sensu-plugins-ssl 1.1.0 → 1.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -1
- data/bin/check-ssl-cert.rb +30 -2
- data/bin/check-ssl-qualys.rb +8 -8
- data/lib/sensu-plugins-ssl/version.rb +1 -1
- metadata +2 -16
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0c7ef7f4a5a0373eed6c446ed8ec13223600e22d
|
4
|
+
data.tar.gz: ed0fce3c7528e674217fcc9f5353cf02681cae24
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ac3f37e17956a9c958b912b70d6c2787460768ecd3b30ab7d617162e0c92a19f4c369ccceca4072936c7855375e157531a83ad960820708b78b70c293f4f3825
|
7
|
+
data.tar.gz: 569ae38fd0ea68c72e9869d5e7f571e5cd66a4389d2597bfb3b2f2719fcc62717acfe137e29bc4b85a19a8731a0e1a18789d020a65875e0186b53d781245c2b2
|
data/CHANGELOG.md
CHANGED
@@ -4,6 +4,9 @@ This project adheres to [Semantic Versioning](http://semver.org/).
|
|
4
4
|
This CHANGELOG follows the format listed at [Keep A Changelog](http://keepachangelog.com/)
|
5
5
|
|
6
6
|
## [Unreleased]
|
7
|
+
## [1.2.0] - 2017-05-17
|
8
|
+
### Changed
|
9
|
+
- check-ssl-qualys.rb: removed dependency on rest-client so we don't need a c compiler (@baweaver)
|
7
10
|
|
8
11
|
## [1.1.0] - 2017-02-28
|
9
12
|
### Added
|
@@ -61,7 +64,8 @@ This CHANGELOG follows the format listed at [Keep A Changelog](http://keepachang
|
|
61
64
|
### Added
|
62
65
|
- initial release
|
63
66
|
|
64
|
-
[unreleased]: https://github.com/sensu-plugins/sensu-plugins-ssl/compare/1.
|
67
|
+
[unreleased]: https://github.com/sensu-plugins/sensu-plugins-ssl/compare/1.2.0...HEAD
|
68
|
+
[1.2.0]: https://github.com/sensu-plugins/sensu-plugins-ssl/compare/1.1.0...1.2.0
|
65
69
|
[1.1.0]: https://github.com/sensu-plugins/sensu-plugins-ssl/compare/1.0.0...1.1.0
|
66
70
|
[1.0.0]: https://github.com/sensu-plugins/sensu-plugins-ssl/compare/0.0.6...1.0.0
|
67
71
|
[0.0.6]: https://github.com/sensu-plugins/sensu-plugins-ssl/compare/0.0.5...0.0.6
|
data/bin/check-ssl-cert.rb
CHANGED
@@ -67,6 +67,16 @@ class CheckSSLCert < Sensu::Plugin::Check::CLI
|
|
67
67
|
short: '-s',
|
68
68
|
long: '--servername SERVER'
|
69
69
|
|
70
|
+
option :pkcs12,
|
71
|
+
description: 'Path to PKCS#12 certificate',
|
72
|
+
short: '-C',
|
73
|
+
long: '--cert P12'
|
74
|
+
|
75
|
+
option :pass,
|
76
|
+
description: 'Pass phrase for the private key in PKCS#12 certificate',
|
77
|
+
short: '-S',
|
78
|
+
long: '--pass '
|
79
|
+
|
70
80
|
def ssl_cert_expiry
|
71
81
|
`openssl s_client -servername #{config[:servername]} -connect #{config[:host]}:#{config[:port]} < /dev/null 2>&1 | openssl x509 -enddate -noout`.split('=').last
|
72
82
|
end
|
@@ -75,18 +85,36 @@ class CheckSSLCert < Sensu::Plugin::Check::CLI
|
|
75
85
|
OpenSSL::X509::Certificate.new(File.read config[:pem]).not_after # rubocop:disable Style/NestedParenthesizedCalls
|
76
86
|
end
|
77
87
|
|
88
|
+
def ssl_pkcs12_expiry
|
89
|
+
`openssl pkcs12 -in #{config[:pkcs12]} -nokeys -nomacver -passin pass:"#{config[:pass]}" | openssl x509 -noout -enddate | grep -v MAC`.split('=').last
|
90
|
+
end
|
91
|
+
|
78
92
|
def validate_opts
|
79
|
-
if !config[:pem]
|
93
|
+
if !config[:pem] && !config[:pkcs12]
|
80
94
|
unknown 'Host and port required' unless config[:host] && config[:port]
|
81
95
|
elsif config[:pem]
|
82
96
|
unknown 'No such cert' unless File.exist? config[:pem]
|
97
|
+
elsif config[:pkcs12]
|
98
|
+
if !config[:pass]
|
99
|
+
unknown 'No pass phrase specified for PKCS#12 certificate'
|
100
|
+
else
|
101
|
+
unknown 'No such cert' unless File.exist? config[:pkcs12]
|
102
|
+
end
|
83
103
|
end
|
84
104
|
config[:servername] = config[:host] unless config[:servername]
|
85
105
|
end
|
86
106
|
|
87
107
|
def run
|
88
108
|
validate_opts
|
89
|
-
|
109
|
+
|
110
|
+
expiry = if config[:pem]
|
111
|
+
ssl_pem_expiry
|
112
|
+
elsif config[:pkcs12]
|
113
|
+
ssl_pkcs12_expiry
|
114
|
+
else
|
115
|
+
ssl_cert_expiry
|
116
|
+
end
|
117
|
+
|
90
118
|
days_until = (Date.parse(expiry.to_s) - Date.today).to_i
|
91
119
|
|
92
120
|
if days_until < 0
|
data/bin/check-ssl-qualys.rb
CHANGED
@@ -40,7 +40,6 @@
|
|
40
40
|
#
|
41
41
|
|
42
42
|
require 'sensu-plugin/check/cli'
|
43
|
-
require 'rest-client'
|
44
43
|
require 'json'
|
45
44
|
|
46
45
|
# Checks a single DNS entry has a rating above a certain level
|
@@ -90,13 +89,14 @@ class CheckSSLQualys < Sensu::Plugin::Check::CLI
|
|
90
89
|
def ssl_api_request(from_cache)
|
91
90
|
params = { host: config[:domain] }
|
92
91
|
params[:startNew] = 'on' unless from_cache
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
92
|
+
|
93
|
+
uri = URI("#{config[:api_url]}analyze")
|
94
|
+
uri.query = URI.encode_www_form(params)
|
95
|
+
response = Net::HTTP.get_response(uri)
|
96
|
+
|
97
|
+
warning 'Bad response recieved from API' unless response.is_a?(Net::HTTPSuccess)
|
98
|
+
|
99
|
+
JSON.parse(response.body)
|
100
100
|
end
|
101
101
|
|
102
102
|
def ssl_check(from_cache)
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: sensu-plugins-ssl
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sensu-Plugins and contributors
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-
|
11
|
+
date: 2017-05-18 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: sensu-plugin
|
@@ -24,20 +24,6 @@ dependencies:
|
|
24
24
|
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
26
|
version: '1.2'
|
27
|
-
- !ruby/object:Gem::Dependency
|
28
|
-
name: rest-client
|
29
|
-
requirement: !ruby/object:Gem::Requirement
|
30
|
-
requirements:
|
31
|
-
- - '='
|
32
|
-
- !ruby/object:Gem::Version
|
33
|
-
version: 1.8.0
|
34
|
-
type: :runtime
|
35
|
-
prerelease: false
|
36
|
-
version_requirements: !ruby/object:Gem::Requirement
|
37
|
-
requirements:
|
38
|
-
- - '='
|
39
|
-
- !ruby/object:Gem::Version
|
40
|
-
version: 1.8.0
|
41
27
|
- !ruby/object:Gem::Dependency
|
42
28
|
name: bundler
|
43
29
|
requirement: !ruby/object:Gem::Requirement
|