diff --git a/frogg_ssl_check.sh b/frogg_ssl_check.sh new file mode 100644 index 0000000..abe7000 --- /dev/null +++ b/frogg_ssl_check.sh @@ -0,0 +1,152 @@ +#!/bin/bash +# _ __ _ +# ((-)).--.((-)) +# / '' \ +# ( \______/ ) +# \ ( ) / +# / /~~~~~~~~\ \ +# /~~\/ / \ \/~~\ +# ( ( ( ) ) ) +# \ \ \ \ / / / / +# _\ \/ \.______./ \/ /_ +# ___/ /\__________/\ \___ +# ***************************** +# Frogg - admin@frogg.fr +# http://github.com/FroggDev/zabbix-ssl +# ***************************** + +########## +# PARAMS # +########## +# init the list of required parameters +REQUIRES=("-a" "-s" "-p") + + +### PART 1 : send user param in array + +# Requires bash 4 for associative array +declare -A PARAMS +for arg in "$@" +do + + case ${arg} in + # use only params well formated (-command=value) + # and store as associative array + (-*=*) + PARAMS[${arg%%=*}]=${arg#*=} + ;; + # help case + (-h|-help|--help|-?)PARAMS[-a]="help";; + esac +done + +### PART 2 : check if required params are set + +# if all required params arent set return a special number to be catch in Zabbix template +for REQUIRE in ${REQUIRES[@]} +do + [ -z ${PARAMS[$REQUIRE]} ] && echo 9999999999 && exit +# Set the help for out of box usage +#[ -z ${PARAMS[$REQUIRE]} ] && PARAMS[-a]="help" +done + + +######## +# HELP # +######## +# --- +# display the script help +function displayHelp +{ +# Clean screen +#clear + +echo -e "**********************\n" +echo -e "SSL script params:\n" +echo -e "------------------\n" +echo -e "-a={value} : action (expire/exist/mixed-content)\n" +echo -e "-s={value} : server\n" +echo -e "-p={value} : port\n" +echo -e "-h : display help\n" +echo -e "**********************\n" +} +######### +# FUNCS # +######### + +# --- +# Check if can get SSL Cert +# @param serverIP +# @param server ssl port +# @return 1 if all is ok else 0 +function isSSLCertAvailable() +{ +timeout 5 bash -c \ + echo "QUIT" | \ + openssl s_client -connect $1:$2 -servername $1 2>/dev/null 2>/dev/null | \ + openssl x509 >/dev/null 2>&1 \ + && echo 1 || echo 0 +} + +# --- +# Get the number of day left until SSL certificate expire +# @param serverIP +# @param server ssl port +# @return number of days left as int +function getSSLExpireDayLeft() +{ +# Get expire date +EXPIRE=$(date -d "$(echo "QUIT" | openssl s_client -connect $1:$2 -servername $1 2>/dev/null | openssl x509 -text 2>/dev/null | grep 'Not After' | awk '{print $4,$5,$7}')" +%s); +# Get today as +TODAY=$(date +%s); +# Return diff between expire and today +echo $((($EXPIRE - $TODAY)/(3600*24))) +} + +# --- +# Check if can get content in less than 3 sec +# @param serverIP +# @param server ssl port +# @return 0 OK / 1 timeout / 2 ssl error / 3 empty content +function checkContent() +{ +CONTENT=$(wget https://$1:$2 --timeout=3 --tries=1 --no-check-certificate -O - 2>&1) + + +if [[ $CONTENT == *"Read error (Connection timed out) in headers."* ]]; then + # time out + echo 1 + exit +fi + +if [[ $CONTENT == *"Unable to establish SSL connection."* ]]; then + # ssl error + echo 2 + exit +fi + + +if [[ -z $CONTENT ]]; then + # content empty + echo 3 + exit +fi + +# ok +echo 0 +} + +######## +# MAIN # +######## + +case ${PARAMS[-a]} in + # command get day untill expire + ("expire")echo $(getSSLExpireDayLeft ${PARAMS[-s]} ${PARAMS[-p]});; + # command is cert available + ("exist")echo $(isSSLCertAvailable ${PARAMS[-s]} ${PARAMS[-p]});; + # command is cert available + ("content")echo $(checkContent ${PARAMS[-s]} ${PARAMS[-p]});; + # command to display help + (*)echo $(displayHelp);; +esac