#!/bin/bash # _ __ _ # ((-)).--.((-)) # / '' \ # ( \______/ ) # \ ( ) / # / /~~~~~~~~\ \ # /~~\/ / \ \/~~\ # ( ( ( ) ) ) # \ \ \ \ / / / / # _\ \/ \.______./ \/ /_ # ___/ /\__________/\ \___ # ***************************** # Frogg - admin@frogg.fr # http://github.com/FroggDev/zabbix-ssl # ***************************** ########## # PARAMS # ########## # init the list of required parameters REQUIRES=("-a" "-s" "-p") ### PART 1 : send user param in array # Requires bash 4 for associative array declare -A PARAMS for arg in "$@" do case ${arg} in # use only params well formated (-command=value) # and store as associative array (-*=*) PARAMS[${arg%%=*}]=${arg#*=} ;; # help case (-h|-help|--help|-?)PARAMS[-a]="help";; esac done ### PART 2 : check if required params are set # if all required params arent set return a special number to be catch in Zabbix template for REQUIRE in ${REQUIRES[@]} do [ -z ${PARAMS[$REQUIRE]} ] && echo 9999999999 && exit # Set the help for out of box usage #[ -z ${PARAMS[$REQUIRE]} ] && PARAMS[-a]="help" done ######## # HELP # ######## # --- # display the script help function displayHelp { # Clean screen #clear echo -e "**********************\n" echo -e "SSL script params:\n" echo -e "------------------\n" echo -e "-a={value} : action (expire/exist/mixed-content)\n" echo -e "-s={value} : server\n" echo -e "-p={value} : port\n" echo -e "-h : display help\n" echo -e "**********************\n" } ######### # FUNCS # ######### # --- # Check if can get SSL Cert # @param serverIP # @param server ssl port # @return 1 if all is ok else 0 function isSSLCertAvailable() { timeout 5 bash -c \ echo "QUIT" | \ openssl s_client -connect $1:$2 -servername $1 2>/dev/null 2>/dev/null | \ openssl x509 >/dev/null 2>&1 \ && echo 1 || echo 0 } # --- # Get the number of day left until SSL certificate expire # @param serverIP # @param server ssl port # @return number of days left as int function getSSLExpireDayLeft() { # Get expire date EXPIRE=$(echo | openssl s_client -connect $1:$2 -servername $1 2>/dev/null \ | openssl x509 -noout -enddate \ | cut -d= -f2 \ | xargs -I{} date -d "{}" +%s) # Vérification : si EXPIRE est vide ou n'est pas un nombre, on renvoie une valeur d'erreur pour Zabbix if [ -z "$EXPIRE" ] || ! [[ "$EXPIRE" =~ ^[0-9]+$ ]]; then echo "-1" exit 1 fi # Get today TODAY=$(date +%s) # get diff as float echo "$EXPIRE $TODAY" | awk '{printf "%.3f\n", ($1-$2)/86400}' } # --- # Check if can get content in less than 3 sec # @param serverIP # @param server ssl port # @return 0 OK / 1 timeout / 2 ssl error / 3 empty content function checkContent() { CONTENT=$(wget https://$1:$2 --timeout=3 --tries=1 --no-check-certificate -O - 2>&1) if [[ $CONTENT == *"Read error (Connection timed out) in headers."* ]]; then # time out echo 1 exit fi if [[ $CONTENT == *"Unable to establish SSL connection."* ]]; then # ssl error echo 2 exit fi if [[ -z $CONTENT ]]; then # content empty echo 3 exit fi # ok echo 0 } ######## # MAIN # ######## case ${PARAMS[-a]} in # command get day untill expire ("expire")echo $(getSSLExpireDayLeft ${PARAMS[-s]} ${PARAMS[-p]});; # command is cert available ("exist")echo $(isSSLCertAvailable ${PARAMS[-s]} ${PARAMS[-p]});; # command is cert available ("content")echo $(checkContent ${PARAMS[-s]} ${PARAMS[-p]});; # command to display help (*)echo $(displayHelp);; esac