|
1 #!/bin/bash |
|
2 |
|
3 . /etc/certwatch/config.sh |
|
4 |
|
5 PASS=1 |
|
6 |
|
7 check_domain() { |
|
8 DOMAIN="$1" |
|
9 shift; |
|
10 DAYS=14 |
|
11 CRT=$(echo "" | openssl s_client $@ 2>/dev/null); |
|
12 if [[ $? != 0 ]]; then |
|
13 PASS=0 |
|
14 send_notification "Check failed for $DOMAIN" "$CRT"; |
|
15 return; |
|
16 fi |
|
17 |
|
18 if (echo "$CRT" | openssl x509 -noout -checkend $(($DAYS*3600*24)) >/dev/null 2>&1); then |
|
19 return; |
|
20 fi |
|
21 MSG=$(echo "$CRT" | openssl x509 -noout -text|egrep 'CN|DNS|Not After' 2>/dev/null) |
|
22 PASS=0 |
|
23 send_notification "Certificate expiry: $DOMAIN" "$MSG" |
|
24 } |
|
25 |
|
26 check_https() { |
|
27 check_domain "$1 HTTPS" -servername $1 -connect $1:443 |
|
28 } |
|
29 |
|
30 check_xmpp() { |
|
31 # need OpenSSL 1.1 for -xmpphost :( |
|
32 check_domain "$1 XMPP" -connect $1:5222 -starttls xmpp |
|
33 } |
|
34 |
|
35 check_xmpps2s() { |
|
36 # need OpenSSL 1.1 for -xmpphost :( |
|
37 check_domain "$1 XMPP" -connect $1:5269 -starttls xmpp |
|
38 } |
|
39 |
|
40 check_smtp() { |
|
41 check_domain "$1 SMTP" -connect $1:25 -starttls smtp |
|
42 } |
|
43 |
|
44 check_imap() { |
|
45 check_domain "$1 IMAP" -connect $1:993 |
|
46 } |
|
47 |
|
48 . /etc/certwatch/checks.sh |
|
49 |
|
50 if [[ "$PASS" != 1 ]]; then |
|
51 exit 2; |
|
52 fi |
|
53 |
|
54 exit 0; |