summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xmrpe/check_cert_expiry.sh46
1 files changed, 46 insertions, 0 deletions
diff --git a/mrpe/check_cert_expiry.sh b/mrpe/check_cert_expiry.sh
new file mode 100755
index 0000000..5636853
--- /dev/null
+++ b/mrpe/check_cert_expiry.sh
@@ -0,0 +1,46 @@
+#!/bin/bash
+
+readonly NAGIOS_OK=0
+readonly NAGIOS_WARNING=1
+readonly NAGIOS_CRITICAL=2
+readonly NAGIOS_UNKNOWN=3
+
+function main {
+ local file_name="$1"
+ local warn_days="$2"
+ local crit_days="$3"
+
+
+ end_date=$(openssl x509 -in "$file_name" -noout -enddate | awk -F '=' '{ print($2) }')
+ if [ $? -ne 0 ]; then
+ echo "UNKNOWN - failed to read notAfter from certificate $file_name"
+ return "$NAGIOS_UNKNOWN"
+ fi
+ end=$(date -d "$end_date" +%s)
+ now=$(date +%s)
+ delta_days=$(( (end - now) / (24 * 3600) ))
+
+ local code="$NAGIOS_OK"
+ local state="OK"
+ local tag=""
+
+ if [ $delta_days -le $crit_days ]; then
+ code="$NAGIOS_CRITICAL"
+ state="CRIT"
+ tag="(!!)"
+ elif [ $delta_days -le $warn_days ]; then
+ code="$NAGIOS_WARNING"
+ state="WARN"
+ tag="(!)"
+ fi
+
+ echo "$state - certificate will expire in $delta_days$tag days."
+ exit "$code"
+}
+
+if [ -z "$1" ] || [ -z "$2" ] || [ -z "$3" ]; then
+ echo "UNKNOWN - please specify certifacte file name, warn and critical days"
+ exit "$NAGIOS_UNKNOWN"
+fi
+
+main "$1" "$2" "$3"