` to get the help. + +```txt +______________________________________________________________________ + +CHECK_SSL_CERTS +v1.4 + +(c) Institute for Medical Education - University of Bern +Licence: GNU GPL 3 + +https://os-docs.iml.unibe.ch/icinga-checks/Checks/check_ssl_certs.html +______________________________________________________________________ + +Check locally installed SSL client certificates and warn if the +expiration date comes closer. + +SYNTAX: +check_ssl_certs [-w WARN_LIMIT] [-c CRITICAL_LIMIT] [-f "FILELIST"] + +OPTIONS: + + -f FILELIST file filter to find certificates using globbing + (default: /etc/ssl/certs/*.cert.cer) + To use multiple sources seperate them with a space char. + Quote your parameter value if you use multiple sources or * char. + -w VALUE warning level in days before expiration (default: 14) + -c VALUE critical level in days before expiration (default: 5) + + -h or --help show this help. + +PARAMETERS: + + None. + +EXAMPLE: + + check_ssl_certs -f "/etc/ssl/certs/*example.com.*.cer /somewhere/else/*.cer" + Set 2 folders where to find the client certificates. + They are seperated by space and both use * for globbing + + check_ssl_certs -w 30 -c 3 + Overide the warning and critical level. + +``` + +## Examples + +### Get values + +`./check_ssl_certs` + +Checks files that match the default filter `/etc/ssl/certs/*.cert.cer`. + +```txt +OK: SSL certs :: OK www.example.com [34d] ; + +----- [1 of 1] www.example.com - expires in 34 days +Issuer: C=US, O=Let's Encrypt, CN=R3 +Not Before: Feb 28 23:25:10 2024 GMT +Not After : May 28 23:25:09 2024 GMT +Subject: CN=www.example.com +DNS:www.example.com +File: /etc/ssl/certs/www.example.com.cert.cer + +INFO: warning starts 14 d before expiration, raising to critical 5 days before + + |ssl-wwwexamplecom=34;;;0 +``` -- GitLab