Jonny007-MKD/check_gpg_key_expiration.sh
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Fix some bugs (especially processing a downloaded file)

Browse source
This commit is contained in:
Jonny007-MKD 2022-03-06 22:19:20 +01:00
parent df2a25a876
commit 597e47bb82
2 changed files with 41 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
README.md
View file

@ -4,5 +4,5 @@ A check script for icinga2 to check for the expiration of GPG keys (local or onl
Check gpg expiration date. Arguments: Check gpg expiration date. Arguments:
--url URL: Where to find the GPG key. Path to a local file or an URL to download from. --url URL: Where to find the GPG key. Path to a local file or an URL to download from.
--warn DAYS: Warning threshold (integer in days) --warning DAYS: Warning threshold (integer in days)
--crit DAYS: Critical threshold (integer in days) --critical DAYS: Critical threshold (integer in days)

52
check_gpg_key_expiration.sh
View file

@ -2,6 +2,19 @@
function echoerr { echo "$@" 1>&2; } function echoerr { echo "$@" 1>&2; }
function cleanup {
if [ -n "$TMPFILE" -a -f "$TMPFILE" ]; then
rm -f "$TMPFILE"
fi
if [ -n "$TMPFILE2" -a -f "$TMPFILE2" ]; then
rm -f "$TMPFILE2"
fi
if [ -n "$TMPDIR" -a -d "$TMPDIR" ]; then
rm -rf "$TMPDIR"
fi
}
trap 'cleanup' EXIT
function checkEnvironment { function checkEnvironment {
### Check the environment ### ### Check the environment ###
if ! which gpg 2>&1 >/dev/null; then if ! which gpg 2>&1 >/dev/null; then
@ -12,7 +25,11 @@ function checkEnvironment {
# Command to download a file # Command to download a file
DOWNLOAD="" DOWNLOAD=""
if which curl 2>&1 >/dev/null; then if which curl 2>&1 >/dev/null; then
if $DEBUG; then
DOWNLOAD="curl -o "
else
DOWNLOAD="curl -s -o " DOWNLOAD="curl -s -o "
fi
elif which wget 2>&1 >/dev/null; then elif which wget 2>&1 >/dev/null; then
DOWNLOAD="wget -o /dev/null -O " DOWNLOAD="wget -o /dev/null -O "
else else
@ -21,6 +38,8 @@ function checkEnvironment {
fi fi
# Command to get information about all subkeys # Command to get information about all subkeys
TMPDIR=$(mktemp -d) || exit 3
export GNUPGHOME=$TMPDIR # don't create ~/.gnupg directory
GPG_SHOW="gpg --with-colon --fixed-list-mode --show-keys" GPG_SHOW="gpg --with-colon --fixed-list-mode --show-keys"
} }
@ -36,15 +55,15 @@ function parseArguments {
CRIT=2 # days CRIT=2 # days
while [[ $# -gt 0 ]]; do while [[ $# -gt 0 ]]; do
case $1 in case $1 in
-u|--url) URL="$2"; shift;; -u|--url|--file) URL="$2"; shift;;
-w|--warn) WARN=$2; shift;; -w|--warn|--warning) WARN=$2; shift;;
-c|--crit) CRIT=$2; shift;; -c|--crit|--critical) CRIT=$2; shift;;
-d|--debug) DEBUG=true;; -d|--debug) DEBUG=true;;
-?|--help) -?|--help)
echo "Check gpg expiration date. Arguments:" echo "Check gpg expiration date. Arguments:"
echo "--url URL: Where to find the GPG key" echo "--url URL: Where to find the GPG key (URL or path to file)"
echo "--warn DAYS: Warning threshold (integer in days)" echo "--warning DAYS: Warning threshold (integer in days)"
echo "--crit DAYS: Critical threshold (integer in days)" echo "--critical DAYS: Critical threshold (integer in days)"
exit 0 exit 0
;; ;;
*) *)
@ -145,7 +164,7 @@ function metrics {
local expirationDate=$2 local expirationDate=$2
local remaining_s=$3 local remaining_s=$3
METRICS="${METRICS}'$key expiration date'=$(date '+%Y-%m-%dT%H:%M:%S' --date @$expirationDate) " METRICS="${METRICS}'$key expiration date: $(date '+%Y-%m-%dT%H:%M:%S' --date @$expirationDate)'=0 "
METRICS="${METRICS}'$key remaining'=${remaining_s}s;${WARN_s}s;${CRIT_s}s " METRICS="${METRICS}'$key remaining'=${remaining_s}s;${WARN_s}s;${CRIT_s}s "
} }
@ -179,26 +198,26 @@ function getAndParseKey {
# for appropriate error handling we cannot use pipes (at least I don't know how to) # for appropriate error handling we cannot use pipes (at least I don't know how to)
TMPFILE=$(mktemp) || exit 3 TMPFILE=$(mktemp) || exit 3
#trap 'rm -f "$TMPFILE"' RETURN
#trap 'rm -f "$TMPFILE"' EXIT
# If the URL is a local path, use it as input to GPG_SHOW # If the URL is a local path, use it as input to GPG_SHOW
if [ ! -f "$URL" ]; then if [ ! -f "$URL" ]; then
log "Downloading $URL" TMPFILE2=$(mktemp) || exit 3
$DOWNLOAD "$TMPFILE" "$URL" log "Downloading $URL to $TMPFILE2: $DOWNLOAD \"$TMPFILE2\" \"$URL\""
$DOWNLOAD "$TMPFILE2" "$URL"
exit=$? exit=$?
if [ $exit -ne 0 ]; then if [ $exit -ne 0 ]; then
echo "ERROR - Downloading failed with $exit" echo "ERROR - Downloading failed with $exit"
exit 3 exit 3
fi fi
infile="$TMPFILE" infile="$TMPFILE2"
else else
log "Using local file $URL" log "Using local file $URL"
infile="$URL" infile="$URL"
fi fi
# Process with GPG # Process with GPG
cat "$infile" | $GPG_SHOW > "$TMPFILE" log "Processing $infile: cat \"$infile\" | $GPG_SHOW > \"$TMPFILE\""
cat "$infile" | $GPG_SHOW > "$TMPFILE" 2> /dev/null
exit=$? exit=$?
if [ $exit -ne 0 ]; then if [ $exit -ne 0 ]; then
echo "ERROR - gpg failed with $exit" echo "ERROR - gpg failed with $exit"
@ -209,7 +228,10 @@ function getAndParseKey {
parseLine "$line" parseLine "$line"
done < "$TMPFILE" done < "$TMPFILE"
trap - EXIT rm -f "$TMPFILE" && TMPFILE=""
if [ -n "$TMPFILE2" ]; then
rm -f "$TMPFILE2" && TMPFILE2=""
fi
} }
@ -228,8 +250,8 @@ function printResult {
checkEnvironment
parseArguments "$@" parseArguments "$@"
checkEnvironment
getAndParseKey getAndParseKey
printResult printResult
exit $RESULT exit $RESULT