generic checks updated

script/monitor/generic/POSTGRES_CERTIFICATE_CHECK.sh

@@ -0,0 +1,37 @@
+#!/bin/bash
+
+function checkPostgresSSLCertificate() {
+    local _SERVER
+    _SERVER="${1:?"FQDN of server missing"}"
+    readonly _SERVER
+
+    local _RESULT
+    _RESULT="$(echo | openssl s_client -starttls postgres -connect "${_SERVER}":5432 -servername "${_SERVER}" 2> /dev/null | openssl x509 -noout -enddate | grep -F 'notAfter=' | cut -d'=' -f2)"
+    readonly _RESULT
+
+    [ -z "${_RESULT}" ] \
+        && echo "FAIL#Unable to get cert's end date from ${_SERVER}:5432" \
+        && return 1
+
+    local _ENDDATE
+    _ENDDATE="$(date --date="${_RESULT}" --utc +%s)"
+    readonly _ENDDATE
+
+    ! echo "${_ENDDATE}" | grep -q -E "^[0-9]*$" \
+        && echo "FAIL#Unable to parse end date of certificate" \
+        && return 1
+
+    local _NOW _REMAINING_DAYS
+    _NOW="$(date --date now +%s)"
+    _REMAINING_DAYS="$(( (_ENDDATE - _NOW) / 86400 ))"
+    readonly _NOW _REMAINING_DAYS
+
+    [ -z "${_REMAINING_DAYS}" ] \
+        && echo "WARN#Only ${_REMAINING_DAYS} days left" \
+        && return 1
+
+    echo "OK#${_REMAINING_DAYS} days remaining"
+    return 0
+}
+
+checkPostgresSSLCertificate "${@}" && exit 0 || exit 1

script/monitor/generic/URL_CHECK.sh

@@ -1,7 +1,5 @@
 #!/bin/bash
 
-_URL="${1:?"URL of site missing"}"
-
 #curl:
 # --connect-timeout SECONDS  Maximum time allowed for connection
 # -k                         Allow connections to SSL sites without certs (H)
@@ -14,4 +12,41 @@ _URL="${1:?"URL of site missing"}"
 #grep:
 # -q                         Quite, no output just status codes
 # -F                         Interpret search term as plain text
-((curl --connect-timeout 10 --max-time 10 -k -s --head --no-progress-meter "${_URL}" | grep -qF '200 OK') && echo OK) || echo FAIL
+function checkUrl() {
+    local _URL
+    _URL="${1:?"URL of site missing"}"
+    readonly _URL
+
+    local _RESULT
+    _RESULT="$(curl --connect-timeout 10 --max-time 10 --head --no-progress-meter --verbose "${_URL}" 2>&1 | grep -o -E '(expire.*|^HTTP.*200 OK)')"
+    readonly _RESULT
+
+    ! echo "${_RESULT}" | grep -q -F '200 OK' \
+        && echo "FAIL#Status code 200 not found" \
+        && return 1
+
+    local _ENDDATE
+    _ENDDATE="$(echo "${_RESULT}" | grep -F 'expire' | cut -d':' -f2-)"
+    _ENDDATE="$(date --date="${_ENDDATE}" --utc +%s)"
+    readonly _ENDDATE
+
+    ! echo "${_ENDDATE}" | grep -q -E "^[0-9]*$" \
+        && echo "FAIL#Unable to parse end date of certificate" \
+        && return 1
+
+    local _NOW _REMAINING_DAYS
+    _NOW="$(date --date now +%s)"
+    _REMAINING_DAYS="$(( (_ENDDATE - _NOW) / 86400 ))"
+    readonly _NOW _REMAINING_DAYS
+
+    # less than 30 days remaining => should be warned
+    [ "${_REMAINING_DAYS}" -le "30" ] \
+        && echo "WARN#Certificate: only ${_REMAINING_DAYS} days left" \
+        && return 1
+
+    echo "OK#Certificate: ${_REMAINING_DAYS} days remaining"
+    return 0
+}
+
+#((curl --connect-timeout 10 --max-time 10 -k -s --head --no-progress-meter "${_URL}" | grep -qF '200 OK') && echo OK) || echo FAIL
+checkUrl "${@}" && exit 0 || exit 1