sensu-plugins-ssl 0.0.2 → 0.0.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +1 -2
- data/CHANGELOG.md +5 -3
- data/README.md +1 -0
- data/bin/check-ssl-qualys.rb +132 -0
- data/lib/sensu-plugins-ssl/version.rb +1 -1
- metadata +6 -4
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0f040aafc87de1f65391477a94d538b6b1eb092a
|
4
|
+
data.tar.gz: 1f0495d7f39901e734f3cdfab8d87d8367fc05e3
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 87bc51918187180eabf304b2de2a3eefdf7169859217fd0b364012d662795746fefbd901b788eebb8d2c3c83e1072f8a7369ef9c499ec696880782d216fe6bc1
|
7
|
+
data.tar.gz: 68bff0cb1676c16348487d25f4e4b8dc965418e950d6af89e989753af13aacaf5216a04137d4f1e9c00b12f82d423650400148a53c8d8a03e66a009fc7fba521
|
checksums.yaml.gz.sig
CHANGED
Binary file
|
data.tar.gz.sig
CHANGED
@@ -1,2 +1 @@
|
|
1
|
-
�
|
2
|
-
�7f�����P{Ϲ�����EUSMҹ��b'5�����
|
1
|
+
��Ƙ���t]���/��ݗd�kgݕ�k=�qJ����u�d��i����<��ĉ��S�9�7�q��W�v������<����P�q��Se%�L��h����O�F(N@�`2�H�+d�����up`�_ w���x�"m��2�lw�D\�<p'����? O��[��IyIf^F����@vq�����&����ͥ��ե)���ߎ�m^�/���ӣ�Ma���G1[�2D��2aj�:a��̿�!��<
|
data/CHANGELOG.md
CHANGED
@@ -3,10 +3,13 @@ This project adheres to [Semantic Versioning](http://semver.org/).
|
|
3
3
|
|
4
4
|
This CHANGELOG follows the format listed at [Keep A Changelog](http://keepachangelog.com/)
|
5
5
|
|
6
|
-
## Unreleased][unreleased]
|
6
|
+
## [Unreleased][unreleased]
|
7
7
|
|
8
|
-
## [0.0.
|
8
|
+
## [0.0.3] - 2015-06-18
|
9
|
+
### Added
|
10
|
+
- plugin to test SSL using the [Qualys SSL Test API](https://www.ssllabs.com/ssltest/)
|
9
11
|
|
12
|
+
## [0.0.2] - 2015-06-03
|
10
13
|
### Fixed
|
11
14
|
- added binstubs
|
12
15
|
|
@@ -14,6 +17,5 @@ This CHANGELOG follows the format listed at [Keep A Changelog](http://keepachang
|
|
14
17
|
- removed cruft from /lib
|
15
18
|
|
16
19
|
## 0.0.1 - 2015-05-21
|
17
|
-
|
18
20
|
### Added
|
19
21
|
- initial release
|
data/README.md
CHANGED
@@ -0,0 +1,132 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
# encoding: UTF-8
|
3
|
+
# check-ssl-qualys.rb
|
4
|
+
#
|
5
|
+
# DESCRIPTION:
|
6
|
+
# Runs a report using the Qualys SSL Labs API and then alerts if a
|
7
|
+
# domiain does not meet the grade specified for *ALL* hosts that are
|
8
|
+
# reachable from that domian.
|
9
|
+
#
|
10
|
+
# The checks that are performed are documented on
|
11
|
+
# https://www.ssllabs.com/index.html as are the range of grades.
|
12
|
+
#
|
13
|
+
# OUTPUT:
|
14
|
+
# plain text
|
15
|
+
#
|
16
|
+
# PLATFORMS:
|
17
|
+
# Linux
|
18
|
+
#
|
19
|
+
# DEPENDENCIES:
|
20
|
+
# gem: sensu-plugin
|
21
|
+
# gem: rest-client
|
22
|
+
# gem: json
|
23
|
+
#
|
24
|
+
# USAGE:
|
25
|
+
# # Basic usage
|
26
|
+
# check-ssl-qualys.rb -d <domain_name>
|
27
|
+
# # Specify the CRITICAL and WARNING grades to a specific grade
|
28
|
+
# check-ssl-qualys.rb -h <hostmame> -c <critical_grade> -w <warning_grade>
|
29
|
+
# # Use --api-url to specify an alternate api host
|
30
|
+
# check-ssl-qualys.rb -d <domain_name> -api-url <alternate_host>
|
31
|
+
#
|
32
|
+
# LICENSE:
|
33
|
+
# Copyright 2015 William Cooke <will@bruisyard.eu>
|
34
|
+
# Released under the same terms as Sensu (the MIT license); see LICENSE for
|
35
|
+
# details.
|
36
|
+
#
|
37
|
+
|
38
|
+
require 'rubygems' if RUBY_VERSION < '1.9.0'
|
39
|
+
require 'sensu-plugin/check/cli'
|
40
|
+
require 'rest-client'
|
41
|
+
require 'json'
|
42
|
+
|
43
|
+
# Checks a single DNS entry has a rating above a certain level
|
44
|
+
class CheckSSLQualys < Sensu::Plugin::Check::CLI
|
45
|
+
# Current grades that are avaialble from the API
|
46
|
+
GRADE_OPTIONS = ['A+', 'A', 'A-', 'B', 'C', 'D', 'E', 'F', 'T', 'M']
|
47
|
+
|
48
|
+
option :domain,
|
49
|
+
description: 'The domain to run the test against',
|
50
|
+
short: '-d DOMAIN',
|
51
|
+
long: '--domain DOMAIN',
|
52
|
+
required: true
|
53
|
+
|
54
|
+
option :api_url,
|
55
|
+
description: 'The URL of the API to run against',
|
56
|
+
long: '--api-url URL',
|
57
|
+
default: 'https://api.ssllabs.com/api/v2/'
|
58
|
+
|
59
|
+
option :warn,
|
60
|
+
short: '-w GRADE',
|
61
|
+
long: '--warn GRADE',
|
62
|
+
description: 'WARNING if below this grade',
|
63
|
+
proc: proc { |g| GRADE_OPTIONS.index(g) },
|
64
|
+
default: 2 # 'A-'
|
65
|
+
|
66
|
+
option :critical,
|
67
|
+
short: '-c GRADE',
|
68
|
+
long: '--critical GRADE',
|
69
|
+
description: 'CRITICAL if below this grade',
|
70
|
+
proc: proc { |g| GRADE_OPTIONS.index(g) },
|
71
|
+
default: 3 # 'B'
|
72
|
+
|
73
|
+
option :num_checks,
|
74
|
+
short: '-n NUM_CHECKS',
|
75
|
+
long: '--number-checks NUM_CHECKS',
|
76
|
+
description: 'The number of checks to make before giving up',
|
77
|
+
proc: proc { |t| t.to_i },
|
78
|
+
default: 24
|
79
|
+
|
80
|
+
option :between_checks,
|
81
|
+
short: '-t SECONDS',
|
82
|
+
long: '--time-between SECONDS',
|
83
|
+
description: 'The time between each poll of the API',
|
84
|
+
proc: proc { |t| t.to_i },
|
85
|
+
default: 10
|
86
|
+
|
87
|
+
def ssl_api_request(fromCache)
|
88
|
+
params = { host: config[:domain] }
|
89
|
+
params.merge!(startNew: 'on') unless fromCache
|
90
|
+
r = RestClient.get("#{config[:api_url]}analyze", params: params)
|
91
|
+
warning "HTTP#{r.code} recieved from API" unless r.code == 200
|
92
|
+
JSON.parse(r.body)
|
93
|
+
end
|
94
|
+
|
95
|
+
def ssl_check(fromCache)
|
96
|
+
json = ssl_api_request(fromCache)
|
97
|
+
warning "ERROR on #{config[:domain]} check" if json['status'] == 'ERROR'
|
98
|
+
json
|
99
|
+
end
|
100
|
+
|
101
|
+
def ssl_recheck
|
102
|
+
1.upto(config[:num_checks]) do |step|
|
103
|
+
json = ssl_check(step != 1)
|
104
|
+
return json if json['status'] == 'READY'
|
105
|
+
sleep(config[:between_checks])
|
106
|
+
end
|
107
|
+
warning 'Timeout waiting for check to finish'
|
108
|
+
end
|
109
|
+
|
110
|
+
def ssl_grades
|
111
|
+
ssl_recheck['endpoints'].map do |endpoint|
|
112
|
+
endpoint['grade']
|
113
|
+
end
|
114
|
+
end
|
115
|
+
|
116
|
+
def lowest_grade
|
117
|
+
ssl_grades.sort_by! { |g| GRADE_OPTIONS.index(g) } .reverse![0]
|
118
|
+
end
|
119
|
+
|
120
|
+
def run
|
121
|
+
grade = lowest_grade
|
122
|
+
message "#{config[:domain]} rated #{grade}"
|
123
|
+
grade_rank = GRADE_OPTIONS.index(grade)
|
124
|
+
if grade_rank > config[:critical]
|
125
|
+
critical
|
126
|
+
elsif grade_rank > config[:warn]
|
127
|
+
warning
|
128
|
+
else
|
129
|
+
ok
|
130
|
+
end
|
131
|
+
end
|
132
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: sensu-plugins-ssl
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sensu-Plugins and contributors
|
@@ -30,7 +30,7 @@ cert_chain:
|
|
30
30
|
8sHuVruarogxxKPBzlL2is4EUb6oN/RdpGx2l4254+nyR+abg//Ed27Ym0PkB4lk
|
31
31
|
HP0m8WSjZmFr109pE/sVsM5jtOCvogyujQOjNVGN4gz1wwPr
|
32
32
|
-----END CERTIFICATE-----
|
33
|
-
date: 2015-06-
|
33
|
+
date: 2015-06-18 00:00:00.000000000 Z
|
34
34
|
dependencies:
|
35
35
|
- !ruby/object:Gem::Dependency
|
36
36
|
name: sensu-plugin
|
@@ -64,14 +64,14 @@ dependencies:
|
|
64
64
|
name: rubocop
|
65
65
|
requirement: !ruby/object:Gem::Requirement
|
66
66
|
requirements:
|
67
|
-
- -
|
67
|
+
- - '='
|
68
68
|
- !ruby/object:Gem::Version
|
69
69
|
version: '0.30'
|
70
70
|
type: :development
|
71
71
|
prerelease: false
|
72
72
|
version_requirements: !ruby/object:Gem::Requirement
|
73
73
|
requirements:
|
74
|
-
- -
|
74
|
+
- - '='
|
75
75
|
- !ruby/object:Gem::Version
|
76
76
|
version: '0.30'
|
77
77
|
- !ruby/object:Gem::Dependency
|
@@ -175,6 +175,7 @@ dependencies:
|
|
175
175
|
description: Sensu plugins for SSL
|
176
176
|
email: "<sensu-users@googlegroups.com>"
|
177
177
|
executables:
|
178
|
+
- check-ssl-qualys.rb
|
178
179
|
- check-ssl-host.rb
|
179
180
|
- check-ssl-cert.rb
|
180
181
|
extensions: []
|
@@ -185,6 +186,7 @@ files:
|
|
185
186
|
- README.md
|
186
187
|
- bin/check-ssl-cert.rb
|
187
188
|
- bin/check-ssl-host.rb
|
189
|
+
- bin/check-ssl-qualys.rb
|
188
190
|
- lib/sensu-plugins-ssl.rb
|
189
191
|
- lib/sensu-plugins-ssl/version.rb
|
190
192
|
homepage: https://github.com/sensu-plugins/sensu-plugins-ssl
|
metadata.gz.sig
CHANGED
Binary file
|