From f5fac41996516d803c33987dcae841bf7abf736d Mon Sep 17 00:00:00 2001 From: Martin Berghaus Date: Wed, 5 Nov 2025 21:31:46 +0100 Subject: [PATCH] generic checks updated --- ...OMAIN_CHECK.sh => CIS_OWN_DOMAIN_CHECK.sh} | 0 .../generic/POSTGRES_CERTIFICATE_CHECK.sh | 37 +++++++++++++++++ script/monitor/generic/URL_CHECK.sh | 41 +++++++++++++++++-- 3 files changed, 75 insertions(+), 3 deletions(-) rename script/monitor/generic/{OVERRIDDEN_DOMAIN_CHECK.sh => CIS_OWN_DOMAIN_CHECK.sh} (100%) create mode 100755 script/monitor/generic/POSTGRES_CERTIFICATE_CHECK.sh diff --git a/script/monitor/generic/OVERRIDDEN_DOMAIN_CHECK.sh b/script/monitor/generic/CIS_OWN_DOMAIN_CHECK.sh similarity index 100% rename from script/monitor/generic/OVERRIDDEN_DOMAIN_CHECK.sh rename to script/monitor/generic/CIS_OWN_DOMAIN_CHECK.sh diff --git a/script/monitor/generic/POSTGRES_CERTIFICATE_CHECK.sh b/script/monitor/generic/POSTGRES_CERTIFICATE_CHECK.sh new file mode 100755 index 0000000..0a8cad0 --- /dev/null +++ b/script/monitor/generic/POSTGRES_CERTIFICATE_CHECK.sh @@ -0,0 +1,37 @@ +#!/bin/bash + +function checkPostgresSSLCertificate() { + local _SERVER + _SERVER="${1:?"FQDN of server missing"}" + readonly _SERVER + + local _RESULT + _RESULT="$(echo | openssl s_client -starttls postgres -connect "${_SERVER}":5432 -servername "${_SERVER}" 2> /dev/null | openssl x509 -noout -enddate | grep -F 'notAfter=' | cut -d'=' -f2)" + readonly _RESULT + + [ -z "${_RESULT}" ] \ + && echo "FAIL#Unable to get cert's end date from ${_SERVER}:5432" \ + && return 1 + + local _ENDDATE + _ENDDATE="$(date --date="${_RESULT}" --utc +%s)" + readonly _ENDDATE + + ! echo "${_ENDDATE}" | grep -q -E "^[0-9]*$" \ + && echo "FAIL#Unable to parse end date of certificate" \ + && return 1 + + local _NOW _REMAINING_DAYS + _NOW="$(date --date now +%s)" + _REMAINING_DAYS="$(( (_ENDDATE - _NOW) / 86400 ))" + readonly _NOW _REMAINING_DAYS + + [ -z "${_REMAINING_DAYS}" ] \ + && echo "WARN#Only ${_REMAINING_DAYS} days left" \ + && return 1 + + echo "OK#${_REMAINING_DAYS} days remaining" + return 0 +} + +checkPostgresSSLCertificate "${@}" && exit 0 || exit 1 diff --git a/script/monitor/generic/URL_CHECK.sh b/script/monitor/generic/URL_CHECK.sh index 5625762..a14f280 100755 --- a/script/monitor/generic/URL_CHECK.sh +++ b/script/monitor/generic/URL_CHECK.sh @@ -1,7 +1,5 @@ #!/bin/bash -_URL="${1:?"URL of site missing"}" - #curl: # --connect-timeout SECONDS Maximum time allowed for connection # -k Allow connections to SSL sites without certs (H) @@ -14,4 +12,41 @@ _URL="${1:?"URL of site missing"}" #grep: # -q Quite, no output just status codes # -F Interpret search term as plain text -((curl --connect-timeout 10 --max-time 10 -k -s --head --no-progress-meter "${_URL}" | grep -qF '200 OK') && echo OK) || echo FAIL +function checkUrl() { + local _URL + _URL="${1:?"URL of site missing"}" + readonly _URL + + local _RESULT + _RESULT="$(curl --connect-timeout 10 --max-time 10 --head --no-progress-meter --verbose "${_URL}" 2>&1 | grep -o -E '(expire.*|^HTTP.*200 OK)')" + readonly _RESULT + + ! echo "${_RESULT}" | grep -q -F '200 OK' \ + && echo "FAIL#Status code 200 not found" \ + && return 1 + + local _ENDDATE + _ENDDATE="$(echo "${_RESULT}" | grep -F 'expire' | cut -d':' -f2-)" + _ENDDATE="$(date --date="${_ENDDATE}" --utc +%s)" + readonly _ENDDATE + + ! echo "${_ENDDATE}" | grep -q -E "^[0-9]*$" \ + && echo "FAIL#Unable to parse end date of certificate" \ + && return 1 + + local _NOW _REMAINING_DAYS + _NOW="$(date --date now +%s)" + _REMAINING_DAYS="$(( (_ENDDATE - _NOW) / 86400 ))" + readonly _NOW _REMAINING_DAYS + + # less than 30 days remaining => should be warned + [ "${_REMAINING_DAYS}" -le "30" ] \ + && echo "WARN#Certificate: only ${_REMAINING_DAYS} days left" \ + && return 1 + + echo "OK#Certificate: ${_REMAINING_DAYS} days remaining" + return 0 +} + +#((curl --connect-timeout 10 --max-time 10 -k -s --head --no-progress-meter "${_URL}" | grep -qF '200 OK') && echo OK) || echo FAIL +checkUrl "${@}" && exit 0 || exit 1