From c1e917733364232af8a4d198bdf2719aa942fff2 Mon Sep 17 00:00:00 2001
From: "Hahn Axel (hahn)" <axel.hahn@unibe.ch>
Date: Wed, 12 Feb 2025 11:55:57 +0100
Subject: [PATCH 1/5] update check_ceph_diskfree
---
check_ceph_diskfree | 10 +++++++---
docs/20_Checks/check_ceph_diskfree.md | 10 ++++++++--
2 files changed, 15 insertions(+), 5 deletions(-)
diff --git a/check_ceph_diskfree b/check_ceph_diskfree
index ef608ca..b9e9bc3 100755
--- a/check_ceph_diskfree
+++ b/check_ceph_diskfree
@@ -22,11 +22,12 @@
# 2023-06-19 v1.4 <axel.hahn@unibe.ch> no more tmpfile
# 2023-07-27 v1.5 <axel.hahn@unibe.ch> update help page
# 2023-10-20 v1.6 <axel.hahn@unibe.ch> harden sudo command execution
+# 2025-02-12 v1.7 <axel.hahn@unibe.ch> Show -w and -c param in help
# ======================================================================
. $(dirname $0)/inc_pluginfunctions
-export self_APPVERSION=1.6
+export self_APPVERSION=1.7
typeset -i iWarning=0
typeset -i iCritical=0
@@ -48,6 +49,9 @@ $(basename $0)
OPTIONS:
-h or --help show this help.
+ -w VALUE warning level (default: 70)
+ -c VALUE critical level (default: 90)
+
EOF
}
@@ -68,8 +72,8 @@ esac
ph.require ceph
# set default / override from command line params
-typeset -i iWarnLimit=$( ph.getValueWithParam 70 w "$@")
-typeset -i iCriticalLimit=$( ph.getValueWithParam 90 c "$@")
+typeset -i iWarnLimit; iWarnLimit=$( ph.getValueWithParam 70 w "$@")
+typeset -i iCriticalLimit; iCriticalLimit=$( ph.getValueWithParam 90 c "$@")
if ! data=$( sudo -n /bin/ceph df 2>&1 )
then
diff --git a/docs/20_Checks/check_ceph_diskfree.md b/docs/20_Checks/check_ceph_diskfree.md
index b97183d..36bedae 100644
--- a/docs/20_Checks/check_ceph_diskfree.md
+++ b/docs/20_Checks/check_ceph_diskfree.md
@@ -27,11 +27,13 @@ From this repository ypu need next to this script:
$ check_ceph_diskfree -h
______________________________________________________________________
-CHECK_CEPH_DISKFREE
-v1.6
+CHECK_CEPH_DISKFREE
+v1.7
(c) Institute for Medical Education - University of Bern
Licence: GNU GPL 3
+
+https://os-docs.iml.unibe.ch/icinga-checks/Checks/check_ceph_diskfree.html
______________________________________________________________________
Show available and free space on a ceph cluster.
@@ -44,6 +46,10 @@ check_ceph_diskfree
OPTIONS:
-h or --help show this help.
+
+ -w VALUE warning level (default: 70)
+ -c VALUE critical level (default: 90)
+
```
### Parameters
--
GitLab
From 9490438517c1aa76af383847f98c975b881f0fc7 Mon Sep 17 00:00:00 2001
From: "Hahn Axel (hahn)" <axel.hahn@unibe.ch>
Date: Wed, 12 Feb 2025 11:56:29 +0100
Subject: [PATCH 2/5] update help for ph.getValueWithParam
---
docs/30_Shared_functions/inc_pluginfunctions.md | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/docs/30_Shared_functions/inc_pluginfunctions.md b/docs/30_Shared_functions/inc_pluginfunctions.md
index 83b3367..d504796 100644
--- a/docs/30_Shared_functions/inc_pluginfunctions.md
+++ b/docs/30_Shared_functions/inc_pluginfunctions.md
@@ -163,7 +163,7 @@ Return default value or its override from command line.
Syntax:
```text
-ph.getFileAge VALUE PARAMNAME "$@"
+ph.getValueWithParam VALUE PARAMNAME "$@"
```
Parameters:
@@ -176,8 +176,8 @@ Example:
```shell
# set default / override from command line params
-typeset -i iWarnLimit=$( ph.getValueWithParam 75 w "$@")
-typeset -i iCriticalLimit=$( ph.getValueWithParam 90 c "$@")
+typeset -i iWarnLimit; iWarnLimit=$( ph.getValueWithParam 70 w "$@")
+typeset -i iCriticalLimit; iCriticalLimit=$( ph.getValueWithParam 90 c "$@")
```
This will set variable iWarnLimit based on CLI parameter -w [value] ... if it does not exist it gets the default 75.
--
GitLab
From 9a57aed7557ac05962d27c941d42f3e09e5de15d Mon Sep 17 00:00:00 2001
From: "Hahn Axel (hahn)" <axel.hahn@unibe.ch>
Date: Wed, 12 Feb 2025 12:11:41 +0100
Subject: [PATCH 3/5] acheck_ssl: add IML header in help; add warning and
critical level
---
check_ssl | 124 ++++++++++++++++++++++++++++++++++--------------------
1 file changed, 78 insertions(+), 46 deletions(-)
diff --git a/check_ssl b/check_ssl
index 77e8938..566d5e6 100755
--- a/check_ssl
+++ b/check_ssl
@@ -18,17 +18,18 @@
# 2020-03-05 v1.1 <axel.hahn@iml.unibe.ch> switch to ph.* helper functions
# 2023-02-13 v1.2 <axel.hahn@unibe.ch> some shell fixes
# 2023-08-23 v1.3 <axel.hahn@unibe.ch> fix wrong exitcode to "critical"
+# 2025-02-12 v1.4 <axel.hahn@unibe.ch> add IML header in help; add warning and critical level
# ======================================================================
. $(dirname $0)/inc_pluginfunctions
+self_APPNAME=$( basename $0 | tr [:lower:] [:upper:] )
+self_APPVERSION=1.4
+
sDomain=
iPort=443
-
-iWarnDaysBefore=60
-
typeset -i iErrors=0
typeset -i iWarnings=0
@@ -40,13 +41,36 @@ sStatus=
# show help with syntax
function showHelp(){
- echo
- echo ----- SSL Check v1.0
- echo
- echo "SYNTAX: $(basename $0) [domain] [[port]]"
- echo " domain - domain to verify the ssl vertificate from (required)"
- echo " port - port number to connect (default: 443)"
- echo
+ _self=$( basename $0 )
+cat <<EOH
+$( ph.showImlHelpHeader )
+
+Check if ssl certificate of a given domain is still valid.
+You can check https or any other port of a ssl enabled service like LDAPS,
+IMPAS and others.
+
+You can customize the values for warning and critical level.
+
+SYNTAX: $_self [options] DOMAIN [PORT]
+
+OPTIONS
+ -w VALUE warning level for expiration in days (default: 28)
+ -c VALUE critical level for expiration in days (default: 7)
+
+PARAMETERS
+ DOMAIN domain to verify the ssl vertificate from (required)
+ PORT optional: port number to connect (default: 443)
+
+
+EXAMPLES
+
+ $_self www.iml.unibe.ch 443
+ check https port 443
+
+ $_self -w 30 -c 14 ldap.example.com 636
+ check ldaps port 636 and set custom warning and critical level
+
+EOH
}
@@ -57,73 +81,81 @@ function showHelp(){
# --- check requirements
- ph.require openssl
+ph.require openssl
- if [ $# -eq 0 ]; then
+if [ $# -eq 0 ]; then
showHelp
- ph.abort
- fi
+ exit 0
+fi
# --- start
- sDomain=$1
- if [ ! -z $2 ]; then
- iPort=$2
- fi
+# set default / override from command line params
+typeset -i iWarnLimit; iWarnLimit=$( ph.getValueWithParam 28 w "$@")
+typeset -i iCriticalLimit; iCriticalLimit=$( ph.getValueWithParam 7 c "$@")
+
+sParams="$*"
+sP1="$( rev <<< $sParams | cut -f 2 -d ' ' | rev )"
+sP2="$( rev <<< $sParams | cut -f 1 -d ' ' | rev )"
+if grep -q "^[0-9]*$" <<< $sP2; then
+ sDomain=$sP1
+ iPort=$sP2
+else
+ sDomain=$sP2
+fi
# --- try to connect
- echo | openssl s_client -connect ${sDomain}:${iPort} >/dev/null 2>&1
- if [ $? -ne 0 ]; then
+echo | openssl s_client -connect ${sDomain}:${iPort} >/dev/null 2>&1
+if [ $? -ne 0 ]; then
ph.setStatus "critical"
ph.status "unable to connect to ${sDomain} via port :${iPort} - maybe wrong host ... or port ... wrong chaining"
# repeat the last command without redirecting output
echo | openssl s_client -connect ${sDomain}:${iPort}
ph.exit
- fi
+fi
- echo | openssl s_client -connect ${sDomain}:${iPort} 2>/dev/null | openssl x509 -noout -subject | grep -F ${sDomain} >/dev/null
- if [ $? -ne 0 ]; then
+echo | openssl s_client -connect ${sDomain}:${iPort} 2>/dev/null | openssl x509 -noout -subject | grep -F ${sDomain} >/dev/null
+if [ $? -ne 0 ]; then
ph.setStatus "unknown"
echo SORRY, openssl was unable to fetch the right certificate - this happens on multiple ssl webs - it finds
echo | openssl s_client -connect ${sDomain}:${iPort} 2>/dev/null | openssl x509 -noout -subject
ph.exit
- fi
+fi
# --- unix timestamps valid from .. to
- dateFrom=$(echo | openssl s_client -connect ${sDomain}:${iPort} 2>/dev/null | openssl x509 -noout -startdate | cut -f 2 -d "=")
- dateTo=$(echo | openssl s_client -connect ${sDomain}:${iPort} 2>/dev/null | openssl x509 -noout -enddate | cut -f 2 -d "=")
-
- tsFrom=$(date -d "${dateFrom}" +%s)
- tsTo=$(date -d "${dateTo}" +%s)
+dateFrom=$(echo | openssl s_client -connect ${sDomain}:${iPort} 2>/dev/null | openssl x509 -noout -startdate | cut -f 2 -d "=")
+dateTo=$(echo | openssl s_client -connect ${sDomain}:${iPort} 2>/dev/null | openssl x509 -noout -enddate | cut -f 2 -d "=")
- tsNow=$(date +%s)
- typeset -i iDaysLeft=($tsTo-$tsNow)/60/60/24
+tsFrom=$(date -d "${dateFrom}" +%s)
+tsTo=$(date -d "${dateTo}" +%s)
+tsNow=$(date +%s)
+typeset -i iDaysLeft=($tsTo-$tsNow)/60/60/24
# --- check date
- if [ ${tsFrom} -gt ${tsNow} ]; then
+if [ ${tsFrom} -gt ${tsNow} ]; then
ph.setStatus "critical"
ph.status "certificate ${sDomain}:${iPort} is not valid yet - ${dateFrom}"
- else
- if [ ${tsTo} -lt ${tsNow} ]; then
- ph.setStatus "critical"
- ph.status "certificate ${sDomain}:${iPort} is out of date - ${dateTo} - ${iDaysLeft} days"
else
- # --- check close ending day
- if [ ${iDaysLeft} -lt ${iWarnDaysBefore} ]; then
- ph.setStatus "warning"
- ph.status "certificate ${sDomain}:${iPort} is out of date - ${dateTo} - ${iDaysLeft} days"
- else
- ph.setStatus "ok"
- ph.status "${sDomain}:${iPort} - valid to ${dateTo} (${iDaysLeft} days left)"
- fi
+ if [ ${tsTo} -lt ${tsNow} ]||[ ${iDaysLeft} -le $iCriticalLimit ]; then
+ ph.setStatus "critical"
+ ph.status "certificate ${sDomain}:${iPort} is out of date - ${dateTo} - ${iDaysLeft} days"
+ else
+ # --- check close ending day
+ if [ ${iDaysLeft} -lt ${iWarnLimit} ]; then
+ ph.setStatus "warning"
+ ph.status "certificate ${sDomain}:${iPort} is out of date - ${dateTo} - ${iDaysLeft} days"
+ else
+ ph.setStatus "ok"
+ ph.status "${sDomain}:${iPort} - valid to ${dateTo} (${iDaysLeft} days left)"
+ fi
fi
- fi
+fi
- ph.exit
+ph.exit
# ----------------------------------------------------------------------
--
GitLab
From 12f932a6c2a337874d8b0395b3ad21452c6d6fa5 Mon Sep 17 00:00:00 2001
From: "Hahn Axel (hahn)" <axel.hahn@unibe.ch>
Date: Wed, 12 Feb 2025 12:11:57 +0100
Subject: [PATCH 4/5] add help for check_ssl
---
docs/20_Checks/check_ssl.md | 76 +++++++++++++++++++++++++++++++++++++
1 file changed, 76 insertions(+)
create mode 100644 docs/20_Checks/check_ssl.md
diff --git a/docs/20_Checks/check_ssl.md b/docs/20_Checks/check_ssl.md
new file mode 100644
index 0000000..7c3b73d
--- /dev/null
+++ b/docs/20_Checks/check_ssl.md
@@ -0,0 +1,76 @@
+## Check ssl
+
+Script: `check_ssl`
+
+**check_ssl_certs** is a plugin to check an ssl connection to a host on given port.
+
+## Requirements
+
+* openssl client
+
+## Standalone installation
+
+From this repository ypu need next to this script:
+
+* `inc_pluginfunctions` shared function for all IML checks written in bash
+
+## Syntax
+
+Start the script without params to get the help.
+
+```txt
+______________________________________________________________________
+
+CHECK_SSL
+v1.4
+
+(c) Institute for Medical Education - University of Bern
+Licence: GNU GPL 3
+
+https://os-docs.iml.unibe.ch/icinga-checks/Checks/check_ssl.html
+______________________________________________________________________
+
+Check if ssl certificate of a given domain is still valid.
+You can check https or any other port of a ssl enabled service like LDAPS,
+IMPAS and others.
+
+You can customize the values for warning and critical level.
+
+SYNTAX: check_ssl [options] DOMAIN [PORT]
+
+OPTIONS
+ -w VALUE warning level for expiration in days (default: 28)
+ -c VALUE critical level for expiration in days (default: 7)
+
+PARAMETERS
+ DOMAIN domain to verify the ssl vertificate from (required)
+ PORT optional: port number to connect (default: 443)
+
+
+EXAMPLES
+
+ check_ssl www.iml.unibe.ch 443
+ check https port 443
+
+ check_ssl -w 30 -c 14 ldap.example.com 636
+ check ldaps port 636 and set custom warning and critical level
+
+```
+
+## Examples
+
+### Check Website with https
+
+To check a domain name on port 443 add the domain to connect as parameter. The port number 443 is default and not needed.
+
+```txt
+./check_ssl www.iml.unibe.ch
+OK: www.iml.unibe.ch:443 - valid to Apr 23 00:38:13 2025 GMT (69 days left)
+```
+
+### Check Ldaps
+
+```txt
+./check_ssl ldap.example.com 636
+OK: ldap.example.com:636 - valid to Apr 6 00:44:42 2025 GMT (52 days left)
+```
--
GitLab
From 13d0fa56dca9c0907f4a18d28cf7ebc2cc3a6ba1 Mon Sep 17 00:00:00 2001
From: "Hahn Axel (hahn)" <axel.hahn@unibe.ch>
Date: Wed, 12 Feb 2025 12:12:50 +0100
Subject: [PATCH 5/5] link check_ssl in index page
---
docs/20_Checks/_index.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/20_Checks/_index.md b/docs/20_Checks/_index.md
index 869a346..ca5cc74 100644
--- a/docs/20_Checks/_index.md
+++ b/docs/20_Checks/_index.md
@@ -47,7 +47,7 @@
* [check_snmp_data](check_snmp_data.md)
* [check_snmp_printer](check_snmp_printer.md)
* [check_snmp_synology](check_snmp_synology.md)
-* check_ssl
+* [check_ssl](check_ssl.md)
* [check_ssl_certs](check_ssl_certs.md)
* check_systemdservices
* [check_systemdunit](check_systemdunit.md)
--
GitLab