sensu-plugins-ssl 0.0.2 → 0.0.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: f00434c01a6e65a2eac3954e28a4a7dfbebd210b
-  data.tar.gz: 43cb6a89427c06bd5da5fda961249c721b88c3d1
+  metadata.gz: 0f040aafc87de1f65391477a94d538b6b1eb092a
+  data.tar.gz: 1f0495d7f39901e734f3cdfab8d87d8367fc05e3
 SHA512:
-  metadata.gz: 8afe68c0b4a6f66285b5bf27b79f3d49a5eb9931af2d1bd8ce558c66e65920cd510e0f1e5e9f6f3255756c43376bb7b24e95b692b1906d8e0891991f408d146b
-  data.tar.gz: 50baf326ef642fcbf26d86fc1f0fee92e8fef9ebcc88920bd708ae3bb72bd4c12050863ba8cb1e3b798a9f4562fc6c636a6a79a97a45f42e1557e710ea4eb7e5
+  metadata.gz: 87bc51918187180eabf304b2de2a3eefdf7169859217fd0b364012d662795746fefbd901b788eebb8d2c3c83e1072f8a7369ef9c499ec696880782d216fe6bc1
+  data.tar.gz: 68bff0cb1676c16348487d25f4e4b8dc965418e950d6af89e989753af13aacaf5216a04137d4f1e9c00b12f82d423650400148a53c8d8a03e66a009fc7fba521

data.tar.gz.sig

@@ -1,2 +1 @@
-�j�\�|�q����8v�ŧ���ǒQ��	��1mT`We��ʂ~wo�^�
�V��щ����H�Ĕ���i��ur:g�n��H�5�d�i���?Y�X�����Sm�a�$�[�3�2�������ܱ��9����Lm��V#�����[5��sp��?����
-�7f�����P{Ϲ�����EUSMҹ��b'5�����
+��Ƙ���t]���/��ݗd�kgݕ�k=�qJ����u�d��i����<��ĉ��S�9�7�q��W�v������<����P�q��Se%�L��h����O�F(N@�`2�H�+d�����up`�_ w���x�"m��2�lw�D\�<p'����?	O��[��IyIf^F֋����@vq�����&����ͥ��ե)���ߎ�m^�/���ӣ�Ma���G1[�2D��2aj�:a��̿�!��<

data/CHANGELOG.md

@@ -3,10 +3,13 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 
 This CHANGELOG follows the format listed at [Keep A Changelog](http://keepachangelog.com/)
 
-## Unreleased][unreleased]
+## [Unreleased][unreleased]
 
-## [0.0.2] - 2015-06-03
+## [0.0.3] - 2015-06-18
+### Added
+- plugin to test SSL using the [Qualys SSL Test API](https://www.ssllabs.com/ssltest/)
 
+## [0.0.2] - 2015-06-03
 ### Fixed
 - added binstubs
 
@@ -14,6 +17,5 @@ This CHANGELOG follows the format listed at [Keep A Changelog](http://keepachang
 - removed cruft from /lib
 
 ## 0.0.1 - 2015-05-21
-
 ### Added
 - initial release

data/README.md

@@ -12,6 +12,7 @@
 ## Files
  * bin/check-ssl-cert.rb
  * bin/check-ssl-host.rb
+ * bin/check-ssl-qualys.rb
 
 ## Usage
 

data/bin/check-ssl-qualys.rb

@@ -0,0 +1,132 @@
+#!/usr/bin/env ruby
+# encoding: UTF-8
+#  check-ssl-qualys.rb
+#
+# DESCRIPTION:
+#   Runs a report using the Qualys SSL Labs API and then alerts if a
+#   domiain does not meet the grade specified for *ALL* hosts that are
+#   reachable from that domian.
+#
+#   The checks that are performed are documented on
+#   https://www.ssllabs.com/index.html as are the range of grades.
+#
+# OUTPUT:
+#   plain text
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: sensu-plugin
+#   gem: rest-client
+#   gem: json
+#
+# USAGE:
+#   # Basic usage
+#   check-ssl-qualys.rb -d <domain_name>
+#   # Specify the CRITICAL and WARNING grades to a specific grade
+#   check-ssl-qualys.rb -h <hostmame> -c <critical_grade> -w <warning_grade>
+#   # Use --api-url to specify an alternate api host
+#   check-ssl-qualys.rb -d <domain_name> -api-url <alternate_host>
+#
+# LICENSE:
+#   Copyright 2015 William Cooke <will@bruisyard.eu>
+#   Released under the same terms as Sensu (the MIT license); see LICENSE for
+#   details.
+#
+
+require 'rubygems' if RUBY_VERSION < '1.9.0'
+require 'sensu-plugin/check/cli'
+require 'rest-client'
+require 'json'
+
+# Checks a single DNS entry has a rating above a certain level
+class CheckSSLQualys < Sensu::Plugin::Check::CLI
+  # Current grades that are avaialble from the API
+  GRADE_OPTIONS = ['A+', 'A', 'A-', 'B', 'C', 'D', 'E', 'F', 'T', 'M']
+
+  option :domain,
+         description: 'The domain to run the test against',
+         short: '-d DOMAIN',
+         long: '--domain DOMAIN',
+         required: true
+
+  option :api_url,
+         description: 'The URL of the API to run against',
+         long: '--api-url URL',
+         default: 'https://api.ssllabs.com/api/v2/'
+
+  option :warn,
+         short: '-w GRADE',
+         long: '--warn GRADE',
+         description: 'WARNING if below this grade',
+         proc: proc { |g| GRADE_OPTIONS.index(g) },
+         default: 2 # 'A-'
+
+  option :critical,
+         short: '-c GRADE',
+         long: '--critical GRADE',
+         description: 'CRITICAL if below this grade',
+         proc: proc { |g| GRADE_OPTIONS.index(g) },
+         default: 3 # 'B'
+
+  option :num_checks,
+         short: '-n NUM_CHECKS',
+         long: '--number-checks NUM_CHECKS',
+         description: 'The number of checks to make before giving up',
+         proc: proc { |t| t.to_i },
+         default: 24
+
+  option :between_checks,
+         short: '-t SECONDS',
+         long: '--time-between SECONDS',
+         description: 'The time between each poll of the API',
+         proc: proc { |t| t.to_i },
+         default: 10
+
+  def ssl_api_request(fromCache)
+    params = { host: config[:domain] }
+    params.merge!(startNew: 'on') unless fromCache
+    r = RestClient.get("#{config[:api_url]}analyze", params: params)
+    warning "HTTP#{r.code} recieved from API" unless r.code == 200
+    JSON.parse(r.body)
+  end
+
+  def ssl_check(fromCache)
+    json = ssl_api_request(fromCache)
+    warning "ERROR on #{config[:domain]} check" if json['status'] == 'ERROR'
+    json
+  end
+
+  def ssl_recheck
+    1.upto(config[:num_checks]) do |step|
+      json = ssl_check(step != 1)
+      return json if json['status'] == 'READY'
+      sleep(config[:between_checks])
+    end
+    warning 'Timeout waiting for check to finish'
+  end
+
+  def ssl_grades
+    ssl_recheck['endpoints'].map do |endpoint|
+      endpoint['grade']
+    end
+  end
+
+  def lowest_grade
+    ssl_grades.sort_by! { |g| GRADE_OPTIONS.index(g) } .reverse![0]
+  end
+
+  def run
+    grade = lowest_grade
+    message "#{config[:domain]} rated #{grade}"
+    grade_rank = GRADE_OPTIONS.index(grade)
+    if grade_rank > config[:critical]
+      critical
+    elsif grade_rank > config[:warn]
+      warning
+    else
+      ok
+    end
+  end
+end

data/lib/sensu-plugins-ssl/version.rb

@@ -2,7 +2,7 @@ module SensuPluginsSSL
   module Version
     MAJOR = 0
     MINOR = 0
-    PATCH = 2
+    PATCH = 3
 
     VER_STRING = [MAJOR, MINOR, PATCH].compact.join('.')
   end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: sensu-plugins-ssl
 version: !ruby/object:Gem::Version
-  version: 0.0.2
+  version: 0.0.3
 platform: ruby
 authors:
 - Sensu-Plugins and contributors
@@ -30,7 +30,7 @@ cert_chain:
   8sHuVruarogxxKPBzlL2is4EUb6oN/RdpGx2l4254+nyR+abg//Ed27Ym0PkB4lk
   HP0m8WSjZmFr109pE/sVsM5jtOCvogyujQOjNVGN4gz1wwPr
   -----END CERTIFICATE-----
-date: 2015-06-04 00:00:00.000000000 Z
+date: 2015-06-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sensu-plugin
@@ -64,14 +64,14 @@ dependencies:
   name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - '='
       - !ruby/object:Gem::Version
         version: '0.30'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - '='
       - !ruby/object:Gem::Version
         version: '0.30'
 - !ruby/object:Gem::Dependency
@@ -175,6 +175,7 @@ dependencies:
 description: Sensu plugins for SSL
 email: "<sensu-users@googlegroups.com>"
 executables:
+- check-ssl-qualys.rb
 - check-ssl-host.rb
 - check-ssl-cert.rb
 extensions: []
@@ -185,6 +186,7 @@ files:
 - README.md
 - bin/check-ssl-cert.rb
 - bin/check-ssl-host.rb
+- bin/check-ssl-qualys.rb
 - lib/sensu-plugins-ssl.rb
 - lib/sensu-plugins-ssl/version.rb
 homepage: https://github.com/sensu-plugins/sensu-plugins-ssl