Everbrent/cis
8
0
Fork 0
mirror of https://github.com/m8tin/cis.git synced 2026-06-02 14:56:58 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
b991f27ba2d0ef47c5066085464560881c41d92b
cis/script/monitor/generic/POSTGRES_CERTIFICATE_CHECK.sh
T
m8in be13e429e7 Fixed and improved
2026-04-09 18:17:49 +02:00

47 lines
1.5 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
function checkPostgresSSLCertificate() {
local _SERVER _THRESHOLD_DAYS
_SERVER="${1:?"FQDN of server missing"}"
_THRESHOLD_DAYS="${2:?"THRESHOLD in days missing"}"
readonly _SERVER _THRESHOLD_DAYS
local _RESULT
_RESULT="$(echo | openssl s_client -starttls postgres -connect "${_SERVER}":5432 -servername "${_SERVER}" 2> /dev/null | openssl x509 -noout -enddate | grep -F 'notAfter=' | cut -d'=' -f2)"
readonly _RESULT
[ -z "${_RESULT}" ] \
&& echo "FAIL#Unable to get cert's end date from ${_SERVER}:5432" \
&& return 1
local _ENDDATE
_ENDDATE="$(date --date="${_RESULT}" --utc +%s)"
readonly _ENDDATE
! echo "${_ENDDATE}" | grep -q -E "^[0-9]*$" \
&& echo "FAIL#Unable to parse end date of certificate" \
&& return 1
local _NOW _REMAINING_DAYS
_NOW="$(date --date now +%s)"
_REMAINING_DAYS="$(( (_ENDDATE - _NOW) / 86400 ))"
readonly _NOW _REMAINING_DAYS
! echo "${_REMAINING_DAYS}" | grep -q -E "^[0-9]*$" \
&& echo "FAIL#Remaining days '${_REMAINING_DAYS}' are invalid" \
&& return 1
! echo "${_THRESHOLD_DAYS}" | grep -q -E "^[0-9]*$" \
&& echo "FAIL#Threshold days '${_THRESHOLD_DAYS}' are invalid" \
&& return 1
[ "${_REMAINING_DAYS}" -gt "${_THRESHOLD_DAYS}" ] \
&& echo "OK#${_REMAINING_DAYS} days remaining" \
&& return 0
echo "WARN#Only ${_REMAINING_DAYS} days left"
return 1
}
checkPostgresSSLCertificate "${@}" && exit 0 || exit 1
Reference in New Issue View Git Blame Copy Permalink