Hello community, here is the log from the commit of package ssl-cert-check for openSUSE:Factory checked in at 2019-02-13 10:06:36 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ssl-cert-check (Old) and /work/SRC/openSUSE:Factory/.ssl-cert-check.new.28833 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ssl-cert-check" Wed Feb 13 10:06:36 2019 rev:2 rq:673661 version:4.9git.1549917512.89cd021 Changes: -------- --- /work/SRC/openSUSE:Factory/ssl-cert-check/ssl-cert-check.changes 2019-01-21 10:51:32.659932606 +0100 +++ /work/SRC/openSUSE:Factory/.ssl-cert-check.new.28833/ssl-cert-check.changes 2019-02-13 10:07:04.585535622 +0100 @@ -1,0 +2,44 @@ +Tue Feb 12 09:48:52 UTC 2019 - Karol Babioch <kbabi...@suse.de> + +- Refreshed fix-shebang.patch + +- Version 4.9 + - Add a signal handler to call the cleanup funtion if the script doesn't + exit() cleanly -- Timothe Litt +- Version 4.8 + - More mail client fixes +- Version 4.7 + - Revert SENDER to "" + - More shellcheck cleanup +- Version 4.6 + - Fixed programming logic error +- Version 4.5 + - Re-work mailx support for FreeBSD + - More shellcheck fixes +- Version 4.4 + - Use command -v instead of which utility to satisfy shellcheck. + - Fix unquoted MAIL and MAILMODE variables in help output + - More shellcheck fixes +- Version 4.3 + - Fixed a typo in the program version +- Version 4.2 + - Change CERTDAYS to CERTDIFF in the e-mail subject. +- Version 4.1 + - Fix usage output +- Version 4.0 + - Updated the script syntax to align with UNIX shell programming + - Check for DNS resolution failures + - First round of updates to make shellcheck happy + - Rework the logic to call mailx. + - Print the version with the "-V" option. + - Define the version in the PROGRAMVERSION variable + +------------------------------------------------------------------- +Fri Jan 25 14:30:49 UTC 2019 - l...@linux-schulserver.de + +- build require xz to make sure the sources can be unpacked +- re-introduce buildroot and defattr definitions, as the package + otherwise fails on SLE-11 and other distributions +- license macro is only known on newer (open)SUSE distributions + +------------------------------------------------------------------- Old: ---- ssl-cert-check-3.31git.1525871461.698c199.tar.xz New: ---- ssl-cert-check-4.9git.1549917512.89cd021.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ssl-cert-check.spec ++++++ --- /var/tmp/diff_new_pack.PEBdRn/_old 2019-02-13 10:07:07.541534874 +0100 +++ /var/tmp/diff_new_pack.PEBdRn/_new 2019-02-13 10:07:07.545534872 +0100 @@ -1,7 +1,7 @@ # # spec file for package ssl-cert-check # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: ssl-cert-check -Version: 3.31git.1525871461.698c199 +Version: 4.9git.1549917512.89cd021 Release: 0 Summary: Shell script to send notifications when SSL certificates are about to expire License: GPL-2.0-only @@ -26,16 +26,18 @@ Source0: %{name}-%{version}.tar.xz Patch0: fix-shebang.patch Requires: bash -Requires: gawk Requires: coreutils +Requires: findutils +Requires: gawk Requires: grep Requires: openssl Requires: sed -Requires: findutils +BuildRequires: xz Recommends: mailx Provides: monitoring-plugins-ssl-cert-check = 3.29 Obsoletes: monitoring-plugins-ssl-cert-check <= 3.29 BuildArch: noarch +BuildRoot: %{_tmppath}/%{name}-%{version}-build %description ssl-cert-check is a Bourne shell script that can be used to report on expiring @@ -52,7 +54,12 @@ install -D -m0755 ssl-cert-check %{buildroot}/%{_bindir}/ssl-cert-check %files +%defattr(-,root,root) +%if 0%{suse_version} >= 1500 %license LICENSE* +%else +%doc LICENSE* +%endif %doc README* %{_bindir}/ssl-cert-check ++++++ _service ++++++ --- /var/tmp/diff_new_pack.PEBdRn/_old 2019-02-13 10:07:07.573534866 +0100 +++ /var/tmp/diff_new_pack.PEBdRn/_new 2019-02-13 10:07:07.577534864 +0100 @@ -2,7 +2,7 @@ <service name="obs_scm" mode="localonly"> <param name="url">https://github.com/Matty9191/ssl-cert-check.git</param> <param name="scm">git</param> - <param name="versionprefix">3.31git</param> + <param name="versionprefix">4.9git</param> </service> <service mode="localonly" name="tar" /> <service mode="localonly" name="recompress"> ++++++ fix-shebang.patch ++++++ --- /var/tmp/diff_new_pack.PEBdRn/_old 2019-02-13 10:07:07.581534863 +0100 +++ /var/tmp/diff_new_pack.PEBdRn/_new 2019-02-13 10:07:07.581534863 +0100 @@ -2,13 +2,13 @@ ssl-cert-check | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -Index: ssl-cert-check/ssl-cert-check +Index: ssl-cert-check-4.9git.1549917512.89cd021/ssl-cert-check =================================================================== ---- ssl-cert-check.orig/ssl-cert-check -+++ ssl-cert-check/ssl-cert-check +--- ssl-cert-check-4.9git.1549917512.89cd021.orig/ssl-cert-check ++++ ssl-cert-check-4.9git.1549917512.89cd021/ssl-cert-check @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/bin/bash + PROGRAMVERSION=4.9 # # Program: SSL Certificate Check <ssl-cert-check> - # ++++++ ssl-cert-check-3.31git.1525871461.698c199.tar.xz -> ssl-cert-check-4.9git.1549917512.89cd021.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ssl-cert-check-3.31git.1525871461.698c199/ssl-cert-check new/ssl-cert-check-4.9git.1549917512.89cd021/ssl-cert-check --- old/ssl-cert-check-3.31git.1525871461.698c199/ssl-cert-check 2018-05-09 15:11:01.000000000 +0200 +++ new/ssl-cert-check-4.9git.1549917512.89cd021/ssl-cert-check 2019-02-11 21:38:32.000000000 +0100 @@ -1,4 +1,5 @@ #!/usr/bin/env bash +PROGRAMVERSION=4.9 # # Program: SSL Certificate Check <ssl-cert-check> # @@ -8,10 +9,50 @@ # # Author: Matty < matty91 at gmail dot com > # -# Current Version: 3.30 +# Last Updated: 02-11-2019 # # Revision History: # +# Version 4.9 +# - Add a signal handler to call the cleanup funtion +# if the script doesn't exit() cleanly -- Timothe Litt +# +# Version 4.8 +# - More mail client fixes +# +# Version 4.7 +# - Revert SENDER to "" +# - More shellcheck cleanup +# +# Version 4.6 +# - Fixed programming logic error +# +# Version 4.5 +# - Re-work mailx support for FreeBSD +# - More shellcheck fixes +# +# Version 4.4 +# - Use command -v instead of which utility to satisfy shellcheck. +# - Fix unquoted MAIL and MAILMODE variables in help output +# - More shellcheck fixes +# +# Version 4.3 +# - Fixed a typo in the program version +# +# Version 4.2 +# - Change CERTDAYS to CERTDIFF in the e-mail subject. +# +# Version 4.1 +# - Fix usage output +# +# Version 4.0 +# - Updated the script syntax to align with UNIX shell programming +# - Check for DNS resolution failures +# - First round of updates to make shellcheck happy +# - Rework the logic to call mailx. +# - Print the version with the "-V" option. +# - Define the version in the PROGRAMVERSION variable +# # Version 3.31 # - Fixed the test for the -servername flag -- Kitson Consulting. # @@ -179,8 +220,6 @@ # Version 1.0 # Initial Release # -# Last Updated: 12-12-2016 -# # Purpose: # ssl-cert-check checks to see if a digital certificate in X.509 format # has expired. ssl-cert-check can be run in interactive and batch mode, @@ -221,6 +260,9 @@ # Please refer to the following site for documentation and examples: # http://prefetch.net/articles/checkcertificate.html +# Cleanup temp files if they exist +trap cleanup EXIT INT TERM QUIT + PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/ssl/bin:/usr/sfw/bin export PATH @@ -228,7 +270,7 @@ ADMIN="root" # Email sender address for alarm notifications -SENDER="postmaster@localhost.localdomain" +SENDER="" # Number of days in the warning threshhold (cmdline: -x) WARNDAYS=30 @@ -258,38 +300,32 @@ DEBUG=0 # Location of system binaries -AWK=$(which awk) -DATE=$(which date) -GREP=$(which grep) -OPENSSL=$(which openssl) +AWK=$(command -v awk) +DATE=$(command -v date) +GREP=$(command -v grep) +OPENSSL=$(command -v openssl) PRINTF=$(which printf) -SED=$(which sed) -MKTEMP=$(which mktemp) -FIND=$(which find) +SED=$(command -v sed) +MKTEMP=$(command -v mktemp) +FIND=$(command -v find) # Try to find a mail client -if [ -f /usr/bin/mailx ] -then +if [ -f /usr/bin/mailx ]; then MAIL="/usr/bin/mailx" MAILMODE="mailx" -elif [ -f /bin/mail ] -then +elif [ -f /bin/mail ]; then MAIL="/bin/mail" MAILMODE="mail" -elif [ -f /usr/bin/mail ] -then +elif [ -f /usr/bin/mail ]; then MAIL="/usr/bin/mail" MAILMODE="mail" -elif [ -f /sbin/mail ] -then +elif [ -f /sbin/mail ]; then MAIL="/sbin/mail" MAILMODE="mail" -elif [ -f /usr/sbin/mail ] -then +elif [ -f /usr/sbin/mail ]; then MAIL="/usr/sbin/mail" MAILMODE="mail" -elif [ -f /usr/sbin/sendmail ] -then +elif [ -f /usr/sbin/sendmail ]; then MAIL="/usr/sbin/sendmail" MAILMODE="sendmail" else @@ -314,6 +350,21 @@ ##################################################### +# Purpose: Remove temporary files if the script doesn't +# exit() cleanly +##################################################### +cleanup() { + if [ -f "${CERT_TMP}" ]; then + rm -f "${CERT_TMP}" + fi + + if [ -f "${ERROR_TMP}" ]; then + rm -f "${ERROR_TMP}" + fi +} + + +##################################################### ### Send email ### Accepts three parameters: ### $1 -> sender email address @@ -323,21 +374,24 @@ ##################################################### send_mail() { - FROM=${1} - TO=${2} - SUBJECT=${3} - MSG=${4} + FROM="${1}" + TO="${2}" + SUBJECT="${3}" + MSG="${4}" case "${MAILMODE}" in - "mail" | "mailx") - echo "$MSG" | ${MAIL} -r $FROM -s "$SUBJECT" $TO + "mail") + echo "$MSG" | "${MAIL}" -r "$FROM" -s "$SUBJECT" "$TO" + ;; + "mailx") + echo "$MSG" | "${MAIL}" -s "$SUBJECT" "$TO" ;; "sendmail") - (echo "Subject:$SUBJECT" && echo "TO:$TO" && echo "FROM:$FROM" && echo "$MSG") | ${MAIL} $TO + (echo "Subject:$SUBJECT" && echo "TO:$TO" && echo "FROM:$FROM" && echo "$MSG") | "${MAIL}" "$TO" ;; "*") echo "ERROR: You enabled automated alerts, but the mail binary could not be found." - echo "FIX: Please modify the ${MAIL} and ${$MAILMODE} variable in the program header." + echo "FIX: Please modify the \${MAIL} and \${MAILMODE} variable in the program header." exit 1 ;; esac @@ -355,8 +409,7 @@ ############################################################################# date2julian() { - if [ "${1}" != "" ] && [ "${2}" != "" ] && [ "${3}" != "" ] - then + if [ "${1}" != "" ] && [ "${2}" != "" ] && [ "${3}" != "" ]; then ## Since leap years add aday at the end of February, ## calculations are done from 1 March 0000 (a fictional year) d2j_tmpmonth=$((12 * ${3} + ${1} - 3)) @@ -406,8 +459,7 @@ ############################################################################# date_diff() { - if [ "${1}" != "" ] && [ "${2}" != "" ] - then + if [ "${1}" != "" ] && [ "${2}" != "" ]; then echo $((${2} - ${1})) else echo 0 @@ -426,35 +478,28 @@ ##################################################################### prints() { - if [ "${NAGIOSSUMMARY}" == "TRUE" ] - then + if [ "${NAGIOSSUMMARY}" == "TRUE" ]; then return fi - if [ "${QUIET}" != "TRUE" ] && [ "${ISSUER}" = "TRUE" ] && [ "${VALIDATION}" != "TRUE" ] - then - MIN_DATE=$(echo $4 | ${AWK} '{ print $1, $2, $4 }') - if [ "${NAGIOS}" == "TRUE" ] - then + if [ "${QUIET}" != "TRUE" ] && [ "${ISSUER}" = "TRUE" ] && [ "${VALIDATION}" != "TRUE" ]; then + MIN_DATE=$(echo "$4" | ${AWK} '{ print $1, $2, $4 }') + if [ "${NAGIOS}" == "TRUE" ]; then ${PRINTF} "%-35s %-17s %-8s %-11s %-4s %-30s\n" "$1:$2" "$6" "$3" "$MIN_DATE" \|days="$5" else ${PRINTF} "%-35s %-17s %-8s %-11s %-4s %-30s\n" "$1:$2" "$6" "$3" "$MIN_DATE" "$5" fi - elif [ "${QUIET}" != "TRUE" ] && [ "${ISSUER}" = "TRUE" ] && [ "${VALIDATION}" == "TRUE" ] - then + elif [ "${QUIET}" != "TRUE" ] && [ "${ISSUER}" = "TRUE" ] && [ "${VALIDATION}" == "TRUE" ]; then ${PRINTF} "%-35s %-35s %-32s %-17s\n" "$1:$2" "$7" "$8" "$6" - elif [ "${QUIET}" != "TRUE" ] && [ "${VALIDATION}" != "TRUE" ] - then + elif [ "${QUIET}" != "TRUE" ] && [ "${VALIDATION}" != "TRUE" ]; then MIN_DATE=$(echo $4 | ${AWK} '{ print $1, $2, $4 }') - if [ "${NAGIOS}" == "TRUE" ] - then + if [ "${NAGIOS}" == "TRUE" ]; then ${PRINTF} "%-47s %-12s %-12s %-4s %-30s\n" "$1:$2" "$3" "$MIN_DATE" \|days="$5" else ${PRINTF} "%-47s %-12s %-12s %-4s %-30s\n" "$1:$2" "$3" "$MIN_DATE" "$5" fi - elif [ "${QUIET}" != "TRUE" ] && [ "${VALIDATION}" == "TRUE" ] - then + elif [ "${QUIET}" != "TRUE" ] && [ "${VALIDATION}" == "TRUE" ]; then ${PRINTF} "%-35s %-35s %-32s\n" "$1:$2" "$7" "$8" fi } @@ -467,25 +512,20 @@ #################################################### print_heading() { - if [ "${NOHEADER}" != "TRUE" ] - then - if [ "${QUIET}" != "TRUE" ] && [ "${ISSUER}" = "TRUE" ] && [ "${NAGIOS}" != "TRUE" ] && [ "${VALIDATION}" != "TRUE" ] - then + if [ "${NOHEADER}" != "TRUE" ]; then + if [ "${QUIET}" != "TRUE" ] && [ "${ISSUER}" = "TRUE" ] && [ "${NAGIOS}" != "TRUE" ] && [ "${VALIDATION}" != "TRUE" ]; then ${PRINTF} "\n%-35s %-17s %-8s %-11s %-4s\n" "Host" "Issuer" "Status" "Expires" "Days" echo "----------------------------------- ----------------- -------- ----------- ----" - elif [ "${QUIET}" != "TRUE" ] && [ "${ISSUER}" = "TRUE" ] && [ "${NAGIOS}" != "TRUE" ] && [ "${VALIDATION}" == "TRUE" ] - then + elif [ "${QUIET}" != "TRUE" ] && [ "${ISSUER}" = "TRUE" ] && [ "${NAGIOS}" != "TRUE" ] && [ "${VALIDATION}" == "TRUE" ]; then ${PRINTF} "\n%-35s %-35s %-32s %-17s\n" "Host" "Common Name" "Serial #" "Issuer" echo "----------------------------------- ----------------------------------- -------------------------------- -----------------" - elif [ "${QUIET}" != "TRUE" ] && [ "${NAGIOS}" != "TRUE" ] && [ "${VALIDATION}" != "TRUE" ] - then + elif [ "${QUIET}" != "TRUE" ] && [ "${NAGIOS}" != "TRUE" ] && [ "${VALIDATION}" != "TRUE" ]; then ${PRINTF} "\n%-47s %-12s %-12s %-4s\n" "Host" "Status" "Expires" "Days" echo "----------------------------------------------- ------------ ------------ ----" - elif [ "${QUIET}" != "TRUE" ] && [ "${NAGIOS}" != "TRUE" ] && [ "${VALIDATION}" == "TRUE" ] - then + elif [ "${QUIET}" != "TRUE" ] && [ "${NAGIOS}" != "TRUE" ] && [ "${VALIDATION}" == "TRUE" ]; then ${PRINTF} "\n%-35s %-35s %-32s\n" "Host" "Common Name" "Serial #" echo "----------------------------------- ----------------------------------- --------------------------------" fi @@ -499,21 +539,17 @@ #################################################### print_summary() { - if [ "${NAGIOSSUMMARY}" != "TRUE" ] - then + if [ "${NAGIOSSUMMARY}" != "TRUE" ]; then return fi - if [ ${SUMMARY_WILL_EXPIRE} -eq 0 ] && [ ${SUMMARY_EXPIRED} -eq 0 ] - then + if [ ${SUMMARY_WILL_EXPIRE} -eq 0 ] && [ ${SUMMARY_EXPIRED} -eq 0 ]; then ${PRINTF} "%s valid certificate(s)|days=%s\n" "${SUMMARY_VALID}" "${SUMMARY_MIN_DIFF}" - elif [ ${SUMMARY_EXPIRED} -ne 0 ] - then + elif [ ${SUMMARY_EXPIRED} -ne 0 ]; then ${PRINTF} "%s certificate(s) expired (%s:%s on %s)|days=%s\n" "${SUMMARY_EXPIRED}" "${SUMMARY_MIN_HOST}" "${SUMMARY_MIN_PORT}" "${SUMMARY_MIN_DATE}" "${SUMMARY_MIN_DIFF}" - elif [ ${SUMMARY_WILL_EXPIRE} -ne 0 ] - then + elif [ ${SUMMARY_WILL_EXPIRE} -ne 0 ]; then ${PRINTF} "%s certificate(s) will expire (%s:%s on %s)|days=%s\n" "${SUMMARY_WILL_EXPIRE}" "${SUMMARY_MIN_HOST}" "${SUMMARY_MIN_PORT}" "${SUMMARY_MIN_DATE}" "${SUMMARY_MIN_DIFF}" fi @@ -526,9 +562,8 @@ ############################################################# set_returncode() { - if [ ${RETCODE} -lt ${1} ] - then - RETCODE=${1} + if [ "${RETCODE}" -lt "${1}" ]; then + RETCODE="${1}" fi } @@ -543,24 +578,19 @@ ######################################################################## set_summary() { - if [ ${1} -eq 0 ] - then + if [ "${1}" -eq 0 ]; then SUMMARY_VALID=$((SUMMARY_VALID+1)) - - elif [ ${1} -eq 1 ] - then + elif [ "${1}" -eq 1 ]; then SUMMARY_WILL_EXPIRE=$((SUMMARY_WILL_EXPIRE+1)) - else SUMMARY_EXPIRED=$((SUMMARY_EXPIRED+1)) fi - if [ ${5} -lt ${SUMMARY_MIN_DIFF} ] || [ ${SUMMARY_MIN_DIFF} -eq 0 ] - then - SUMMARY_MIN_DATE=${4} - SUMMARY_MIN_DIFF=${5} - SUMMARY_MIN_HOST=${2} - SUMMARY_MIN_PORT=${3} + if [ "${5}" -lt "${SUMMARY_MIN_DIFF}" ] || [ "${SUMMARY_MIN_DIFF}" -eq 0 ]; then + SUMMARY_MIN_DATE="${4}" + SUMMARY_MIN_DIFF="${5}" + SUMMARY_MIN_HOST="${2}" + SUMMARY_MIN_PORT="${3}" fi } @@ -588,10 +618,11 @@ echo " -N : Run as a Nagios plugin and output one line summary (implies -n, requires -f or -d)" echo " -p port : Port to connect to (interactive mode)" echo " -s commmon name : Server to connect to (interactive mode)" + echo " -S : Print validation information" echo " -t type : Specify the certificate type" echo " -q : Don't print anything on the console" echo " -v : Specify a specific protocol version to use (tls, ssl2, ssl3)" - echo " -V : Only print validation data" + echo " -V : Print version information" echo " -x days : Certificate expiration interval (eg. if cert_date < days)" echo "" } @@ -606,73 +637,53 @@ ########################################################################## check_server_status() { - if [ "_${2}" = "_smtp" -o "_${2}" = "_25" ] - then + if [ "_${2}" = "_smtp" ] || [ "_${2}" = "_25" ]; then TLSFLAG="-starttls smtp" - - elif [ "_${2}" = "_ftp" -o "_${2}" = "_21" ] - then + elif [ "_${2}" = "_ftp" ] || [ "_${2}" = "_21" ]; then TLSFLAG="-starttls ftp" - - elif [ "_${2}" = "_pop3" -o "_${2}" = "_110" ] - then + elif [ "_${2}" = "_pop3" ] || [ "_${2}" = "_110" ]; then TLSFLAG="-starttls pop3" - - elif [ "_${2}" = "_imap" -o "_${2}" = "_143" ] - then + elif [ "_${2}" = "_imap" ] || [ "_${2}" = "_143" ]; then TLSFLAG="-starttls imap" - - elif [ "_${2}" = "_submission" -o "_${2}" = "_587" ] - then + elif [ "_${2}" = "_submission" ] || [ "_${2}" = "_587" ]; then TLSFLAG="-starttls smtp -port ${2}" else TLSFLAG="" fi - if [ "${VERSION}" != "" ] - then + if [ "${VERSION}" != "" ]; then VER="-${VERSION}" fi - if [ "${TLSSERVERNAME}" = "TRUE" ] - then + if [ "${TLSSERVERNAME}" = "TRUE" ]; then TLSFLAG="${TLSFLAG} -servername $1" fi - echo "" | ${OPENSSL} s_client -crlf ${VER} -connect ${1}:${2} ${TLSFLAG} 2> ${ERROR_TMP} 1> ${CERT_TMP} + echo "" | "${OPENSSL}" s_client -crlf ${VER} -connect ${1}:${2} ${TLSFLAG} 2> "${ERROR_TMP}" 1> "${CERT_TMP}" - if ${GREP} -i "Connection refused" ${ERROR_TMP} > /dev/null - then - prints ${1} ${2} "Connection refused" "Unknown" + if "${GREP}" -i "Connection refused" "${ERROR_TMP}" > /dev/null; then + prints "${1}" "${2}" "Connection refused" "Unknown" set_returncode 3 - - elif ${GREP} -i "No route to host" ${ERROR_TMP} > /dev/null - then - prints ${1} ${2} "No route to host" "Unknown" + elif "${GREP}" -i "No route to host" "${ERROR_TMP}" > /dev/null; then + prints "${1}" "${2}" "No route to host" "Unknown" set_returncode 3 - - elif ${GREP} -i "gethostbyname failure" ${ERROR_TMP} > /dev/null - then - prints ${1} ${2} "Cannot resolve domain" "Unknown" + elif "${GREP}" -i "gethostbyname failure" "${ERROR_TMP}" > /dev/null; then + prints "${1}" "${2}" "Cannot resolve domain" "Unknown" set_returncode 3 - - elif ${GREP} -i "Operation timed out" ${ERROR_TMP} > /dev/null - then - prints ${1} ${2} "Operation timed out" "Unknown" + elif "${GREP}" -i "Operation timed out" "${ERROR_TMP}" > /dev/null; then + prints "${1}" "${2}" "Operation timed out" "Unknown" set_returncode 3 - - elif ${GREP} -i "ssl handshake failure" ${ERROR_TMP} > /dev/null - then - prints ${1} ${2} "SSL handshake failed" "Unknown" + elif "${GREP}" -i "ssl handshake failure" "${ERROR_TMP}" > /dev/null; then + prints "${1}" "${2}" "SSL handshake failed" "Unknown" set_returncode 3 - - elif ${GREP} -i "connect: Connection timed out" ${ERROR_TMP} > /dev/null - then - prints ${1} ${2} "Connection timed out" "Unknown" + elif "${GREP}" -i "connect: Connection timed out" "${ERROR_TMP}" > /dev/null; then + prints "${1}" "${2}" "Connection timed out" "Unknown" + set_returncode 3 + elif "${GREP}" -i "Name or service not known" "${ERROR_TMP}" > /dev/null; then + prints "${1}" "${2}" "Unable to resolve the DNS name ${1}" "Unknown" set_returncode 3 - else - check_file_status ${CERT_TMP} $1 $2 + check_file_status "${CERT_TMP}" "${1}" "${2}" fi } @@ -685,13 +696,12 @@ ##################################################### check_file_status() { - CERTFILE=${1} - HOST=${2} - PORT=${3} + CERTFILE="${1}" + HOST="${2}" + PORT="${3}" ### Check to make sure the certificate file exists - if [ ! -r ${CERTFILE} ] || [ ! -s ${CERTFILE} ] - then + if [ ! -r "${CERTFILE}" ] || [ ! -s "${CERTFILE}" ]; then echo "ERROR: The file named ${CERTFILE} is unreadable or doesn't exist" echo "ERROR: Please check to make sure the certificate for ${HOST}:${PORT} is valid" set_returncode 3 @@ -699,30 +709,29 @@ fi ### Grab the expiration date from the X.509 certificate - if [ "${PKCSDBPASSWD}" != "" ] - then + if [ "${PKCSDBPASSWD}" != "" ]; then # Extract the certificate from the PKCS#12 database, and # send the informational message to /dev/null - ${OPENSSL} pkcs12 -nokeys -in ${CERTFILE} \ - -out ${CERT_TMP} -clcerts -password pass:${PKCSDBPASSWD} 2> /dev/null + "${OPENSSL}" pkcs12 -nokeys -in "${CERTFILE}" \ + -out "${CERT_TMP}" -clcerts -password pass:"${PKCSDBPASSWD}" 2> /dev/null # Extract the expiration date from the certificate - CERTDATE=$(${OPENSSL} x509 -in ${CERT_TMP} -enddate -noout | \ - ${SED} 's/notAfter\=//') + CERTDATE=$("${OPENSSL}" x509 -in "${CERT_TMP}" -enddate -noout | \ + "${SED}" 's/notAfter\=//') # Extract the issuer from the certificate - CERTISSUER=$(${OPENSSL} x509 -in ${CERT_TMP} -issuer -noout | \ - ${AWK} 'BEGIN {RS="/" } $0 ~ /^O=/ \ + CERTISSUER=$("${OPENSSL}" x509 -in "${CERT_TMP}" -issuer -noout | \ + "${AWK}" 'BEGIN {RS="/" } $0 ~ /^O=/ \ { print substr($0,3,17)}') ### Grab the common name (CN) from the X.509 certificate - COMMONNAME=$(${OPENSSL} x509 -in ${CERT_TMP} -subject -noout | \ - ${SED} -e 's/.*CN=//' | \ - ${SED} -e 's/\/.*//') + COMMONNAME=$("${OPENSSL}" x509 -in "${CERT_TMP}" -subject -noout | \ + "${SED}" -e 's/.*CN=//' | \ + "${SED}" -e 's/\/.*//') ### Grab the serial number from the X.509 certificate - SERIAL=$(${OPENSSL} x509 -in ${CERT_TMP} -serial -noout | \ - ${SED} -e 's/serial=//') + SERIAL=$("${OPENSSL}" x509 -in "${CERT_TMP}" -serial -noout | \ + "${SED}" -e 's/serial=//') else # Extract the expiration date from the ceriticate CERTDATE=$(${OPENSSL} x509 -in ${CERTFILE} -enddate -noout -inform ${CERTTYPE} | \ @@ -750,10 +759,8 @@ CERTJULIAN=$(date2julian ${MONTH#0} ${2#0} ${4}) CERTDIFF=$(date_diff ${NOWJULIAN} ${CERTJULIAN}) - if [ ${CERTDIFF} -lt 0 ] - then - if [ "${ALARM}" = "TRUE" ] - then + if [ ${CERTDIFF} -lt 0 ]; then + if [ "${ALARM}" = "TRUE" ]; then send_mail ${SENDER} ${ADMIN} "Certificate for ${HOST} \"(CN: ${COMMONNAME})\" has expired!" \ "The SSL certificate for ${HOST} \"(CN: ${COMMONNAME})\" has expired!" fi @@ -761,33 +768,30 @@ prints ${HOST} ${PORT} "Expired" "${CERTDATE}" "${CERTDIFF}" "${CERTISSUER}" "${COMMONNAME}" "${SERIAL}" RETCODE_LOCAL=2 - elif [ ${CERTDIFF} -lt ${WARNDAYS} ] - then - if [ "${ALARM}" = "TRUE" ] - then - send_mail ${SENDER} ${ADMIN} "Certificate for ${HOST} \"(CN: ${COMMONNAME})\" will expire in ${WARNDAYS}-days or less" \ + elif [ ${CERTDIFF} -lt ${WARNDAYS} ]; then + if [ "${ALARM}" = "TRUE" ]; then + send_mail ${SENDER} ${ADMIN} "Certificate for ${HOST} \"(CN: ${COMMONNAME})\" will expire in ${CERTDIFF}-days or less" \ "The SSL certificate for ${HOST} \"(CN: ${COMMONNAME})\" will expire on ${CERTDATE}" fi - prints ${HOST} ${PORT} "Expiring" "${CERTDATE}" "${CERTDIFF}" "${CERTISSUER}" "${COMMONNAME}" "${SERIAL}" + prints "${HOST}" "${PORT}" "Expiring" "${CERTDATE}" "${CERTDIFF}" "${CERTISSUER}" "${COMMONNAME}" "${SERIAL}" RETCODE_LOCAL=1 else - prints ${HOST} ${PORT} "Valid" "${CERTDATE}" "${CERTDIFF}" "${CERTISSUER}" "${COMMONNAME}" "${SERIAL}" + prints "${HOST}" "${PORT}" "Valid" "${CERTDATE}" "${CERTDIFF}" "${CERTISSUER}" "${COMMONNAME}" "${SERIAL}" RETCODE_LOCAL=0 fi - set_returncode ${RETCODE_LOCAL} - MIN_DATE=$(echo ${CERTDATE} | ${AWK} '{ print $1, $2, $4 }') - set_summary ${RETCODE_LOCAL} ${HOST} ${PORT} "${MIN_DATE}" ${CERTDIFF} + set_returncode "${RETCODE_LOCAL}" + MIN_DATE=$(echo "${CERTDATE}" | "${AWK}" '{ print $1, $2, $4 }') + set_summary "${RETCODE_LOCAL}" "${HOST}" "${PORT}" "${MIN_DATE}" ${CERTDIFF} } ################################# ### Start of main program ################################# -while getopts abinNv:e:E:f:c:d:hk:p:s:t:qx:V option +while getopts abinNv:e:E:f:c:d:hk:p:s:S:t:qx:V option do - case "${option}" - in + case "${option}" in a) ALARM="TRUE";; b) NOHEADER="TRUE";; c) CERTFILE=${OPTARG};; @@ -804,10 +808,13 @@ NAGIOSSUMMARY="TRUE";; p) PORT=$OPTARG;; s) HOST=$OPTARG;; + S) VALIDATION="TRUE";; t) CERTTYPE=$OPTARG;; q) QUIET="TRUE";; v) VERSION=$OPTARG;; - V) VALIDATION="TRUE";; + V) echo "${PROGRAMVERSION}" + exit 0 + ;; x) WARNDAYS=$OPTARG;; \?) usage exit 1;; @@ -815,56 +822,49 @@ done ### Check to make sure a openssl utility is available -if [ ! -f ${OPENSSL} ] -then +if [ ! -f "${OPENSSL}" ]; then echo "ERROR: The openssl binary does not exist in ${OPENSSL}." echo "FIX: Please modify the \${OPENSSL} variable in the program header." exit 1 fi ### Check to make sure a date utility is available -if [ ! -f ${DATE} ] -then +if [ ! -f "${DATE}" ]; then echo "ERROR: The date binary does not exist in ${DATE} ." echo "FIX: Please modify the \${DATE} variable in the program header." exit 1 fi ### Check to make sure a grep and find utility is available -if [ ! -f ${GREP} ] || [ ! -f ${FIND} ] -then +if [ ! -f "${GREP}" ] || [ ! -f "${FIND}" ]; then echo "ERROR: Unable to locate the greb and find binary." echo "FIX: Please modify the \${GREP} and \${FIND} variables in the program header." exit 1 fi ### Check to make sure the mktemp and printf utilities are available -if [ ! -f ${MKTEMP} ] || [ ! -f ${PRINTF} ] -then +if [ ! -f "${MKTEMP}" ] || [ ! -f "${PRINTF}" ]; then echo "ERROR: Unable to locate the mktemp or printf binary." echo "FIX: Please modify the \${MKTEMP} and \${PRINTF} variables in the program header." exit 1 fi ### Check to make sure the sed and awk binaries are available -if [ ! -f ${SED} ] || [ ! -f ${AWK} ] -then +if [ ! -f "${SED}" ] || [ ! -f "${AWK}" ]; then echo "ERROR: Unable to locate the sed or awk binary." echo "FIX: Please modify the \${SED} and \${AWK} variables in the program header." exit 1 fi ### Check to make sure a mail client is available it automated notifications are requested -if [ "${ALARM}" = "TRUE" ] && [ ! -f ${MAIL} ] -then +if [ "${ALARM}" = "TRUE" ] && [ ! -f "${MAIL}" ]; then echo "ERROR: You enabled automated alerts, but the mail binary could not be found." echo "FIX: Please modify the ${MAIL} variable in the program header." exit 1 fi # Send along the servername when TLS is used -if ${OPENSSL} s_client -help 2>&1 | grep '-servername' > /dev/null -then +if ${OPENSSL} s_client -help 2>&1 | grep '-servername' > /dev/null; then TLSSERVERNAME="TRUE" else TLSSERVERNAME="FALSE" @@ -878,12 +878,11 @@ MONTH=$(${DATE} "+%m") DAY=$(${DATE} "+%d") YEAR=$(${DATE} "+%Y") -NOWJULIAN=$(date2julian ${MONTH#0} ${DAY#0} ${YEAR}) +NOWJULIAN=$(date2julian "${MONTH#0}" "${DAY#0}" "${YEAR}") ### Touch the files prior to using them -if [ ! -z "${CERT_TMP}" ] && [ ! -z "${ERROR_TMP}" ] -then - touch ${CERT_TMP} ${ERROR_TMP} +if [ -n "${CERT_TMP}" ] && [ -n "${ERROR_TMP}" ]; then + touch "${CERT_TMP}" "${ERROR_TMP}" else echo "ERROR: Problem creating temporary files" echo "FIX: Check that mktemp works on your system" @@ -891,72 +890,52 @@ fi ### If a HOST and PORT were passed on the cmdline, use those values -if [ "${HOST}" != "" ] && [ "${PORT}" != "" ] -then +if [ "${HOST}" != "" ] && [ "${PORT}" != "" ]; then print_heading check_server_status "${HOST}" "${PORT}" print_summary - ### If a file is passed to the "-f" option on the command line, check ### each certificate or server / port combination in the file to see if ### they are about to expire -elif [ -f "${SERVERFILE}" ] -then +elif [ -f "${SERVERFILE}" ]; then print_heading IFS=$'\n' - for LINE in `egrep -v '(^#|^$)' ${SERVERFILE}` + for LINE in $(grep -E -v '(^#|^$)' "${SERVERFILE}") do HOST=${LINE%% *} PORT=${LINE#* } IFS=" " - if [ "$PORT" = "FILE" ] - then - check_file_status ${HOST} "FILE" "${HOST}" + if [ "$PORT" = "FILE" ]; then + check_file_status "${HOST}" "FILE" "${HOST}" else check_server_status "${HOST}" "${PORT}" fi done - IFS=${OLDIFS} + IFS="${OLDIFS}" print_summary - ### Check to see if the certificate in CERTFILE is about to expire -elif [ "${CERTFILE}" != "" ] -then +elif [ "${CERTFILE}" != "" ]; then print_heading - check_file_status ${CERTFILE} "FILE" "${CERTFILE}" + check_file_status "${CERTFILE}" "FILE" "${CERTFILE}" print_summary ### Check to see if the certificates in CERTDIRECTORY are about to expire -elif [ "${CERTDIRECTORY}" != "" ] && (${FIND} -L ${CERTDIRECTORY} -type f > /dev/null 2>&1) -then +elif [ "${CERTDIRECTORY}" != "" ] && ("${FIND}" -L "${CERTDIRECTORY}" -type f > /dev/null 2>&1); then print_heading - for FILE in `${FIND} -L ${CERTDIRECTORY} -type f`; do - check_file_status ${FILE} "FILE" "${FILE}" + for FILE in $("${FIND}" -L "${CERTDIRECTORY}" -type f); do + check_file_status "${FILE}" "FILE" "${FILE}" done print_summary - ### There was an error, so print a detailed usage message and exit else usage exit 1 fi -### Remove the temporary files -if [ $DEBUG == 1 ] -then - echo "DEBUG: Certificate temporary file:" - cat ${CERT_TMP} - echo "DEBUG: Runtime information file:" - cat ${ERROR_TMP} -fi - -rm -f ${CERT_TMP} ${ERROR_TMP} - ### Exit with a success indicator -if [ "${NAGIOS}" = "TRUE" ] -then - exit $RETCODE +if [ "${NAGIOS}" = "TRUE" ]; then + exit "${RETCODE}" else exit 0 fi