Everbrent/cis
9
0
Fork 0
mirror of https://github.com/m8tin/cis.git synced 2025-12-06 15:58:26 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
7b72c0c0b138fae9d5901980031a762a2271e163
cis/script/monitor/generic/POSTGRES_CERTIFICATE_CHECK.sh

38 lines
1.1 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
function checkPostgresSSLCertificate() {
local _SERVER
_SERVER="${1:?"FQDN of server missing"}"
readonly _SERVER
local _RESULT
_RESULT="$(echo | openssl s_client -starttls postgres -connect "${_SERVER}":5432 -servername "${_SERVER}" 2> /dev/null | openssl x509 -noout -enddate | grep -F 'notAfter=' | cut -d'=' -f2)"
readonly _RESULT
[ -z "${_RESULT}" ] \
&& echo "FAIL#Unable to get cert's end date from ${_SERVER}:5432" \
&& return 1
local _ENDDATE
_ENDDATE="$(date --date="${_RESULT}" --utc +%s)"
readonly _ENDDATE
! echo "${_ENDDATE}" | grep -q -E "^[0-9]*$" \
&& echo "FAIL#Unable to parse end date of certificate" \
&& return 1
local _NOW _REMAINING_DAYS
_NOW="$(date --date now +%s)"
_REMAINING_DAYS="$(( (_ENDDATE - _NOW) / 86400 ))"
readonly _NOW _REMAINING_DAYS
[ -z "${_REMAINING_DAYS}" ] \
&& echo "WARN#Only ${_REMAINING_DAYS} days left" \
&& return 1
echo "OK#${_REMAINING_DAYS} days remaining"
return 0
}
checkPostgresSSLCertificate "${@}" && exit 0 || exit 1
Reference in New Issue View Git Blame Copy Permalink