sensu-plugins-ssl 0.0.1.alpha.2

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: a5c3ae38975b113c0af5a4ef40399a279531617d
+  data.tar.gz: 2611fd5f9b5a8c5e4a09e34541baa7c444ef510c
+SHA512:
+  metadata.gz: 3ec4ce9faafb0fc4eac90adfa3651599fe9de4486d233cb80ec58df38528ab6e94d7fda247ed47409d8a6b12dbbb008812cbef74181c49e868fc301acba39a1d
+  data.tar.gz: f6998bf1497f6f18f499579a5682bf6f35fc6be364d33cde56379ba838322abc5513f6fcf3c6747ad1a8620b83212c6c247e28d4ff7a01ac794e104a73ef1328

checksums.yaml.gz.sig

@@ -0,0 +1 @@
+�n�[P�=�d���>V�}�׾��V���ȾC�zML>
Cx�^��I/�DmT��<ݝ���ch̏���Ŵ�‹�J���!�(�H��&��I���E����ԱOg�7v�fc`��,u/]}���oe����rv���}ڻxCc�D�d��

data.tar.gz.sig

@@ -0,0 +1 @@
+9��߆Do�ł���Af!�1������@8���l�o�|��PR�t�8=�,���@��F@���7#��

data/CHANGELOG.md

@@ -0,0 +1,12 @@
+#### 0.0.1.alpha.1
+
+* identical functionality of the community repo
+
+#### 0.0.1.alpha.1
+
+* add new vagrantfile
+* add metadata to gem
+* add new bump and version tasks
+* add new version module
+* update readme
+

data/LICENSE

@@ -0,0 +1,22 @@
+Copyright (c) 2015 devops@yieldbot.com
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,54 @@
+## Sensu-Plugins-ssl
+
+[![Build Status](https://travis-ci.org/sensu-plugins/sensu-plugins-ssl.svg?branch=master)](https://travis-ci.org/sensu-plugins/sensu-plugins-ssl)
+[![Gem Version](https://badge.fury.io/rb/sensu-plugins-ssl.svg)](http://badge.fury.io/rb/sensu-plugins-ssl)
+[![Code Climate](https://codeclimate.com/github/sensu-plugins/sensu-plugins-ssl/badges/gpa.svg)](https://codeclimate.com/github/sensu-plugins/sensu-plugins-ssl)
+[![Test Coverage](https://codeclimate.com/github/sensu-plugins/sensu-plugins-ssl/badges/coverage.svg)](https://codeclimate.com/github/sensu-plugins/sensu-plugins-ssl)
+[![Dependency Status](https://gemnasium.com/sensu-plugins/sensu-plugins-ssl.svg)](https://gemnasium.com/sensu-plugins/sensu-plugins-ssl)
+
+## Functionality
+
+## Files
+ * bin/check-ssl-cert.rb
+ * bin/check-ssl-host.rb
+
+## Usage
+
+## Installation
+
+Add the public key (if you haven’t already) as a trusted certificate
+
+```
+gem cert --add <(curl -Ls https://raw.githubusercontent.com/sensu-plugins/sensu-plugins.github.io/master/certs/sensu-plugins.pem)
+gem install sensu-plugins-ssl -P MediumSecurity
+```
+
+You can also download the key from /certs/ within each repository.
+
+#### Rubygems
+
+`gem install sensu-plugins-ssl`
+
+#### Bundler
+
+Add *sensu-plugins-ssl* to your Gemfile and run `bundle install` or `bundle update`
+
+#### Chef
+
+Using the Sensu **sensu_gem** LWRP
+```
+sensu_gem 'sensu-plugins-ssl' do
+  options('--prerelease')
+  version '0.0.1.alpha.1'
+end
+```
+
+Using the Chef **gem_package** resource
+```
+gem_package 'sensu-plugins-ssl' do
+  options('--prerelease')
+  version '0.0.1.alpha.1'
+end
+```
+
+## Notes

data/bin/check-ssl-cert.rb

@@ -0,0 +1,97 @@
+#! /usr/bin/env ruby
+#
+#   check-ssl-cert
+#
+# DESCRIPTION:
+#   Check when a SSL certificate will expire.
+#
+# OUTPUT:
+#   plain text
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: sensu-plugin
+#   gem: openssl
+#
+# USAGE:
+#   example commands
+#
+# NOTES:
+#   Does it behave differently on specific platforms, specific use cases, etc
+#
+# LICENSE:
+#   Jean-Francois Theroux <me@failshell.io>
+#   Nathan Williams <nath.e.will@gmail.com>
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+
+require 'date'
+require 'openssl'
+require 'sensu-plugin/check/cli'
+
+#
+# Check SSL Cert
+#
+class CheckSSLCert < Sensu::Plugin::Check::CLI
+  option :critical,
+         description: 'Numbers of days left',
+         short: '-c',
+         long: '--critical DAYS',
+         required: true
+
+  option :warning,
+         description: 'Numbers of days left',
+         short: '-w',
+         long: '--warning DAYS',
+         required: true
+
+  option :pem,
+         description: 'Path to PEM file',
+         short: '-P',
+         long: '--pem PEM'
+
+  option :host,
+         description: 'Host to validate',
+         short: '-h',
+         long: '--host HOST'
+
+  option :port,
+         description: 'Port to validate',
+         short: '-p',
+         long: '--port PORT'
+
+  def ssl_cert_expiry
+    `openssl s_client -connect #{config[:host]}:#{config[:port]} < /dev/null 2>&1 | openssl x509 -enddate -noout`.split('=').last
+  end
+
+  def ssl_pem_expiry
+    OpenSSL::X509::Certificate.new(File.read config[:pem]).not_after
+  end
+
+  def validate_opts
+    if !config[:pem]
+      unknown 'Host and port required' unless config[:host] && config[:port]
+    elsif config[:pem]
+      unknown 'No such cert' unless File.exist? config[:pem]
+    end
+  end
+
+  def run # rubocop:disable all
+    validate_opts
+    expiry = config[:pem] ? ssl_pem_expiry : ssl_cert_expiry
+    days_until = (Date.parse(expiry.to_s) - Date.today).to_i
+
+    if days_until < 0
+      critical "Expired #{days_until.abs} days ago"
+    elsif days_until < config[:critical].to_i
+      critical "#{days_until} days left"
+    elsif days_until < config[:warning].to_i
+      warning "#{days_until} days left"
+    else
+      ok "#{days_until} days left"
+    end
+  end
+end

data/bin/check-ssl-host.rb

@@ -0,0 +1,133 @@
+#!/usr/bin/env ruby
+# encoding: UTF-8
+#  check-ssl-host.rb
+#
+# DESCRIPTION:
+#   SSL certificate checker
+#   Connects to a HTTPS (or other SSL) server and performs several checks on
+#   the certificate:
+#     - Is the hostname valid for the host we're requesting
+#     - If any certificate chain is presented, is it valid (i.e. is each
+#       certificate signed by the next)
+#     - Is the certificate about to expire
+#   Currently no checks are performed to make sure the certificate is signed
+#   by a trusted authority.
+#
+# DEPENDENCIES:
+#   gem: sensu-plugin
+#
+# USAGE:
+#   # Basic usage
+#   check-ssl-host.rb -h <hostname>
+#   # Specify specific days before cert expiry to alert on
+#   check-ssl-host.rb -h <hostmame> -c <critical_days> -w <warning_days>
+#   # Use -p to specify an alternate port
+#   check-ssl-host.rb -h <hostname> -p 8443
+#   # Use --skip-hostname-verification and/or --skip-chain-verification to
+#   # disable some of the checks made.
+#   check-ssl-host.rb -h <hostname> --skip-chain-verification
+#
+# LICENSE:
+#   Copyright 2014 Chef Software, Inc.
+#   Released under the same terms as Sensu (the MIT license); see LICENSE for
+#   details.
+#
+
+require 'sensu-plugin/check/cli'
+require 'date'
+require 'openssl'
+require 'socket'
+
+#
+# Check SSL Host
+#
+class CheckSSLHost < Sensu::Plugin::Check::CLI
+  check_name 'check_ssl_host'
+
+  option :critical,
+         description: 'Return critical this many days before cert expiry',
+         short: '-c',
+         long: '--critical DAYS',
+         proc: proc(&:to_i),
+         default: 7
+
+  option :warning,
+         description: 'Return warning this many days before cert expiry',
+         short: '-w',
+         long: '--warning DAYS',
+         required: true,
+         proc: proc(&:to_i),
+         default: 14
+
+  option :host,
+         description: 'Hostname of server to check',
+         short: '-h',
+         long: '--host HOST',
+         required: true
+
+  option :port,
+         description: 'Port on server to check',
+         short: '-p',
+         long: '--port PORT',
+         default: 443
+
+  option :skip_hostname_verification,
+         description: 'Disables hostname verification',
+         long: '--skip-hostname-verification',
+         boolean: true
+
+  option :skip_chain_verification,
+         description: 'Disables certificate chain verification',
+         long: '--skip-chain-verification',
+         boolean: true
+
+  def get_cert_chain(host, port)
+    tcp_client = TCPSocket.new(host, port)
+    ssl_context = OpenSSL::SSL::SSLContext.new
+    ssl_client = OpenSSL::SSL::SSLSocket.new(tcp_client, ssl_context)
+    # SNI
+    ssl_client.hostname = host if ssl_client.respond_to? :hostname=
+    ssl_client.connect
+    certs = ssl_client.peer_cert_chain
+    ssl_client.close
+    certs
+  end
+
+  def verify_expiry(cert) # rubocop:disable all
+    # Expiry check
+    days = (cert.not_after.to_date - Date.today).to_i
+    message = "#{config[:host]} - #{days} days until expiry"
+    critical "#{config[:host]} - Expired #{days} days ago" if days < 0
+    critical message if days < config[:critical]
+    warning message if days < config[:warning]
+    ok message
+  end
+
+  def verify_certificate_chain(certs)
+    # Validates that a chain of certs are each signed by the next
+    # NOTE: doesn't validate that the top of the chain is signed by a trusted
+    # CA.
+    valid = true
+    parent = nil
+    certs.reverse.each do |c|
+      if parent
+        valid &= c.verify(parent.public_key)
+      end
+      parent = c
+    end
+    critical "#{config[:host]} - Invalid certificate chain" unless valid
+  end
+
+  def verify_hostname(cert)
+    unless OpenSSL::SSL.verify_certificate_identity(cert, config[:host]) # rubocop:disable all
+      critical "#{config[:host]} hostname mismatch (#{cert.subject})"
+    end
+  end
+
+  def run
+    chain = get_cert_chain(config[:host], config[:port])
+    verify_hostname(chain[0]) unless config[:skip_hostname_verification]
+    verify_certificate_chain(chain) unless config[:skip_chain_verification]
+    verify_expiry(chain[0])
+  end
+end

data/lib/sensu-plugins-ssl.rb

@@ -0,0 +1,15 @@
+
+require 'sensu-plugins-ssl/version'
+
+# Load the defaults
+
+#
+# Default class
+#
+module SensuPluginsSSL
+  class << self
+  end
+
+  class << self
+  end
+end

data/lib/sensu-plugins-ssl/version.rb

@@ -0,0 +1,28 @@
+require 'json'
+
+# encoding: utf-8
+module SensuPluginsSSL
+  # This defines the version of the gem
+  module Version
+    MAJOR = 0
+    MINOR = 0
+    PATCH = 1
+
+    VER_STRING = [MAJOR, MINOR, PATCH, 'alpha.2'].compact.join('.')
+
+    NAME   = 'sensu-plugins-ssl'
+    BANNER = "#{NAME} v%s"
+
+    module_function
+
+    def version
+      format(BANNER, VER_STRING)
+    end
+
+    def json_version
+      {
+        'version' => VER_STRING
+      }.to_json
+    end
+  end
+end

metadata

@@ -0,0 +1,216 @@
+--- !ruby/object:Gem::Specification
+name: sensu-plugins-ssl
+version: !ruby/object:Gem::Version
+  version: 0.0.1.alpha.2
+platform: ruby
+authors:
+- Yieldbot, Inc. and contributors
+autorequire: 
+bindir: bin
+cert_chain:
+- |
+  -----BEGIN CERTIFICATE-----
+  MIIDgDCCAmigAwIBAgIBATANBgkqhkiG9w0BAQUFADBDMRIwEAYDVQQDDAltYXR0
+  am9uZXMxGDAWBgoJkiaJk/IsZAEZFgh5aWVsZGJvdDETMBEGCgmSJomT8ixkARkW
+  A2NvbTAeFw0xNTAxMjgyMTAyNTFaFw0xNjAxMjgyMTAyNTFaMEMxEjAQBgNVBAMM
+  CW1hdHRqb25lczEYMBYGCgmSJomT8ixkARkWCHlpZWxkYm90MRMwEQYKCZImiZPy
+  LGQBGRYDY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyTSzVYnO
+  CLgyrIyT1mBQakArQyW8xhi6MlDqyzXHJGeERT790U6EgoBVeS4XoK0ptFZNR8Tf
+  zko0w+Nv47TarSCgkPOaxY+mxWnAVR10dOmfeLr7huiMyps+YD56/EF2FqQ3jf/+
+  qohENfKD91qy1ieEy+Fn7Pf74ltbNKUdkb9a9eFXQ0DQ4ip5vik7DzjQkUTj4lca
+  k6ArwnmHX4YDhZoYtrQJ8jVktN0/+NtA40M5qkCYHNe5tUW25b/tKVYuioxG6b2Z
+  oIzaZxRLxf6HVAWpCVRT/F5+/yjigkX4u++eYacfLGleXQzoK7BL65vHGMJygWEE
+  0TKGqFOrl/L0AQIDAQABo38wfTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAdBgNV
+  HQ4EFgQUEf6a8Td7MrSZc8ImbLFZAENPbz0wIQYDVR0RBBowGIEWbWF0dGpvbmVz
+  QHlpZWxkYm90LmNvbTAhBgNVHRIEGjAYgRZtYXR0am9uZXNAeWllbGRib3QuY29t
+  MA0GCSqGSIb3DQEBBQUAA4IBAQBbzXAYA3BVGw8DZ0YYoY1VHPNEcH5qPIApmHO8
+  rvSmuUT0yMEi7u00H/5uHRFf4LleGT/+sTdyXKsNPGT9kdRuQEgwi+vf7Zfvd8aX
+  UF/+4VkEYf/8rV8Ere6u2QaWPgApdMV6JjKr1fAwCTd8AuGXNaWItiPPMseSQzLJ
+  JKP4hVvbc1d+oS925B1lcBiqn2aYvElbyNAVmQPywNNqkWmvtlqj9ZVJfV5HQLdu
+  8sHuVruarogxxKPBzlL2is4EUb6oN/RdpGx2l4254+nyR+abg//Ed27Ym0PkB4lk
+  HP0m8WSjZmFr109pE/sVsM5jtOCvogyujQOjNVGN4gz1wwPr
+  -----END CERTIFICATE-----
+date: 2015-04-07 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: sensu-plugin
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.1.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.1.0
+- !ruby/object:Gem::Dependency
+  name: codeclimate-test-reporter
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.4'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.17.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.17.0
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: github-markup
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: redcarpet
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.2'
+- !ruby/object:Gem::Dependency
+  name: yard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.10'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.10'
+description: Sensu plugins for checking ssl
+email: "<sensu-users@googlegroups.com>"
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- CHANGELOG.md
+- LICENSE
+- README.md
+- bin/check-ssl-cert.rb
+- bin/check-ssl-host.rb
+- lib/sensu-plugins-ssl.rb
+- lib/sensu-plugins-ssl/version.rb
+homepage: https://github.com/sensu-plugins/sensu-plugins-ssl
+licenses:
+- MIT
+metadata:
+  maintainer: ''
+  development_status: active
+  production_status: unstable - testing recommended
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 1.9.3
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">"
+    - !ruby/object:Gem::Version
+      version: 1.3.1
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: Sensu plugins for checking ssl
+test_files: []
+has_rdoc: