openvpn_cert_nagios 0.0.2

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 1b4406c75272d6dfc8b2b4725428ca78c310c296
+  data.tar.gz: f11365712aed9ca2c4a368a3755d99677d36c5e8
+SHA512:
+  metadata.gz: ecfd59b19ed28743f53dd4967fb920d9734887696ffed4da0a6616d70bdf1694f54aa36fad92f1a892607f576a442a60b819fa1cb528d6cfeca64f088f538d35
+  data.tar.gz: d37a84b9681b3bf0f3d90bf17423f3e0c04d8a9a40f470251394cc5a764464c8a3c92fefc1b59888c1f046ee05aa18364d6810372438f2aa288f68906d70cb1c

data/bin/check_open_vpn_cert

@@ -0,0 +1,12 @@
+#!/usr/bin/env ruby
+
+begin
+  require 'openvpn_cert_nagios'
+rescue LoadError
+  require 'rubygems'
+  root = File.dirname(File.dirname(__FILE__))
+  $: << (File.expand_path 'lib', root)
+  require 'openvpn_cert_nagios'
+end
+
+CertCheck.new.run

data/lib/openvpn_cert_nagios.rb

@@ -0,0 +1 @@
+require "openvpn_cert_nagios/base"

data/lib/openvpn_cert_nagios/base.rb

@@ -0,0 +1,8 @@
+require "nagios_check"
+require 'open3'
+require 'date'
+
+require "openvpn_cert_nagios/version"
+require "openvpn_cert_nagios/shell"
+require "openvpn_cert_nagios/certs"
+require "openvpn_cert_nagios/check"

data/lib/openvpn_cert_nagios/certs.rb

@@ -0,0 +1,32 @@
+class CertCheck
+  class Cert
+    def initialize(path)
+      @path = path
+    end
+    attr_reader :path
+
+    def expires_in
+      expiration_date - Date.today
+    end
+
+    def message
+      "%4d:%s" % [expires_in, name]
+    end
+
+    def name
+      File.basename(path, ".crt")
+    end
+
+    def expiration_date
+      Date.parse(expiration_row.split("=", 2)[1])
+    end
+
+    def expiration_row
+      chk_command.find { |x| x =~ /^notAfter=/ }
+    end
+
+    def chk_command
+      Shell.exe("openssl x509 -in #{path} -inform PEM -text -noout -enddate -startdate")
+    end
+  end
+end

data/lib/openvpn_cert_nagios/check.rb

@@ -0,0 +1,31 @@
+class CertCheck
+  include NagiosCheck
+
+  enable_warning :mandatory
+  enable_critical :mandatory
+
+  on "--path PATH", "-P PATH", String, :mandatory
+
+  enable_timeout
+
+  def check
+
+    result = certs.reduce({days: 9999, message: []}) do |memo, file|
+      cert = Cert.new(file)
+      memo[:message] << cert.message
+      memo[:days] = [cert.expires_in, memo[:days]].min
+      memo
+    end
+
+    store_value :expires, result[:days]
+    store_message result[:message].sort.join(",").delete(' ')
+  end
+
+  def certs
+    @certs ||= Dir.new(options.path)
+      .entries
+      .find_all{ |f| f =~ /.*\.crt$/ }
+      .map { |f| "#{ options.path }/#{ f }" }
+  end
+
+end

data/lib/openvpn_cert_nagios/shell.rb

@@ -0,0 +1,19 @@
+class CertCheck
+  ##
+  # Execute shell commands. Simple popen3 wrapper, that returns either
+  # STDOUT or exit status, and aborts on non zero status.
+  #
+  class Shell
+    def self.exe(cmd)
+
+      Open3.popen3({"PATH" => "/usr/bin:/bin:/usr/sbin:/sbin"}, cmd) do |stdin, stdout, stderr, process|
+
+        stdin.close
+        raise "#{cmd} FAILED: #{stderr.read} #{ stdout.read }" if process.value != 0
+        stdout.readlines
+
+      end
+    end
+  end
+
+end

data/lib/openvpn_cert_nagios/version.rb

@@ -0,0 +1,3 @@
+class CertCheck
+  VERSION = "0.0.2"
+end

metadata

@@ -0,0 +1,98 @@
+--- !ruby/object:Gem::Specification
+name: openvpn_cert_nagios
+version: !ruby/object:Gem::Version
+  version: 0.0.2
+platform: ruby
+authors:
+- Dmytro Kovalov
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-01-10 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: nagios_check
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.10'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.10'
+- !ruby/object:Gem::Dependency
+  name: yard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.8'
+description: |2+
+
+  For every certificate in EasyRSA directory check expiration date and issue warning or critial warning alert.
+
+email: dmytro.kovalov@gmail.com
+executables:
+- check_open_vpn_cert
+extensions: []
+extra_rdoc_files: []
+files:
+- bin/check_open_vpn_cert
+- lib/openvpn_cert_nagios.rb
+- lib/openvpn_cert_nagios/base.rb
+- lib/openvpn_cert_nagios/certs.rb
+- lib/openvpn_cert_nagios/check.rb
+- lib/openvpn_cert_nagios/shell.rb
+- lib/openvpn_cert_nagios/version.rb
+homepage: http://dmytro.github.com/
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: 2.0.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: Check expiration date of the OpenVPN certs
+test_files: []
+has_rdoc: