Mercurial > certwatch-docker / annotate
certwatch.sh@e6c11dadd985 (annotated)
certwatch.sh
Fri, 01 May 2020 15:27:45 +0100
- author
- Matthew Wild <mwild1@gmail.com>
- date
- Fri, 01 May 2020 15:27:45 +0100
- changeset 0
- e6c11dadd985
- permissions
- -rwxr-xr-x
Initial commit
| 0 | 1 | #!/bin/bash |
| 2 | ||
| 3 | . /etc/certwatch/config.sh | |
| 4 | ||
| 5 | PASS=1 | |
| 6 | ||
| 7 | check_domain() { | |
| 8 | DOMAIN="$1" | |
| 9 | shift; | |
| 10 | DAYS=14 | |
| 11 | CRT=$(echo "" | openssl s_client $@ 2>/dev/null); | |
| 12 | if [[ $? != 0 ]]; then | |
| 13 | PASS=0 | |
| 14 | send_notification "Check failed for $DOMAIN" "$CRT"; | |
| 15 | return; | |
| 16 | fi | |
| 17 | ||
| 18 | if (echo "$CRT" | openssl x509 -noout -checkend $(($DAYS*3600*24)) >/dev/null 2>&1); then | |
| 19 | return; | |
| 20 | fi | |
| 21 | MSG=$(echo "$CRT" | openssl x509 -noout -text|egrep 'CN|DNS|Not After' 2>/dev/null) | |
| 22 | PASS=0 | |
| 23 | send_notification "Certificate expiry: $DOMAIN" "$MSG" | |
| 24 | } | |
| 25 | ||
| 26 | check_https() { | |
| 27 | check_domain "$1 HTTPS" -servername $1 -connect $1:443 | |
| 28 | } | |
| 29 | ||
| 30 | check_xmpp() { | |
| 31 | # need OpenSSL 1.1 for -xmpphost :( | |
| 32 | check_domain "$1 XMPP" -connect $1:5222 -starttls xmpp | |
| 33 | } | |
| 34 | ||
| 35 | check_xmpps2s() { | |
| 36 | # need OpenSSL 1.1 for -xmpphost :( | |
| 37 | check_domain "$1 XMPP" -connect $1:5269 -starttls xmpp | |
| 38 | } | |
| 39 | ||
| 40 | check_smtp() { | |
| 41 | check_domain "$1 SMTP" -connect $1:25 -starttls smtp | |
| 42 | } | |
| 43 | ||
| 44 | check_imap() { | |
| 45 | check_domain "$1 IMAP" -connect $1:993 | |
| 46 | } | |
| 47 | ||
| 48 | . /etc/certwatch/checks.sh | |
| 49 | ||
| 50 | if [[ "$PASS" != 1 ]]; then | |
| 51 | exit 2; | |
| 52 | fi | |
| 53 | ||
| 54 | exit 0; |
