222 lines
8.1 KiB
Perl
222 lines
8.1 KiB
Perl
#
|
|
# Copyright 2015 Centreon (http://www.centreon.com/)
|
|
#
|
|
# Centreon is a full-fledged industry-strength solution that meets
|
|
# the needs in IT infrastructure and application monitoring for
|
|
# service performance.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
#
|
|
|
|
package apps::protocols::x509::mode::validity;
|
|
|
|
use base qw(centreon::plugins::mode);
|
|
|
|
use strict;
|
|
use warnings;
|
|
use IO::Socket::SSL;
|
|
use Net::SSLeay;
|
|
use Date::Manip;
|
|
|
|
sub new {
|
|
my ($class, %options) = @_;
|
|
my $self = $class->SUPER::new(package => __PACKAGE__, %options);
|
|
bless $self, $class;
|
|
|
|
$self->{version} = '1.3';
|
|
$options{options}->add_options(arguments =>
|
|
{
|
|
"hostname:s" => { name => 'hostname' },
|
|
"port:s" => { name => 'port' },
|
|
"validity-mode:s" => { name => 'validity_mode' },
|
|
"warning-date:s" => { name => 'warning' },
|
|
"critical-date:s" => { name => 'critical' },
|
|
"subjectname:s" => { name => 'subjectname', default => '' },
|
|
"issuername:s" => { name => 'issuername', default => '' },
|
|
"timeout:s" => { name => 'timeout', default => 5 },
|
|
});
|
|
return $self;
|
|
}
|
|
|
|
sub check_options {
|
|
my ($self, %options) = @_;
|
|
$self->SUPER::init(%options);
|
|
|
|
if (($self->{perfdata}->threshold_validate(label => 'warning', value => $self->{option_results}->{warning})) == 0) {
|
|
$self->{output}->add_option_msg(short_msg => "Wrong warning threshold '" . $self->{option_results}->{warning} . "'.");
|
|
$self->{output}->option_exit();
|
|
}
|
|
if (($self->{perfdata}->threshold_validate(label => 'critical', value => $self->{option_results}->{critical})) == 0) {
|
|
$self->{output}->add_option_msg(short_msg => "Wrong critical threshold '" . $self->{option_results}->{critical} . "'.");
|
|
$self->{output}->option_exit();
|
|
}
|
|
if (!defined($self->{option_results}->{hostname})) {
|
|
$self->{output}->add_option_msg(short_msg => "Please set the hostname option");
|
|
$self->{output}->option_exit();
|
|
}
|
|
if (!defined($self->{option_results}->{port})) {
|
|
$self->{output}->add_option_msg(short_msg => "Please set the port option");
|
|
$self->{output}->option_exit();
|
|
}
|
|
if (!defined($self->{option_results}->{validity_mode}) || $self->{option_results}->{validity_mode} !~ /^expiration|subject|issuer$/) {
|
|
$self->{output}->add_option_msg(short_msg => "Please set the validity-mode option (issuer, subject or expiration)");
|
|
$self->{output}->option_exit();
|
|
}
|
|
}
|
|
|
|
sub run {
|
|
my ($self, %options) = @_;
|
|
|
|
#Global variables
|
|
my ($connection, $ctx, $ssl, $cert);
|
|
|
|
#Create Socket connection
|
|
$connection = IO::Socket::INET->new(PeerAddr => $self->{option_results}->{hostname},
|
|
PeerPort => $self->{option_results}->{port},
|
|
Timeout => $self->{option_results}->{timeout},
|
|
);
|
|
if (!defined($connection)) {
|
|
$self->{output}->output_add(severity => 'CRITICAL',
|
|
short_msg => sprintf("%s", $!));
|
|
$self->{output}->display();
|
|
$self->{output}->exit();
|
|
} else {
|
|
#Create SSL context
|
|
eval { $ctx = Net::SSLeay::CTX_new() };
|
|
if ($@) {
|
|
$self->{output}->output_add(severity => 'CRITICAL',
|
|
short_msg => sprintf ("%s", $!));
|
|
|
|
$self->{output}->display();
|
|
$self->{output}->exit()
|
|
}
|
|
|
|
#Create SSL connection
|
|
Net::SSLeay::CTX_set_options($ctx, &Net::SSLeay::OP_ALL);
|
|
|
|
eval { $ssl = Net::SSLeay::new($ctx) };
|
|
if ($@) {
|
|
$self->{output}->output_add(severity => 'CRITICAL',
|
|
short_msg => sprintf("%s", $!));
|
|
|
|
$self->{output}->display();
|
|
$self->{output}->exit()
|
|
}
|
|
|
|
eval { Net::SSLeay::set_fd($ssl, fileno($connection)) };
|
|
if ($@) {
|
|
$self->{output}->output_add(severity => 'CRITICAL',
|
|
short_msg => sprintf("%s", $!));
|
|
|
|
$self->{output}->display();
|
|
$self->{output}->exit()
|
|
}
|
|
|
|
eval { Net::SSLeay::connect($ssl) };
|
|
if ($@) {
|
|
$self->{output}->output_add(severity => 'CRITICAL',
|
|
short_msg => sprintf("%s", $!));
|
|
|
|
$self->{output}->display();
|
|
$self->{output}->exit()
|
|
}
|
|
|
|
#Retrieve Certificat
|
|
$cert = Net::SSLeay::get_peer_certificate($ssl);
|
|
|
|
#Expiration Date
|
|
if ($self->{option_results}->{validity_mode} eq 'expiration') {
|
|
(my $notafterdate = Net::SSLeay::P_ASN1_UTCTIME_put2string(Net::SSLeay::X509_get_notAfter($cert))) =~ s/ GMT//;
|
|
my $daysbefore = int((&UnixDate(&ParseDate($notafterdate),"%s") - time) / 86400);
|
|
my $exit = $self->{perfdata}->threshold_check(value => $daysbefore,
|
|
threshold => [ { label => 'critical', exit_litteral => 'critical' }, { label => 'warning', exit_litteral => 'warning' } ]);
|
|
$self->{output}->output_add(severity => $exit,
|
|
short_msg => sprintf("Certificate expiration days: %s - Validity Date: %s", $daysbefore, $notafterdate));
|
|
|
|
$self->{output}->display();
|
|
$self->{output}->exit()
|
|
|
|
#Subject Name
|
|
} elsif ($self->{option_results}->{validity_mode} eq 'subject') {
|
|
my $subject_name = Net::SSLeay::X509_NAME_oneline(Net::SSLeay::X509_get_subject_name($cert));
|
|
if ($subject_name =~ /$self->{option_results}->{subjectname}/mi) {
|
|
$self->{output}->output_add(severity => 'OK',
|
|
short_msg => sprintf("Subject Name '%s' is present in Certificate: %s", $self->{option_results}->{subjectname}, $subject_name));
|
|
} else {
|
|
$self->{output}->output_add(severity => 'CRITICAL',
|
|
short_msg => sprintf("Subject Name '%s' is not present in Certificate: %s", $self->{option_results}->{subjectname}, $subject_name));
|
|
}
|
|
|
|
$self->{output}->display();
|
|
$self->{output}->exit()
|
|
|
|
#Issuer Name
|
|
} elsif ($self->{option_results}->{validity_mode} eq 'issuer') {
|
|
my $issuer_name = Net::SSLeay::X509_NAME_oneline(Net::SSLeay::X509_get_issuer_name($cert));
|
|
if ($issuer_name =~ /$self->{option_results}->{issuername}/mi) {
|
|
$self->{output}->output_add(severity => 'OK',
|
|
short_msg => sprintf("Issuer Name '%s' is present in Certificate: %s", $self->{option_results}->{issuername}, $issuer_name));
|
|
} else {
|
|
$self->{output}->output_add(severity => 'CRITICAL',
|
|
short_msg => sprintf("Issuer Name '%s' is not present in Certificate: %s", $self->{option_results}->{issuername}, $issuer_name));
|
|
}
|
|
|
|
$self->{output}->display();
|
|
$self->{output}->exit()
|
|
}
|
|
}
|
|
}
|
|
|
|
1;
|
|
|
|
__END__
|
|
|
|
=head1 MODE
|
|
|
|
Check X509's certificate validity
|
|
|
|
=over 8
|
|
|
|
=item B<--hostname>
|
|
|
|
IP Addr/FQDN of the host
|
|
|
|
=item B<--port>
|
|
|
|
Port used by Server (Default: '443')
|
|
|
|
=item B<--validity-mode>
|
|
|
|
Validity mode.
|
|
Can be : 'expiration' or 'subject' or 'issuer'
|
|
|
|
=item B<--warning-date>
|
|
|
|
Threshold warning in days (Days before expiration, eg: '60:' for 60 days before)
|
|
|
|
=item B<--critical-date>
|
|
|
|
Threshold critical in days (Days before expiration, eg: '30:' for 30 days before)
|
|
|
|
=item B<--subject>
|
|
|
|
Subject Name pattern
|
|
|
|
=item B<--issuer>
|
|
|
|
Issuer Name pattern
|
|
|
|
=back
|
|
|
|
=cut
|