Compare commits
No commits in common. "b8a0a4abbdfe5e10fb1c33c616508c540af5f13c" and "df2a25a87667ba3ee846cd81cbdb774e9ff333f0" have entirely different histories.
b8a0a4abbd
...
df2a25a876
4 changed files with 19 additions and 72 deletions
|
|
@ -4,5 +4,5 @@ A check script for icinga2 to check for the expiration of GPG keys (local or onl
|
||||||
|
|
||||||
Check gpg expiration date. Arguments:
|
Check gpg expiration date. Arguments:
|
||||||
--url URL: Where to find the GPG key. Path to a local file or an URL to download from.
|
--url URL: Where to find the GPG key. Path to a local file or an URL to download from.
|
||||||
--warning DAYS: Warning threshold (integer in days)
|
--warn DAYS: Warning threshold (integer in days)
|
||||||
--critical DAYS: Critical threshold (integer in days)
|
--crit DAYS: Critical threshold (integer in days)
|
||||||
|
|
|
||||||
|
|
@ -2,19 +2,6 @@
|
||||||
|
|
||||||
function echoerr { echo "$@" 1>&2; }
|
function echoerr { echo "$@" 1>&2; }
|
||||||
|
|
||||||
function cleanup {
|
|
||||||
if [ -n "$TMPFILE" -a -f "$TMPFILE" ]; then
|
|
||||||
rm -f "$TMPFILE"
|
|
||||||
fi
|
|
||||||
if [ -n "$TMPFILE2" -a -f "$TMPFILE2" ]; then
|
|
||||||
rm -f "$TMPFILE2"
|
|
||||||
fi
|
|
||||||
if [ -n "$TMPDIR" -a -d "$TMPDIR" ]; then
|
|
||||||
rm -rf "$TMPDIR"
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
trap 'cleanup' EXIT
|
|
||||||
|
|
||||||
function checkEnvironment {
|
function checkEnvironment {
|
||||||
### Check the environment ###
|
### Check the environment ###
|
||||||
if ! which gpg 2>&1 >/dev/null; then
|
if ! which gpg 2>&1 >/dev/null; then
|
||||||
|
|
@ -25,11 +12,7 @@ function checkEnvironment {
|
||||||
# Command to download a file
|
# Command to download a file
|
||||||
DOWNLOAD=""
|
DOWNLOAD=""
|
||||||
if which curl 2>&1 >/dev/null; then
|
if which curl 2>&1 >/dev/null; then
|
||||||
if $DEBUG; then
|
|
||||||
DOWNLOAD="curl -o "
|
|
||||||
else
|
|
||||||
DOWNLOAD="curl -s -o "
|
DOWNLOAD="curl -s -o "
|
||||||
fi
|
|
||||||
elif which wget 2>&1 >/dev/null; then
|
elif which wget 2>&1 >/dev/null; then
|
||||||
DOWNLOAD="wget -o /dev/null -O "
|
DOWNLOAD="wget -o /dev/null -O "
|
||||||
else
|
else
|
||||||
|
|
@ -38,8 +21,6 @@ function checkEnvironment {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Command to get information about all subkeys
|
# Command to get information about all subkeys
|
||||||
TMPDIR=$(mktemp -d) || exit 3
|
|
||||||
export GNUPGHOME=$TMPDIR # don't create ~/.gnupg directory
|
|
||||||
GPG_SHOW="gpg --with-colon --fixed-list-mode --show-keys"
|
GPG_SHOW="gpg --with-colon --fixed-list-mode --show-keys"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -55,15 +36,15 @@ function parseArguments {
|
||||||
CRIT=2 # days
|
CRIT=2 # days
|
||||||
while [[ $# -gt 0 ]]; do
|
while [[ $# -gt 0 ]]; do
|
||||||
case $1 in
|
case $1 in
|
||||||
-u|--url|--file) URL="$2"; shift;;
|
-u|--url) URL="$2"; shift;;
|
||||||
-w|--warn|--warning) WARN=$2; shift;;
|
-w|--warn) WARN=$2; shift;;
|
||||||
-c|--crit|--critical) CRIT=$2; shift;;
|
-c|--crit) CRIT=$2; shift;;
|
||||||
-d|--debug) DEBUG=true;;
|
-d|--debug) DEBUG=true;;
|
||||||
-?|--help)
|
-?|--help)
|
||||||
echo "Check gpg expiration date. Arguments:"
|
echo "Check gpg expiration date. Arguments:"
|
||||||
echo "--url URL: Where to find the GPG key (URL or path to file)"
|
echo "--url URL: Where to find the GPG key"
|
||||||
echo "--warning DAYS: Warning threshold (integer in days)"
|
echo "--warn DAYS: Warning threshold (integer in days)"
|
||||||
echo "--critical DAYS: Critical threshold (integer in days)"
|
echo "--crit DAYS: Critical threshold (integer in days)"
|
||||||
exit 0
|
exit 0
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
|
|
@ -164,7 +145,7 @@ function metrics {
|
||||||
local expirationDate=$2
|
local expirationDate=$2
|
||||||
local remaining_s=$3
|
local remaining_s=$3
|
||||||
|
|
||||||
METRICS="${METRICS}'$key expiration date: $(date '+%Y-%m-%dT%H:%M:%S' --date @$expirationDate)'=0 "
|
METRICS="${METRICS}'$key expiration date'=$(date '+%Y-%m-%dT%H:%M:%S' --date @$expirationDate) "
|
||||||
METRICS="${METRICS}'$key remaining'=${remaining_s}s;${WARN_s}s;${CRIT_s}s "
|
METRICS="${METRICS}'$key remaining'=${remaining_s}s;${WARN_s}s;${CRIT_s}s "
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -198,26 +179,26 @@ function getAndParseKey {
|
||||||
|
|
||||||
# for appropriate error handling we cannot use pipes (at least I don't know how to)
|
# for appropriate error handling we cannot use pipes (at least I don't know how to)
|
||||||
TMPFILE=$(mktemp) || exit 3
|
TMPFILE=$(mktemp) || exit 3
|
||||||
|
#trap 'rm -f "$TMPFILE"' RETURN
|
||||||
|
#trap 'rm -f "$TMPFILE"' EXIT
|
||||||
|
|
||||||
# If the URL is a local path, use it as input to GPG_SHOW
|
# If the URL is a local path, use it as input to GPG_SHOW
|
||||||
if [ ! -f "$URL" ]; then
|
if [ ! -f "$URL" ]; then
|
||||||
TMPFILE2=$(mktemp) || exit 3
|
log "Downloading $URL"
|
||||||
log "Downloading $URL to $TMPFILE2: $DOWNLOAD \"$TMPFILE2\" \"$URL\""
|
$DOWNLOAD "$TMPFILE" "$URL"
|
||||||
$DOWNLOAD "$TMPFILE2" "$URL"
|
|
||||||
exit=$?
|
exit=$?
|
||||||
if [ $exit -ne 0 ]; then
|
if [ $exit -ne 0 ]; then
|
||||||
echo "ERROR - Downloading failed with $exit"
|
echo "ERROR - Downloading failed with $exit"
|
||||||
exit 3
|
exit 3
|
||||||
fi
|
fi
|
||||||
infile="$TMPFILE2"
|
infile="$TMPFILE"
|
||||||
else
|
else
|
||||||
log "Using local file $URL"
|
log "Using local file $URL"
|
||||||
infile="$URL"
|
infile="$URL"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Process with GPG
|
# Process with GPG
|
||||||
log "Processing $infile: cat \"$infile\" | $GPG_SHOW > \"$TMPFILE\""
|
cat "$infile" | $GPG_SHOW > "$TMPFILE"
|
||||||
cat "$infile" | $GPG_SHOW > "$TMPFILE" 2> /dev/null
|
|
||||||
exit=$?
|
exit=$?
|
||||||
if [ $exit -ne 0 ]; then
|
if [ $exit -ne 0 ]; then
|
||||||
echo "ERROR - gpg failed with $exit"
|
echo "ERROR - gpg failed with $exit"
|
||||||
|
|
@ -228,10 +209,7 @@ function getAndParseKey {
|
||||||
parseLine "$line"
|
parseLine "$line"
|
||||||
done < "$TMPFILE"
|
done < "$TMPFILE"
|
||||||
|
|
||||||
rm -f "$TMPFILE" && TMPFILE=""
|
trap - EXIT
|
||||||
if [ -n "$TMPFILE2" ]; then
|
|
||||||
rm -f "$TMPFILE2" && TMPFILE2=""
|
|
||||||
fi
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -250,8 +228,8 @@ function printResult {
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
parseArguments "$@"
|
|
||||||
checkEnvironment
|
checkEnvironment
|
||||||
|
parseArguments "$@"
|
||||||
getAndParseKey
|
getAndParseKey
|
||||||
printResult
|
printResult
|
||||||
exit $RESULT
|
exit $RESULT
|
||||||
|
|
|
||||||
|
|
@ -1,12 +0,0 @@
|
||||||
object CheckCommand "gpg-key-expiration" {
|
|
||||||
import "plugin-check-command"
|
|
||||||
|
|
||||||
command = [ "/home/nagios/check_gpg_key_expiration.sh/check_gpg_key_expiration.sh" ]
|
|
||||||
|
|
||||||
arguments = {
|
|
||||||
"--warning" = "$check_gpg_key_expiration_warn$"
|
|
||||||
"--critical" = "$check_gpg_key_expiration_crit$"
|
|
||||||
"--url" = "$check_gpg_key_expiration_url$"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
@ -1,19 +0,0 @@
|
||||||
apply Service "gpg-key " for (key => config in host.vars["gpg-key-expiration"]) {
|
|
||||||
import "generic-service"
|
|
||||||
|
|
||||||
check_command = "gpg-key-expiration"
|
|
||||||
check_interval = 1d
|
|
||||||
retry_interval = 4h
|
|
||||||
vars.notification_interval = 1d
|
|
||||||
|
|
||||||
vars.check_gpg_key_expiration_url = key
|
|
||||||
|
|
||||||
for (k => v in config) {
|
|
||||||
if (match("_*", k)) {
|
|
||||||
vars[k.substr(1)] = v
|
|
||||||
} else {
|
|
||||||
vars["check_gpg_key_expiration_" + k] = v
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
Loading…
Reference in a new issue