diff options
Diffstat (limited to 'plugins')
-rw-r--r-- | plugins/check_http.c | 38 | ||||
-rw-r--r-- | plugins/check_smtp.c | 37 | ||||
-rw-r--r-- | plugins/check_tcp.c | 27 | ||||
-rw-r--r-- | plugins/netutils.h | 2 | ||||
-rw-r--r-- | plugins/sslutils.c | 18 |
5 files changed, 89 insertions, 33 deletions
diff --git a/plugins/check_http.c b/plugins/check_http.c index 315848fc..703e3174 100644 --- a/plugins/check_http.c +++ b/plugins/check_http.c | |||
@@ -58,8 +58,8 @@ enum { | |||
58 | 58 | ||
59 | #ifdef HAVE_SSL | 59 | #ifdef HAVE_SSL |
60 | int check_cert = FALSE; | 60 | int check_cert = FALSE; |
61 | int days_till_exp; | ||
62 | int ssl_version; | 61 | int ssl_version; |
62 | int days_till_exp_warn, days_till_exp_crit; | ||
63 | char *randbuff; | 63 | char *randbuff; |
64 | X509 *server_cert; | 64 | X509 *server_cert; |
65 | # define my_recv(buf, len) ((use_ssl) ? np_net_ssl_read(buf, len) : read(sd, buf, len)) | 65 | # define my_recv(buf, len) ((use_ssl) ? np_net_ssl_read(buf, len) : read(sd, buf, len)) |
@@ -178,6 +178,7 @@ process_arguments (int argc, char **argv) | |||
178 | { | 178 | { |
179 | int c = 1; | 179 | int c = 1; |
180 | char *p; | 180 | char *p; |
181 | char *temp; | ||
181 | 182 | ||
182 | enum { | 183 | enum { |
183 | INVERT_REGEX = CHAR_MAX + 1, | 184 | INVERT_REGEX = CHAR_MAX + 1, |
@@ -282,13 +283,25 @@ process_arguments (int argc, char **argv) | |||
282 | break; | 283 | break; |
283 | case 'C': /* Check SSL cert validity */ | 284 | case 'C': /* Check SSL cert validity */ |
284 | #ifdef HAVE_SSL | 285 | #ifdef HAVE_SSL |
285 | if (!is_intnonneg (optarg)) | 286 | if ((temp=strchr(optarg,','))!=NULL) { |
286 | usage2 (_("Invalid certificate expiration period"), optarg); | 287 | *temp='\0'; |
288 | if (!is_intnonneg (temp)) | ||
289 | usage2 (_("Invalid certificate expiration period"), optarg); | ||
290 | days_till_exp_warn = atoi(optarg); | ||
291 | *temp=','; | ||
292 | temp++; | ||
293 | if (!is_intnonneg (temp)) | ||
294 | usage2 (_("Invalid certificate expiration period"), temp); | ||
295 | days_till_exp_crit = atoi (temp); | ||
296 | } | ||
287 | else { | 297 | else { |
288 | days_till_exp = atoi (optarg); | 298 | days_till_exp_crit=0; |
289 | check_cert = TRUE; | 299 | if (!is_intnonneg (optarg)) |
300 | usage2 (_("Invalid certificate expiration period"), optarg); | ||
301 | days_till_exp_warn = atoi (optarg); | ||
290 | } | 302 | } |
291 | /* Fall through to -S option */ | 303 | check_cert = TRUE; |
304 | /* Fall through to -S option */ | ||
292 | #endif | 305 | #endif |
293 | case 'S': /* use SSL */ | 306 | case 'S': /* use SSL */ |
294 | #ifndef HAVE_SSL | 307 | #ifndef HAVE_SSL |
@@ -810,7 +823,7 @@ check_http (void) | |||
810 | if (result != STATE_OK) | 823 | if (result != STATE_OK) |
811 | return result; | 824 | return result; |
812 | if (check_cert == TRUE) { | 825 | if (check_cert == TRUE) { |
813 | result = np_net_ssl_check_cert(days_till_exp); | 826 | result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit); |
814 | np_net_ssl_cleanup(); | 827 | np_net_ssl_cleanup(); |
815 | if (sd) close(sd); | 828 | if (sd) close(sd); |
816 | return result; | 829 | return result; |
@@ -1427,6 +1440,13 @@ print_help (void) | |||
1427 | printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than")); | 1440 | printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than")); |
1428 | printf (" %s\n", _("14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when")); | 1441 | printf (" %s\n", _("14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when")); |
1429 | printf (" %s\n", _("the certificate is expired.")); | 1442 | printf (" %s\n", _("the certificate is expired.")); |
1443 | |||
1444 | printf (" %s\n\n", "CHECK CERTIFICATE: check_http -H www.verisign.com -C 30,14"); | ||
1445 | printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 30 days,")); | ||
1446 | printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than")); | ||
1447 | printf (" %s\n", _("30 days, but more than 14 days, a STATE_WARNING is returned.")); | ||
1448 | printf (" %s\n", _("A STATE_CRITICAL will be returned when certificate expires in less than 14 days")); | ||
1449 | |||
1430 | #endif | 1450 | #endif |
1431 | 1451 | ||
1432 | printf (UT_SUPPORT); | 1452 | printf (UT_SUPPORT); |
@@ -1444,6 +1464,6 @@ print_usage (void) | |||
1444 | printf (" [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n"); | 1464 | printf (" [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n"); |
1445 | printf (" [-e <expect>] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n"); | 1465 | printf (" [-e <expect>] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n"); |
1446 | printf (" [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n"); | 1466 | printf (" [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n"); |
1447 | printf (" [-A string] [-k string] [-S <version>] [--sni] [-C <age>] [-T <content-type>]\n"); | 1467 | printf (" [-A string] [-k string] [-S <version>] [--sni] [-C <warn_age>[,<crit_age>]]\n"); |
1448 | printf (" [-j method]\n"); | 1468 | printf (" [-T <content-type>] [-j method]\n"); |
1449 | } | 1469 | } |
diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c index 494bc2cd..0af50e32 100644 --- a/plugins/check_smtp.c +++ b/plugins/check_smtp.c | |||
@@ -41,7 +41,7 @@ const char *email = "nagiosplug-devel@lists.sourceforge.net"; | |||
41 | 41 | ||
42 | #ifdef HAVE_SSL | 42 | #ifdef HAVE_SSL |
43 | int check_cert = FALSE; | 43 | int check_cert = FALSE; |
44 | int days_till_exp; | 44 | int days_till_exp_warn, days_till_exp_crit; |
45 | # define my_recv(buf, len) ((use_ssl && ssl_established) ? np_net_ssl_read(buf, len) : read(sd, buf, len)) | 45 | # define my_recv(buf, len) ((use_ssl && ssl_established) ? np_net_ssl_read(buf, len) : read(sd, buf, len)) |
46 | # define my_send(buf, len) ((use_ssl && ssl_established) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0)) | 46 | # define my_send(buf, len) ((use_ssl && ssl_established) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0)) |
47 | #else /* ifndef HAVE_SSL */ | 47 | #else /* ifndef HAVE_SSL */ |
@@ -275,7 +275,7 @@ main (int argc, char **argv) | |||
275 | 275 | ||
276 | # ifdef USE_OPENSSL | 276 | # ifdef USE_OPENSSL |
277 | if ( check_cert ) { | 277 | if ( check_cert ) { |
278 | result = np_net_ssl_check_cert(days_till_exp); | 278 | result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit); |
279 | my_close(); | 279 | my_close(); |
280 | return result; | 280 | return result; |
281 | } | 281 | } |
@@ -454,6 +454,7 @@ int | |||
454 | process_arguments (int argc, char **argv) | 454 | process_arguments (int argc, char **argv) |
455 | { | 455 | { |
456 | int c; | 456 | int c; |
457 | char* temp; | ||
457 | 458 | ||
458 | int option = 0; | 459 | int option = 0; |
459 | static struct option longopts[] = { | 460 | static struct option longopts[] = { |
@@ -600,12 +601,26 @@ process_arguments (int argc, char **argv) | |||
600 | case 'D': | 601 | case 'D': |
601 | /* Check SSL cert validity */ | 602 | /* Check SSL cert validity */ |
602 | #ifdef USE_OPENSSL | 603 | #ifdef USE_OPENSSL |
603 | if (!is_intnonneg (optarg)) | 604 | if ((temp=strchr(optarg,','))!=NULL) { |
604 | usage2 ("Invalid certificate expiration period",optarg); | 605 | *temp='\0'; |
605 | days_till_exp = atoi (optarg); | 606 | if (!is_intnonneg (temp)) |
606 | check_cert = TRUE; | 607 | usage2 ("Invalid certificate expiration period", optarg); |
608 | days_till_exp_warn = atoi(optarg); | ||
609 | *temp=','; | ||
610 | temp++; | ||
611 | if (!is_intnonneg (temp)) | ||
612 | usage2 (_("Invalid certificate expiration period"), temp); | ||
613 | days_till_exp_crit = atoi (temp); | ||
614 | } | ||
615 | else { | ||
616 | days_till_exp_crit=0; | ||
617 | if (!is_intnonneg (optarg)) | ||
618 | usage2 ("Invalid certificate expiration period", optarg); | ||
619 | days_till_exp_warn = atoi (optarg); | ||
620 | } | ||
621 | check_cert = TRUE; | ||
607 | #else | 622 | #else |
608 | usage (_("SSL support not available - install OpenSSL and recompile")); | 623 | usage (_("SSL support not available - install OpenSSL and recompile")); |
609 | #endif | 624 | #endif |
610 | break; | 625 | break; |
611 | case '4': | 626 | case '4': |
@@ -802,7 +817,7 @@ print_help (void) | |||
802 | printf (" %s\n", "-F, --fqdn=STRING"); | 817 | printf (" %s\n", "-F, --fqdn=STRING"); |
803 | printf (" %s\n", _("FQDN used for HELO")); | 818 | printf (" %s\n", _("FQDN used for HELO")); |
804 | #ifdef HAVE_SSL | 819 | #ifdef HAVE_SSL |
805 | printf (" %s\n", "-D, --certificate=INTEGER"); | 820 | printf (" %s\n", "-D, --certificate=INTEGER[,INTEGER]"); |
806 | printf (" %s\n", _("Minimum number of days a certificate has to be valid.")); | 821 | printf (" %s\n", _("Minimum number of days a certificate has to be valid.")); |
807 | printf (" %s\n", "-S, --starttls"); | 822 | printf (" %s\n", "-S, --starttls"); |
808 | printf (" %s\n", _("Use STARTTLS for the connection.")); | 823 | printf (" %s\n", _("Use STARTTLS for the connection.")); |
@@ -838,8 +853,8 @@ void | |||
838 | print_usage (void) | 853 | print_usage (void) |
839 | { | 854 | { |
840 | printf ("%s\n", _("Usage:")); | 855 | printf ("%s\n", _("Usage:")); |
841 | printf ("%s -H host [-p port] [-e expect] [-C command] [-f from addr]", progname); | 856 | printf ("%s -H host [-p port] [-4|-6] [-e expect] [-C command] [-f from addr]", progname); |
842 | printf ("[-A authtype -U authuser -P authpass] [-w warn] [-c crit] [-t timeout]\n"); | 857 | printf ("[-A authtype -U authuser -P authpass] [-w warn] [-c crit] [-t timeout] [-q]\n"); |
843 | printf ("[-F fqdn] [-S] [-D days] [-v] [-4|-6] [-q]\n"); | 858 | printf ("[-F fqdn] [-S] [-D warn days cert expire[,crit days cert expire]] [-v] \n"); |
844 | } | 859 | } |
845 | 860 | ||
diff --git a/plugins/check_tcp.c b/plugins/check_tcp.c index d3c92a49..7b0f7f8a 100644 --- a/plugins/check_tcp.c +++ b/plugins/check_tcp.c | |||
@@ -39,7 +39,7 @@ const char *email = "nagiosplug-devel@lists.sourceforge.net"; | |||
39 | 39 | ||
40 | #ifdef HAVE_SSL | 40 | #ifdef HAVE_SSL |
41 | static int check_cert = FALSE; | 41 | static int check_cert = FALSE; |
42 | static int days_till_exp; | 42 | static int days_till_exp_warn, days_till_exp_crit; |
43 | # define my_recv(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_read(buf, len) : read(sd, buf, len)) | 43 | # define my_recv(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_read(buf, len) : read(sd, buf, len)) |
44 | # define my_send(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0)) | 44 | # define my_send(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0)) |
45 | #else | 45 | #else |
@@ -235,7 +235,7 @@ main (int argc, char **argv) | |||
235 | if (flags & FLAG_SSL){ | 235 | if (flags & FLAG_SSL){ |
236 | result = np_net_ssl_init(sd); | 236 | result = np_net_ssl_init(sd); |
237 | if (result == STATE_OK && check_cert == TRUE) { | 237 | if (result == STATE_OK && check_cert == TRUE) { |
238 | result = np_net_ssl_check_cert(days_till_exp); | 238 | result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit); |
239 | } | 239 | } |
240 | } | 240 | } |
241 | if(result != STATE_OK || check_cert == TRUE){ | 241 | if(result != STATE_OK || check_cert == TRUE){ |
@@ -380,6 +380,7 @@ process_arguments (int argc, char **argv) | |||
380 | { | 380 | { |
381 | int c; | 381 | int c; |
382 | int escape = 0; | 382 | int escape = 0; |
383 | char *temp; | ||
383 | 384 | ||
384 | int option = 0; | 385 | int option = 0; |
385 | static struct option longopts[] = { | 386 | static struct option longopts[] = { |
@@ -552,9 +553,22 @@ process_arguments (int argc, char **argv) | |||
552 | case 'D': /* Check SSL cert validity - days 'til certificate expiration */ | 553 | case 'D': /* Check SSL cert validity - days 'til certificate expiration */ |
553 | #ifdef HAVE_SSL | 554 | #ifdef HAVE_SSL |
554 | # ifdef USE_OPENSSL /* XXX */ | 555 | # ifdef USE_OPENSSL /* XXX */ |
555 | if (!is_intnonneg (optarg)) | 556 | if ((temp=strchr(optarg,','))!=NULL) { |
557 | *temp='\0'; | ||
558 | if (!is_intnonneg (temp)) | ||
559 | usage2 (_("Invalid certificate expiration period"), optarg); days_till_exp_warn = atoi(optarg); | ||
560 | *temp=','; | ||
561 | temp++; | ||
562 | if (!is_intnonneg (temp)) | ||
563 | usage2 (_("Invalid certificate expiration period"), temp); | ||
564 | days_till_exp_crit = atoi (temp); | ||
565 | } | ||
566 | else { | ||
567 | days_till_exp_crit=0; | ||
568 | if (!is_intnonneg (optarg)) | ||
556 | usage2 (_("Invalid certificate expiration period"), optarg); | 569 | usage2 (_("Invalid certificate expiration period"), optarg); |
557 | days_till_exp = atoi (optarg); | 570 | days_till_exp_warn = atoi (optarg); |
571 | } | ||
558 | check_cert = TRUE; | 572 | check_cert = TRUE; |
559 | flags |= FLAG_SSL; | 573 | flags |= FLAG_SSL; |
560 | break; | 574 | break; |
@@ -626,8 +640,9 @@ print_help (void) | |||
626 | printf (" %s\n", _("Seconds to wait between sending string and polling for response")); | 640 | printf (" %s\n", _("Seconds to wait between sending string and polling for response")); |
627 | 641 | ||
628 | #ifdef HAVE_SSL | 642 | #ifdef HAVE_SSL |
629 | printf (" %s\n", "-D, --certificate=INTEGER"); | 643 | printf (" %s\n", "-D, --certificate=INTEGER[,INTEGER]"); |
630 | printf (" %s\n", _("Minimum number of days a certificate has to be valid.")); | 644 | printf (" %s\n", _("Minimum number of days a certificate has to be valid.")); |
645 | printf (" %s\n", _("1st is #days for warning, 2nd is critical (if not specified - 0).")); | ||
631 | printf (" %s\n", "-S, --ssl"); | 646 | printf (" %s\n", "-S, --ssl"); |
632 | printf (" %s\n", _("Use SSL for the connection.")); | 647 | printf (" %s\n", _("Use SSL for the connection.")); |
633 | #endif | 648 | #endif |
@@ -649,6 +664,6 @@ print_usage (void) | |||
649 | printf ("%s -H host -p port [-w <warning time>] [-c <critical time>] [-s <send string>]\n",progname); | 664 | printf ("%s -H host -p port [-w <warning time>] [-c <critical time>] [-s <send string>]\n",progname); |
650 | printf ("[-e <expect string>] [-q <quit string>][-m <maximum bytes>] [-d <delay>]\n"); | 665 | printf ("[-e <expect string>] [-q <quit string>][-m <maximum bytes>] [-d <delay>]\n"); |
651 | printf ("[-t <timeout seconds>] [-r <refuse state>] [-M <mismatch state>] [-v] [-4|-6] [-j]\n"); | 666 | printf ("[-t <timeout seconds>] [-r <refuse state>] [-M <mismatch state>] [-v] [-4|-6] [-j]\n"); |
652 | printf ("[-D <days to cert expiry>] [-S <use SSL>] [-E]\n"); | 667 | printf ("[-D <warn days cert expire>[,<crit days cert expire>]] [-S <use SSL>] [-E]\n"); |
653 | } | 668 | } |
654 | 669 | ||
diff --git a/plugins/netutils.h b/plugins/netutils.h index 572a3ae2..21017f1f 100644 --- a/plugins/netutils.h +++ b/plugins/netutils.h | |||
@@ -103,7 +103,7 @@ int np_net_ssl_init_with_hostname(int sd, char *host_name); | |||
103 | void np_net_ssl_cleanup(); | 103 | void np_net_ssl_cleanup(); |
104 | int np_net_ssl_write(const void *buf, int num); | 104 | int np_net_ssl_write(const void *buf, int num); |
105 | int np_net_ssl_read(void *buf, int num); | 105 | int np_net_ssl_read(void *buf, int num); |
106 | int np_net_ssl_check_cert(int days_till_exp); | 106 | int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit); |
107 | #endif /* HAVE_SSL */ | 107 | #endif /* HAVE_SSL */ |
108 | 108 | ||
109 | #endif /* _NETUTILS_H_ */ | 109 | #endif /* _NETUTILS_H_ */ |
diff --git a/plugins/sslutils.c b/plugins/sslutils.c index 5425bb2c..fe31b562 100644 --- a/plugins/sslutils.c +++ b/plugins/sslutils.c | |||
@@ -126,7 +126,7 @@ int np_net_ssl_read(void *buf, int num) { | |||
126 | return SSL_read(s, buf, num); | 126 | return SSL_read(s, buf, num); |
127 | } | 127 | } |
128 | 128 | ||
129 | int np_net_ssl_check_cert(int days_till_exp) { | 129 | int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){ |
130 | # ifdef USE_OPENSSL | 130 | # ifdef USE_OPENSSL |
131 | X509 *certificate=NULL; | 131 | X509 *certificate=NULL; |
132 | X509_NAME *subj=NULL; | 132 | X509_NAME *subj=NULL; |
@@ -202,15 +202,21 @@ int np_net_ssl_check_cert(int days_till_exp) { | |||
202 | stamp.tm_mon + 1, | 202 | stamp.tm_mon + 1, |
203 | stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min); | 203 | stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min); |
204 | 204 | ||
205 | if (days_left > 0 && days_left <= days_till_exp) { | 205 | if (days_left > 0 && days_left <= days_till_exp_warn) { |
206 | printf(_("WARNING - Certificate '%s' expires in %d day(s) (%s).\n"), cn, days_left, timestamp); | 206 | printf (_("%s - Certificate '%s' expires in %d day(s) (%s).\n"), (days_left>days_till_exp_crit)?"CRITICAL":"WARNING", cn, days_left, timestamp); |
207 | status=STATE_WARNING; | 207 | if (days_left > days_till_exp_crit) |
208 | return STATE_WARNING; | ||
209 | else | ||
210 | return STATE_CRITICAL; | ||
208 | } else if (time_left < 0) { | 211 | } else if (time_left < 0) { |
209 | printf(_("CRITICAL - Certificate '%s' expired on %s.\n"), cn, timestamp); | 212 | printf(_("CRITICAL - Certificate '%s' expired on %s.\n"), cn, timestamp); |
210 | status=STATE_CRITICAL; | 213 | status=STATE_CRITICAL; |
211 | } else if (days_left == 0) { | 214 | } else if (days_left == 0) { |
212 | printf(_("WARNING - Certificate '%s' expires today (%s).\n"), cn, timestamp); | 215 | printf (_("%s - Certificate '%s' expires today (%s).\n"), (days_left>days_till_exp_crit)?"CRITICAL":"WARNING", cn, timestamp); |
213 | status=STATE_WARNING; | 216 | if (days_left > days_till_exp_crit) |
217 | return STATE_WARNING; | ||
218 | else | ||
219 | return STATE_CRITICAL; | ||
214 | } else { | 220 | } else { |
215 | printf(_("OK - Certificate '%s' will expire on %s.\n"), cn, timestamp); | 221 | printf(_("OK - Certificate '%s' will expire on %s.\n"), cn, timestamp); |
216 | status=STATE_OK; | 222 | status=STATE_OK; |