From 9f16868b918b913f2f220b9420e5f2270e646da8 Mon Sep 17 00:00:00 2001 From: Mathieu Cinquin Date: Mon, 23 Mar 2015 17:29:19 +0100 Subject: [PATCH] first release - refs #6149 --- .../apps/protocols/x509/mode/validity.pm | 246 ++++++++++++++++++ .../apps/protocols/x509/plugin.pm | 63 +++++ 2 files changed, 309 insertions(+) create mode 100644 centreon-plugins/apps/protocols/x509/mode/validity.pm create mode 100644 centreon-plugins/apps/protocols/x509/plugin.pm diff --git a/centreon-plugins/apps/protocols/x509/mode/validity.pm b/centreon-plugins/apps/protocols/x509/mode/validity.pm new file mode 100644 index 000000000..2d78981fe --- /dev/null +++ b/centreon-plugins/apps/protocols/x509/mode/validity.pm @@ -0,0 +1,246 @@ +############################################################################### +# Copyright 2005-2015 CENTREON +# Centreon is developped by : Julien Mathis and Romain Le Merlus under +# GPL Licence 2.0. +# +# This program is free software; you can redistribute it and/or modify it under +# the terms of the GNU General Public License as published by the Free Software +# Foundation ; either version 2 of the License. +# +# This program is distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along with +# this program; if not, see . +# +# Linking this program statically or dynamically with other modules is making a +# combined work based on this program. Thus, the terms and conditions of the GNU +# General Public License cover the whole combination. +# +# As a special exception, the copyright holders of this program give MERETHIS +# permission to link this program with independent modules to produce an timeelapsedutable, +# regardless of the license terms of these independent modules, and to copy and +# distribute the resulting timeelapsedutable under terms of MERETHIS choice, provided that +# MERETHIS also meet, for each linked independent module, the terms and conditions +# of the license of that module. An independent module is a module which is not +# derived from this program. If you modify this program, you may extend this +# exception to your version of the program, but you are not obliged to do so. If you +# do not wish to do so, delete this exception statement from your version. +# +# For more information : contact@centreon.com +# Author : Mathieu Cinquin +# +#################################################################################### + +package apps::protocols::x509::mode::validity; + +use base qw(centreon::plugins::mode); + +use strict; +use warnings; +use IO::Socket::SSL; +use Net::SSLeay; +use Date::Manip; + +sub new { + my ($class, %options) = @_; + my $self = $class->SUPER::new(package => __PACKAGE__, %options); + bless $self, $class; + + $self->{version} = '1.0'; + $options{options}->add_options(arguments => + { + "hostname:s" => { name => 'hostname' }, + "port:s" => { name => 'port' }, + "validity-mode:s" => { name => 'validity_mode' }, + "warning-date:s" => { name => 'warning' }, + "critical-date:s" => { name => 'critical' }, + "subjectname:s" => { name => 'subjectname' }, + "issuername:s" => { name => 'issuername' }, + "timeout:s" => { name => 'timeout', default => '3' }, + }); + return $self; +} + +sub check_options { + my ($self, %options) = @_; + $self->SUPER::init(%options); + + if (($self->{perfdata}->threshold_validate(label => 'warning', value => $self->{option_results}->{warning})) == 0) { + $self->{output}->add_option_msg(short_msg => "Wrong warning threshold '" . $self->{option_results}->{warning} . "'."); + $self->{output}->option_exit(); + } + if (($self->{perfdata}->threshold_validate(label => 'critical', value => $self->{option_results}->{critical})) == 0) { + $self->{output}->add_option_msg(short_msg => "Wrong critical threshold '" . $self->{option_results}->{critical} . "'."); + $self->{output}->option_exit(); + } + if (!defined($self->{option_results}->{hostname})) { + $self->{output}->add_option_msg(short_msg => "Please set the hostname option"); + $self->{output}->option_exit(); + } + if (!defined($self->{option_results}->{port})) { + $self->{output}->add_option_msg(short_msg => "Please set the port option"); + $self->{output}->option_exit(); + } + if (!defined($self->{option_results}->{validity_mode})) { + $self->{output}->add_option_msg(short_msg => "Please set the validity-mode option"); + $self->{output}->option_exit(); + } + +} + +sub run { + my ($self, %options) = @_; + + if (!defined($self->{option_results}->{port})) { + $self->{option_results}->{port} = centreon::plugins::httplib::get_port($self); + } + + #Global variables + my ($connection, $ctx, $ssl, $cert); + + #Create Socket connection + $connection = IO::Socket::INET->new(PeerAddr => $self->{option_results}->{hostname}, + PeerPort => $self->{option_results}->{port}, + Timeout => $self->{option_results}->{timeout}, + ); + if (!defined($connection)) { + if (!defined($!) || ($! eq '')) { + $self->{output}->output_add(severity => 'CRITICAL', + short_msg => "Connection failed : SSL error"); + } + } else { + #Create SSL context + eval { $ctx = Net::SSLeay::CTX_new() }; + if ($@) { + $self->{output}->output_add(severity => 'CRITICAL', + short_msg => "Connection failed : SSL error"); + + $self->{output}->display(); + $self->{output}->exit() + }; + + #Create SSL connection + Net::SSLeay::CTX_set_options($ctx, &Net::SSLeay::OP_ALL); + + eval { $ssl = Net::SSLeay::new($ctx) }; + if ($@) { + $self->{output}->output_add(severity => 'CRITICAL', + short_msg => "Connection failed : SSL error"); + + $self->{output}->display(); + $self->{output}->exit() + }; + + eval { Net::SSLeay::set_fd($ssl, fileno($connection)) }; + if ($@) { + $self->{output}->output_add(severity => 'CRITICAL', + short_msg => "Connection failed : SSL error"); + + $self->{output}->display(); + $self->{output}->exit() + }; + + eval { Net::SSLeay::connect($ssl) }; + if ($@) { + $self->{output}->output_add(severity => 'CRITICAL', + short_msg => "Connection failed : SSL error"); + + $self->{output}->display(); + $self->{output}->exit() + }; + + #Retrieve Certificat + $cert = Net::SSLeay::get_peer_certificate($ssl); + + #Expiration Date + if ($self->{option_results}->{validity_mode} eq 'expiration') { + (my $notafterdate = Net::SSLeay::P_ASN1_UTCTIME_put2string(Net::SSLeay::X509_get_notAfter($cert))) =~ s/ GMT//; + my $daysbefore = int((&UnixDate(&ParseDate($notafterdate),"%s") - time) / 86400); + my $exit = $self->{perfdata}->threshold_check(value => $daysbefore, + threshold => [ { label => 'critical', exit_litteral => 'critical' }, { label => 'warning', exit_litteral => 'warning' } ]); + $self->{output}->output_add(severity => $exit, + short_msg => sprintf("Certificate expiration days: %s - Validity Date: %s", $daysbefore, $notafterdate)); + + $self->{output}->display(); + $self->{output}->exit() + + #Subject Name + } elsif ($self->{option_results}->{validity_mode} eq 'subject') { + my $subject_name = Net::SSLeay::X509_NAME_oneline(Net::SSLeay::X509_get_subject_name($cert)); + if ( $self->{option_results}->{subjectname} =~ /$subject_name/mi ) { + $self->{output}->output_add(severity => 'OK', + short_msg => sprintf("Subject Name %s is present in Certificate :%s", $self->{option_results}->{subjectname}, $subject_name)); + } else { + $self->{output}->output_add(severity => 'CRITICAL', + short_msg => sprintf("Subject Name %s is not present in Certificate : %s", $self->{option_results}->{subjectname}, $subject_name)); + } + + $self->{output}->display(); + $self->{output}->exit() + + #Issuer Name + } elsif ($self->{option_results}->{validity_mode} eq 'issuer') { + my $issuer_name = Net::SSLeay::X509_NAME_oneline(Net::SSLeay::X509_get_issuer_name($cert)); + if ( $self->{option_results}->{issuer} =~ /$issuer_name/mi ) { + $self->{output}->output_add(severity => 'OK', + short_msg => sprintf("Issuer Name %s is present in Certificate :%s", $self->{option_results}->{issuername}, $issuer_name)); + } else { + $self->{output}->output_add(severity => 'CRITICAL', + short_msg => sprintf("Issuer Name %s is not present in Certificate : %s", $self->{option_results}->{issuername}, $issuer_name)); + } + + $self->{output}->display(); + $self->{output}->exit() + } else { + $self->{output}->add_option_msg(short_msg => "Wrong option. Cannot find validity-mode '" . $self->{option_results}->{validity_mode} . "'."); + $self->{output}->option_exit(); + } + } +} + +1; + +__END__ + +=head1 MODE + +=head1 MODE + +Check X509's certificate validity + +=over 8 + +=item B<--hostname> + +IP Addr/FQDN of the host + +=item B<--port> + +Port used by Webserver (Default: '443') + +=item B<--validity-mode> + +Validity mode. +Can be : 'expiration' or 'subject' or 'issuer' + +=item B<--warning-date> + +Threshold warning in days (Days before expiration) + +=item B<--critical-date> + +Threshold critical in days (Days before expiration) + +=item B<--subject> + +Subject Name pattern + +=item B<--issuer> + +Issuer Name pattern + +=back + +=cut diff --git a/centreon-plugins/apps/protocols/x509/plugin.pm b/centreon-plugins/apps/protocols/x509/plugin.pm new file mode 100644 index 000000000..123b46ec4 --- /dev/null +++ b/centreon-plugins/apps/protocols/x509/plugin.pm @@ -0,0 +1,63 @@ +################################################################################ +# Copyright 2005-2015 CENTREON +# Centreon is developped by : Julien Mathis and Romain Le Merlus under +# GPL Licence 2.0. +# +# This program is free software; you can redistribute it and/or modify it under +# the terms of the GNU General Public License as published by the Free Software +# Foundation ; either version 2 of the License. +# +# This program is distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along with +# this program; if not, see . +# +# Linking this program statically or dynamically with other modules is making a +# combined work based on this program. Thus, the terms and conditions of the GNU +# General Public License cover the whole combination. +# +# As a special exception, the copyright holders of this program give CENTREON +# permission to link this program with independent modules to produce an executable, +# regardless of the license terms of these independent modules, and to copy and +# distribute the resulting executable under terms of CENTREON choice, provided that +# CENTREON also meet, for each linked independent module, the terms and conditions +# of the license of that module. An independent module is a module which is not +# derived from this program. If you modify this program, you may extend this +# exception to your version of the program, but you are not obliged to do so. If you +# do not wish to do so, delete this exception statement from your version. +# +# For more information : contact@centreon.com +# Authors : Mathieu Cinquin +# +#################################################################################### + +package apps::protocols::x509::plugin; + +use strict; +use warnings; +use base qw(centreon::plugins::script_simple); + +sub new { + my ($class, %options) = @_; + my $self = $class->SUPER::new(package => __PACKAGE__, %options); + bless $self, $class; + # $options->{options} = options object + + $self->{version} = '0.1'; + %{$self->{modes}} = ( + 'validity' => 'apps::protocols::x509::mode::validity', + ); + return $self; +} + +1; + +__END__ + +=head1 PLUGIN DESCRIPTION + +Check X509's certificate validity. + +=cut