sensu-plugins-ssl 0.0.6 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +17 -1
- data/README.md +0 -1
- data/bin/check-ssl-cert.rb +8 -2
- data/bin/check-ssl-host.rb +6 -6
- data/bin/check-ssl-qualys.rb +13 -8
- data/lib/sensu-plugins-ssl/version.rb +2 -2
- metadata +16 -37
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -3
- metadata.gz.sig +0 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: bd6139788580da152ea21011bcf673388d067cf2
|
|
4
|
+
data.tar.gz: 96c53d56a691211326adc84b967e0282bf31c7fc
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9aa9628fc76a95b28c8cd070cc5676e834ee950e7a69edc1569dd117dd5397300ee1ce7e9561f2c025172b121eb71f53d8283e1e6c760ed575fd83d071b0fa1f
|
|
7
|
+
data.tar.gz: f2fdde4418085c7167972c88e44e3728e15d9a69cb9506da3f9149a5e119ab4231984f2648a70a48aa0d3a15d56fac1fec3f9e5d451274c8f22c110dd49a14d9
|
data/CHANGELOG.md
CHANGED
|
@@ -3,6 +3,20 @@ This project adheres to [Semantic Versioning](http://semver.org/).
|
|
|
3
3
|
|
|
4
4
|
This CHANGELOG follows the format listed at [Keep A Changelog](http://keepachangelog.com/)
|
|
5
5
|
|
|
6
|
+
## [Unreleased]
|
|
7
|
+
|
|
8
|
+
## [1.0.0]
|
|
9
|
+
### Changed
|
|
10
|
+
- Updated Rubocop to 0.40, applied auto-correct
|
|
11
|
+
- Loosened dependency on sensu-plugin from `= 1.2.0` to `~> 1.2`
|
|
12
|
+
- Changed permissions on check-ssl-qualys.rb to ensure it is executable
|
|
13
|
+
|
|
14
|
+
### Added
|
|
15
|
+
- check-ssl-cert.rb: Added optional `servername` configuration for specifying an SNI which may differ from the host
|
|
16
|
+
|
|
17
|
+
### Removed
|
|
18
|
+
- Removed Ruby 1.9.3 support; add Ruby 2.3.0 support to testing matrix
|
|
19
|
+
|
|
6
20
|
## [0.0.6] - 2015-08-18
|
|
7
21
|
### Fixed
|
|
8
22
|
- Added rest-client to the gemspec
|
|
@@ -33,7 +47,9 @@ This CHANGELOG follows the format listed at [Keep A Changelog](http://keepachang
|
|
|
33
47
|
### Added
|
|
34
48
|
- initial release
|
|
35
49
|
|
|
36
|
-
[unreleased]: https://github.com/sensu-plugins/sensu-plugins-ssl/compare/0.0
|
|
50
|
+
[unreleased]: https://github.com/sensu-plugins/sensu-plugins-ssl/compare/1.0.0...HEAD
|
|
51
|
+
[1.0.0]: https://github.com/sensu-plugins/sensu-plugins-ssl/compare/0.0.6...1.0.0
|
|
52
|
+
[0.0.6]: https://github.com/sensu-plugins/sensu-plugins-ssl/compare/0.0.5...0.0.6
|
|
37
53
|
[0.0.5]: https://github.com/sensu-plugins/sensu-plugins-ssl/compare/0.0.4...0.0.5
|
|
38
54
|
[0.0.4]: https://github.com/sensu-plugins/sensu-plugins-ssl/compare/0.0.3...0.0.4
|
|
39
55
|
[0.0.3]: https://github.com/sensu-plugins/sensu-plugins-ssl/compare/0.0.2...0.0.3
|
data/README.md
CHANGED
|
@@ -5,7 +5,6 @@
|
|
|
5
5
|
[](https://codeclimate.com/github/sensu-plugins/sensu-plugins-ssl)
|
|
6
6
|
[](https://codeclimate.com/github/sensu-plugins/sensu-plugins-ssl)
|
|
7
7
|
[](https://gemnasium.com/sensu-plugins/sensu-plugins-ssl)
|
|
8
|
-
[ ](https://codeship.com/projects/81513)
|
|
9
8
|
|
|
10
9
|
## Functionality
|
|
11
10
|
|
data/bin/check-ssl-cert.rb
CHANGED
|
@@ -62,12 +62,17 @@ class CheckSSLCert < Sensu::Plugin::Check::CLI
|
|
|
62
62
|
short: '-p',
|
|
63
63
|
long: '--port PORT'
|
|
64
64
|
|
|
65
|
+
option :servername,
|
|
66
|
+
description: 'Set the TLS SNI (Server Name Indication) extension',
|
|
67
|
+
short: '-s',
|
|
68
|
+
long: '--servername SERVER'
|
|
69
|
+
|
|
65
70
|
def ssl_cert_expiry
|
|
66
|
-
`openssl s_client -servername #{config[:
|
|
71
|
+
`openssl s_client -servername #{config[:servername]} -connect #{config[:host]}:#{config[:port]} < /dev/null 2>&1 | openssl x509 -enddate -noout`.split('=').last
|
|
67
72
|
end
|
|
68
73
|
|
|
69
74
|
def ssl_pem_expiry
|
|
70
|
-
OpenSSL::X509::Certificate.new(File.read config[:pem]).not_after
|
|
75
|
+
OpenSSL::X509::Certificate.new(File.read config[:pem]).not_after # rubocop:disable Style/NestedParenthesizedCalls
|
|
71
76
|
end
|
|
72
77
|
|
|
73
78
|
def validate_opts
|
|
@@ -76,6 +81,7 @@ class CheckSSLCert < Sensu::Plugin::Check::CLI
|
|
|
76
81
|
elsif config[:pem]
|
|
77
82
|
unknown 'No such cert' unless File.exist? config[:pem]
|
|
78
83
|
end
|
|
84
|
+
config[:servername] = config[:host] unless config[:servername]
|
|
79
85
|
end
|
|
80
86
|
|
|
81
87
|
def run
|
data/bin/check-ssl-host.rb
CHANGED
|
@@ -42,7 +42,7 @@ require 'socket'
|
|
|
42
42
|
# Check SSL Host
|
|
43
43
|
#
|
|
44
44
|
class CheckSSLHost < Sensu::Plugin::Check::CLI
|
|
45
|
-
STARTTLS_PROTOS = %w(smtp)
|
|
45
|
+
STARTTLS_PROTOS = %w(smtp).freeze
|
|
46
46
|
|
|
47
47
|
check_name 'check_ssl_host'
|
|
48
48
|
|
|
@@ -102,23 +102,23 @@ class CheckSSLHost < Sensu::Plugin::Check::CLI
|
|
|
102
102
|
end
|
|
103
103
|
|
|
104
104
|
def handle_starttls(proto, socket)
|
|
105
|
-
if STARTTLS_PROTOS.include?(proto)
|
|
105
|
+
if STARTTLS_PROTOS.include?(proto) # rubocop:disable Style/GuardClause
|
|
106
106
|
send("starttls_#{proto}", socket)
|
|
107
107
|
else
|
|
108
|
-
|
|
108
|
+
raise ArgumentError, "STARTTLS supported only for #{STARTTLS_PROTOS.join(', ')}"
|
|
109
109
|
end
|
|
110
110
|
end
|
|
111
111
|
|
|
112
112
|
def starttls_smtp(socket)
|
|
113
113
|
status = socket.readline
|
|
114
|
-
unless /^220
|
|
114
|
+
unless /^220 / =~ status
|
|
115
115
|
critical "#{config[:host]} - did not receive initial SMTP 220"
|
|
116
116
|
# no fall-through
|
|
117
117
|
end
|
|
118
118
|
socket.puts 'STARTTLS'
|
|
119
119
|
|
|
120
120
|
status = socket.readline
|
|
121
|
-
return if /^220
|
|
121
|
+
return if /^220 / =~ status
|
|
122
122
|
critical "#{config[:host]} - did not receive SMTP 220 in response to STARTTLS"
|
|
123
123
|
end
|
|
124
124
|
|
|
@@ -148,7 +148,7 @@ class CheckSSLHost < Sensu::Plugin::Check::CLI
|
|
|
148
148
|
end
|
|
149
149
|
|
|
150
150
|
def verify_hostname(cert)
|
|
151
|
-
unless OpenSSL::SSL.verify_certificate_identity(cert, config[:host]) # rubocop:disable
|
|
151
|
+
unless OpenSSL::SSL.verify_certificate_identity(cert, config[:host]) # rubocop:disable Style/GuardClause
|
|
152
152
|
critical "#{config[:host]} hostname mismatch (#{cert.subject})"
|
|
153
153
|
end
|
|
154
154
|
end
|
data/bin/check-ssl-qualys.rb
CHANGED
|
@@ -4,7 +4,7 @@
|
|
|
4
4
|
#
|
|
5
5
|
# DESCRIPTION:
|
|
6
6
|
# Runs a report using the Qualys SSL Labs API and then alerts if a
|
|
7
|
-
#
|
|
7
|
+
# domain does not meet the grade specified for *ALL* hosts that are
|
|
8
8
|
# reachable from that domian.
|
|
9
9
|
#
|
|
10
10
|
# The checks that are performed are documented on
|
|
@@ -24,10 +24,15 @@
|
|
|
24
24
|
# # Basic usage
|
|
25
25
|
# check-ssl-qualys.rb -d <domain_name>
|
|
26
26
|
# # Specify the CRITICAL and WARNING grades to a specific grade
|
|
27
|
-
# check-ssl-qualys.rb -
|
|
27
|
+
# check-ssl-qualys.rb -d <domain_name> -c <critical_grade> -w <warning_grade>
|
|
28
28
|
# # Use --api-url to specify an alternate api host
|
|
29
29
|
# check-ssl-qualys.rb -d <domain_name> -api-url <alternate_host>
|
|
30
30
|
#
|
|
31
|
+
# NOTE: This check takes a rather long time to run and will timeout if you're using
|
|
32
|
+
# the default sensu check timeout. Make sure to set a longer timeout period in the
|
|
33
|
+
# check definition. Two minutes or longer may be a good starting point as checks
|
|
34
|
+
# regularly take 90+ seconds to run.
|
|
35
|
+
#
|
|
31
36
|
# LICENSE:
|
|
32
37
|
# Copyright 2015 William Cooke <will@bruisyard.eu>
|
|
33
38
|
# Released under the same terms as Sensu (the MIT license); see LICENSE for
|
|
@@ -41,7 +46,7 @@ require 'json'
|
|
|
41
46
|
# Checks a single DNS entry has a rating above a certain level
|
|
42
47
|
class CheckSSLQualys < Sensu::Plugin::Check::CLI
|
|
43
48
|
# Current grades that are avaialble from the API
|
|
44
|
-
GRADE_OPTIONS = ['A+', 'A', 'A-', 'B', 'C', 'D', 'E', 'F', 'T', 'M']
|
|
49
|
+
GRADE_OPTIONS = ['A+', 'A', 'A-', 'B', 'C', 'D', 'E', 'F', 'T', 'M'].freeze
|
|
45
50
|
|
|
46
51
|
option :domain,
|
|
47
52
|
description: 'The domain to run the test against',
|
|
@@ -71,7 +76,7 @@ class CheckSSLQualys < Sensu::Plugin::Check::CLI
|
|
|
71
76
|
option :num_checks,
|
|
72
77
|
short: '-n NUM_CHECKS',
|
|
73
78
|
long: '--number-checks NUM_CHECKS',
|
|
74
|
-
description: 'The number of checks to make before giving up',
|
|
79
|
+
description: 'The number of checks to make before giving up (timeout of check)',
|
|
75
80
|
proc: proc { |t| t.to_i },
|
|
76
81
|
default: 24
|
|
77
82
|
|
|
@@ -82,16 +87,16 @@ class CheckSSLQualys < Sensu::Plugin::Check::CLI
|
|
|
82
87
|
proc: proc { |t| t.to_i },
|
|
83
88
|
default: 10
|
|
84
89
|
|
|
85
|
-
def ssl_api_request(
|
|
90
|
+
def ssl_api_request(from_cache)
|
|
86
91
|
params = { host: config[:domain] }
|
|
87
|
-
params
|
|
92
|
+
params[:startNew] = 'on' unless from_cache
|
|
88
93
|
r = RestClient.get("#{config[:api_url]}analyze", params: params)
|
|
89
94
|
warning "HTTP#{r.code} recieved from API" unless r.code == 200
|
|
90
95
|
JSON.parse(r.body)
|
|
91
96
|
end
|
|
92
97
|
|
|
93
|
-
def ssl_check(
|
|
94
|
-
json = ssl_api_request(
|
|
98
|
+
def ssl_check(from_cache)
|
|
99
|
+
json = ssl_api_request(from_cache)
|
|
95
100
|
warning "ERROR on #{config[:domain]} check" if json['status'] == 'ERROR'
|
|
96
101
|
json
|
|
97
102
|
end
|
metadata
CHANGED
|
@@ -1,51 +1,29 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: sensu-plugins-ssl
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0
|
|
4
|
+
version: 1.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Sensu-Plugins and contributors
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
|
-
cert_chain:
|
|
11
|
-
-
|
|
12
|
-
-----BEGIN CERTIFICATE-----
|
|
13
|
-
MIIDgDCCAmigAwIBAgIBATANBgkqhkiG9w0BAQUFADBDMRIwEAYDVQQDDAltYXR0
|
|
14
|
-
am9uZXMxGDAWBgoJkiaJk/IsZAEZFgh5aWVsZGJvdDETMBEGCgmSJomT8ixkARkW
|
|
15
|
-
A2NvbTAeFw0xNTAxMjgyMTAyNTFaFw0xNjAxMjgyMTAyNTFaMEMxEjAQBgNVBAMM
|
|
16
|
-
CW1hdHRqb25lczEYMBYGCgmSJomT8ixkARkWCHlpZWxkYm90MRMwEQYKCZImiZPy
|
|
17
|
-
LGQBGRYDY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyTSzVYnO
|
|
18
|
-
CLgyrIyT1mBQakArQyW8xhi6MlDqyzXHJGeERT790U6EgoBVeS4XoK0ptFZNR8Tf
|
|
19
|
-
zko0w+Nv47TarSCgkPOaxY+mxWnAVR10dOmfeLr7huiMyps+YD56/EF2FqQ3jf/+
|
|
20
|
-
qohENfKD91qy1ieEy+Fn7Pf74ltbNKUdkb9a9eFXQ0DQ4ip5vik7DzjQkUTj4lca
|
|
21
|
-
k6ArwnmHX4YDhZoYtrQJ8jVktN0/+NtA40M5qkCYHNe5tUW25b/tKVYuioxG6b2Z
|
|
22
|
-
oIzaZxRLxf6HVAWpCVRT/F5+/yjigkX4u++eYacfLGleXQzoK7BL65vHGMJygWEE
|
|
23
|
-
0TKGqFOrl/L0AQIDAQABo38wfTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAdBgNV
|
|
24
|
-
HQ4EFgQUEf6a8Td7MrSZc8ImbLFZAENPbz0wIQYDVR0RBBowGIEWbWF0dGpvbmVz
|
|
25
|
-
QHlpZWxkYm90LmNvbTAhBgNVHRIEGjAYgRZtYXR0am9uZXNAeWllbGRib3QuY29t
|
|
26
|
-
MA0GCSqGSIb3DQEBBQUAA4IBAQBbzXAYA3BVGw8DZ0YYoY1VHPNEcH5qPIApmHO8
|
|
27
|
-
rvSmuUT0yMEi7u00H/5uHRFf4LleGT/+sTdyXKsNPGT9kdRuQEgwi+vf7Zfvd8aX
|
|
28
|
-
UF/+4VkEYf/8rV8Ere6u2QaWPgApdMV6JjKr1fAwCTd8AuGXNaWItiPPMseSQzLJ
|
|
29
|
-
JKP4hVvbc1d+oS925B1lcBiqn2aYvElbyNAVmQPywNNqkWmvtlqj9ZVJfV5HQLdu
|
|
30
|
-
8sHuVruarogxxKPBzlL2is4EUb6oN/RdpGx2l4254+nyR+abg//Ed27Ym0PkB4lk
|
|
31
|
-
HP0m8WSjZmFr109pE/sVsM5jtOCvogyujQOjNVGN4gz1wwPr
|
|
32
|
-
-----END CERTIFICATE-----
|
|
33
|
-
date: 2015-08-18 00:00:00.000000000 Z
|
|
10
|
+
cert_chain: []
|
|
11
|
+
date: 2016-06-20 00:00:00.000000000 Z
|
|
34
12
|
dependencies:
|
|
35
13
|
- !ruby/object:Gem::Dependency
|
|
36
14
|
name: sensu-plugin
|
|
37
15
|
requirement: !ruby/object:Gem::Requirement
|
|
38
16
|
requirements:
|
|
39
|
-
- -
|
|
17
|
+
- - "~>"
|
|
40
18
|
- !ruby/object:Gem::Version
|
|
41
|
-
version: 1.2
|
|
19
|
+
version: '1.2'
|
|
42
20
|
type: :runtime
|
|
43
21
|
prerelease: false
|
|
44
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
45
23
|
requirements:
|
|
46
|
-
- -
|
|
24
|
+
- - "~>"
|
|
47
25
|
- !ruby/object:Gem::Version
|
|
48
|
-
version: 1.2
|
|
26
|
+
version: '1.2'
|
|
49
27
|
- !ruby/object:Gem::Dependency
|
|
50
28
|
name: rest-client
|
|
51
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -162,16 +140,16 @@ dependencies:
|
|
|
162
140
|
name: rubocop
|
|
163
141
|
requirement: !ruby/object:Gem::Requirement
|
|
164
142
|
requirements:
|
|
165
|
-
- -
|
|
143
|
+
- - "~>"
|
|
166
144
|
- !ruby/object:Gem::Version
|
|
167
|
-
version: 0.
|
|
145
|
+
version: 0.40.0
|
|
168
146
|
type: :development
|
|
169
147
|
prerelease: false
|
|
170
148
|
version_requirements: !ruby/object:Gem::Requirement
|
|
171
149
|
requirements:
|
|
172
|
-
- -
|
|
150
|
+
- - "~>"
|
|
173
151
|
- !ruby/object:Gem::Version
|
|
174
|
-
version: 0.
|
|
152
|
+
version: 0.40.0
|
|
175
153
|
- !ruby/object:Gem::Dependency
|
|
176
154
|
name: yard
|
|
177
155
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -192,9 +170,9 @@ description: |-
|
|
|
192
170
|
verification, cert expiry, and Qualys SSL Labs reporting
|
|
193
171
|
email: "<sensu-users@googlegroups.com>"
|
|
194
172
|
executables:
|
|
195
|
-
- check-ssl-qualys.rb
|
|
196
|
-
- check-ssl-host.rb
|
|
197
173
|
- check-ssl-cert.rb
|
|
174
|
+
- check-ssl-host.rb
|
|
175
|
+
- check-ssl-qualys.rb
|
|
198
176
|
extensions: []
|
|
199
177
|
extra_rdoc_files: []
|
|
200
178
|
files:
|
|
@@ -224,7 +202,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
224
202
|
requirements:
|
|
225
203
|
- - ">="
|
|
226
204
|
- !ruby/object:Gem::Version
|
|
227
|
-
version:
|
|
205
|
+
version: 2.0.0
|
|
228
206
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
229
207
|
requirements:
|
|
230
208
|
- - ">="
|
|
@@ -232,8 +210,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
232
210
|
version: '0'
|
|
233
211
|
requirements: []
|
|
234
212
|
rubyforge_project:
|
|
235
|
-
rubygems_version: 2.
|
|
213
|
+
rubygems_version: 2.5.1
|
|
236
214
|
signing_key:
|
|
237
215
|
specification_version: 4
|
|
238
216
|
summary: Sensu plugins for SSL
|
|
239
217
|
test_files: []
|
|
218
|
+
has_rdoc:
|
checksums.yaml.gz.sig
DELETED
|
Binary file
|
data.tar.gz.sig
DELETED