sensu-plugins-ssl 1.4.0 → 1.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +16 -2
- data/README.md +2 -0
- data/bin/check-java-keystore-cert.rb +2 -2
- data/bin/check-ssl-hsts-preloadable.rb +79 -0
- data/bin/check-ssl-hsts-status.rb +101 -0
- data/lib/sensu-plugins-ssl/version.rb +1 -1
- metadata +7 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7e23f7f9bda17a902a794ba2b392db1fab95bc18
|
4
|
+
data.tar.gz: dcfb2876610019130353b96e5eeee56ce760b7bf
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 055dd188beb7356eb2c10edfab2db5432343910d4548a6ab4f911860bd27d93814b8e896ea02a54d240c265140ded0edf1209433f1d49c30ad1c45f6f78af200
|
7
|
+
data.tar.gz: 9724710d3b54fb0d20538232cefb3992fa1ef7c707489c4cb6bc15de62a9e098cebb983016396344ee6ca6781af5a87f647ba76e9d6dcee92786ee3041422593
|
data/CHANGELOG.md
CHANGED
@@ -1,10 +1,23 @@
|
|
1
1
|
# Change Log
|
2
2
|
This project adheres to [Semantic Versioning](http://semver.org/).
|
3
3
|
|
4
|
-
This CHANGELOG follows the format listed
|
4
|
+
This CHANGELOG follows the format listed [here](https://github.com/sensu-plugins/community/blob/master/HOW_WE_CHANGELOG.md).
|
5
5
|
|
6
6
|
## [Unreleased]
|
7
7
|
|
8
|
+
## [1.5.0] - 2017-09-26
|
9
|
+
### Added
|
10
|
+
- Ruby 2.4.1 testing
|
11
|
+
- `check-ssl-hsts-preload.rb`: Added check for testing preload status of HSTS (@rwky)
|
12
|
+
- `check-ssl-hsts-preloadable.rb`: Added check for testing if a domain can be HSTS preloaded (@rwky)
|
13
|
+
|
14
|
+
### Changed
|
15
|
+
- updated CHANGELOG guidelines location (@majormoses)
|
16
|
+
|
17
|
+
### Fixed
|
18
|
+
- `check-java-keystore-cert.rb`: Export cert in PEM format to fix tests that broke going from Precise to Trusty travis workers (@eheydrick)
|
19
|
+
- fixed spelling in github pr template (@majormoses)
|
20
|
+
|
8
21
|
## [1.4.0] - 2017-06-20
|
9
22
|
### Added
|
10
23
|
- `check-ssl-anchor.rb`: Add check for a specific root certificate signature. (@pgporada)
|
@@ -78,7 +91,8 @@ This CHANGELOG follows the format listed at [Keep A Changelog](http://keepachang
|
|
78
91
|
### Added
|
79
92
|
- initial release
|
80
93
|
|
81
|
-
[Unreleased]: https://github.com/sensu-plugins/sensu-plugins-ssl/compare/1.
|
94
|
+
[Unreleased]: https://github.com/sensu-plugins/sensu-plugins-ssl/compare/1.5.0...HEAD
|
95
|
+
[1.5.0]: https://github.com/sensu-plugins/sensu-plugins-ssl/compare/1.4.0...1.5.0
|
82
96
|
[1.4.0]: https://github.com/sensu-plugins/sensu-plugins-ssl/compare/1.3.1...1.4.0
|
83
97
|
[1.3.1]: https://github.com/sensu-plugins/sensu-plugins-ssl/compare/1.3.0...1.3.1
|
84
98
|
[1.3.0]: https://github.com/sensu-plugins/sensu-plugins-ssl/compare/1.2.0...1.3.0
|
data/README.md
CHANGED
@@ -56,8 +56,8 @@ class CheckJavaKeystoreCert < Sensu::Plugin::Check::CLI
|
|
56
56
|
def certificate_expiration_date
|
57
57
|
result = `keytool -keystore #{Shellwords.escape(config[:path])} \
|
58
58
|
-export -alias #{Shellwords.escape(config[:alias])} \
|
59
|
-
-storepass #{Shellwords.escape(config[:password])} 2>&1 | \
|
60
|
-
openssl x509 -enddate -
|
59
|
+
-storepass #{Shellwords.escape(config[:password])} -rfc 2>&1 | \
|
60
|
+
openssl x509 -enddate -noout 2>&1`
|
61
61
|
|
62
62
|
# rubocop:disable Style/SpecialGlobalVars
|
63
63
|
unknown 'could not get certificate from keystore' unless $?.success?
|
@@ -0,0 +1,79 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
# encoding: UTF-8
|
3
|
+
# check-ssl-hsts-preloadable.rb
|
4
|
+
#
|
5
|
+
# DESCRIPTION:
|
6
|
+
# Checks a domain against the chromium HSTS API returning errors/warnings if the domain is preloadable
|
7
|
+
#
|
8
|
+
# OUTPUT:
|
9
|
+
# plain text
|
10
|
+
#
|
11
|
+
# PLATFORMS:
|
12
|
+
# Linux
|
13
|
+
#
|
14
|
+
# DEPENDENCIES:
|
15
|
+
# gem: sensu-plugin
|
16
|
+
#
|
17
|
+
# USAGE:
|
18
|
+
# # Basic usage
|
19
|
+
# check-ssl-hsts-preloadable.rb -d <domain_name>
|
20
|
+
#
|
21
|
+
# LICENSE:
|
22
|
+
# Copyright 2017 Rowan Wookey <admin@rwky.net>
|
23
|
+
# Released under the same terms as Sensu (the MIT license); see LICENSE for
|
24
|
+
# details.
|
25
|
+
#
|
26
|
+
# Inspired by https://github.com/sensu-plugins/sensu-plugins-ssl/blob/master/bin/check-ssl-qualys.rb Copyright 2015 William Cooke <will@bruisyard.eu>
|
27
|
+
#
|
28
|
+
|
29
|
+
require 'sensu-plugin/check/cli'
|
30
|
+
require 'json'
|
31
|
+
require 'net/http'
|
32
|
+
|
33
|
+
class CheckSSLHSTSPreloadable < Sensu::Plugin::Check::CLI
|
34
|
+
option :domain,
|
35
|
+
description: 'The domain to run the test against',
|
36
|
+
short: '-d DOMAIN',
|
37
|
+
long: '--domain DOMAIN',
|
38
|
+
required: true
|
39
|
+
|
40
|
+
option :api_url,
|
41
|
+
description: 'The URL of the API to run against',
|
42
|
+
long: '--api-url URL',
|
43
|
+
default: 'https://hstspreload.org/api/v2/preloadable'
|
44
|
+
|
45
|
+
def fetch(uri, limit = 10)
|
46
|
+
if limit == 0
|
47
|
+
return nil
|
48
|
+
end
|
49
|
+
|
50
|
+
response = Net::HTTP.get_response(uri)
|
51
|
+
|
52
|
+
case response
|
53
|
+
when Net::HTTPSuccess then
|
54
|
+
response
|
55
|
+
when Net::HTTPRedirection then
|
56
|
+
location = URI(response['location'])
|
57
|
+
fetch(location, limit - 1)
|
58
|
+
end
|
59
|
+
end
|
60
|
+
|
61
|
+
def run
|
62
|
+
uri = URI(config[:api_url])
|
63
|
+
uri.query = URI.encode_www_form(domain: config[:domain])
|
64
|
+
response = fetch(uri)
|
65
|
+
if response.nil?
|
66
|
+
return warning 'Bad response recieved from API'
|
67
|
+
end
|
68
|
+
body = JSON.parse(response.body)
|
69
|
+
if !body['errors'].empty?
|
70
|
+
critical body['errors'].map { |u| u['summary'] }.join(', ')
|
71
|
+
elsif !body['warnings'].empty?
|
72
|
+
warning body['warnings'].map { |u| u['summary'] }.join(', ')
|
73
|
+
else
|
74
|
+
ok
|
75
|
+
end
|
76
|
+
end
|
77
|
+
end
|
78
|
+
|
79
|
+
# vim: set tabstop=2 shiftwidth=2 expandtab:
|
@@ -0,0 +1,101 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
# encoding: UTF-8
|
3
|
+
# check-ssl-hsts-preload.rb
|
4
|
+
#
|
5
|
+
# DESCRIPTION:
|
6
|
+
# Checks a domain against the chromium HSTS API reporting on the preload status of the domain
|
7
|
+
#
|
8
|
+
# OUTPUT:
|
9
|
+
# plain text
|
10
|
+
#
|
11
|
+
# PLATFORMS:
|
12
|
+
# Linux
|
13
|
+
#
|
14
|
+
# DEPENDENCIES:
|
15
|
+
# gem: sensu-plugin
|
16
|
+
#
|
17
|
+
# USAGE:
|
18
|
+
# # Basic usage
|
19
|
+
# check-ssl-hsts-preload.rb -d <domain_name>
|
20
|
+
# # Specify the CRITICAL and WARNING alerts to either unknown (not in the database), pending or preloaded
|
21
|
+
# check-ssl-hsts-preload.rb -d <domain_name> -c <critical_alert> -w <warning_alert>
|
22
|
+
#
|
23
|
+
# LICENSE:
|
24
|
+
# Copyright 2017 Rowan Wookey <admin@rwky.net>
|
25
|
+
# Released under the same terms as Sensu (the MIT license); see LICENSE for
|
26
|
+
# details.
|
27
|
+
#
|
28
|
+
# Inspired by https://github.com/sensu-plugins/sensu-plugins-ssl/blob/master/bin/check-ssl-qualys.rb Copyright 2015 William Cooke <will@bruisyard.eu>
|
29
|
+
#
|
30
|
+
|
31
|
+
require 'sensu-plugin/check/cli'
|
32
|
+
require 'json'
|
33
|
+
require 'net/http'
|
34
|
+
|
35
|
+
class CheckSSLHSTSStatus < Sensu::Plugin::Check::CLI
|
36
|
+
STATUSES = %w(unknown pending preloaded).freeze
|
37
|
+
|
38
|
+
option :domain,
|
39
|
+
description: 'The domain to run the test against',
|
40
|
+
short: '-d DOMAIN',
|
41
|
+
long: '--domain DOMAIN',
|
42
|
+
required: true
|
43
|
+
|
44
|
+
option :warn,
|
45
|
+
short: '-w STATUS',
|
46
|
+
long: '--warn STATUS',
|
47
|
+
description: 'WARNING if this status or worse',
|
48
|
+
in: STATUSES,
|
49
|
+
default: 'pending'
|
50
|
+
|
51
|
+
option :critical,
|
52
|
+
short: '-c STATUS',
|
53
|
+
long: '--critical STATUS',
|
54
|
+
description: 'CRITICAL if this status or worse',
|
55
|
+
in: STATUSES,
|
56
|
+
default: 'unknown'
|
57
|
+
|
58
|
+
option :api_url,
|
59
|
+
description: 'The URL of the API to run against',
|
60
|
+
long: '--api-url URL',
|
61
|
+
default: 'https://hstspreload.org/api/v2/status'
|
62
|
+
|
63
|
+
def fetch(uri, limit = 10)
|
64
|
+
if limit == 0
|
65
|
+
return nil
|
66
|
+
end
|
67
|
+
|
68
|
+
response = Net::HTTP.get_response(uri)
|
69
|
+
|
70
|
+
case response
|
71
|
+
when Net::HTTPSuccess then
|
72
|
+
response
|
73
|
+
when Net::HTTPRedirection then
|
74
|
+
location = URI(response['location'])
|
75
|
+
fetch(location, limit - 1)
|
76
|
+
end
|
77
|
+
end
|
78
|
+
|
79
|
+
def run
|
80
|
+
uri = URI(config[:api_url])
|
81
|
+
uri.query = URI.encode_www_form(domain: config[:domain])
|
82
|
+
response = fetch(uri)
|
83
|
+
if response.nil?
|
84
|
+
return warning 'Bad response recieved from API'
|
85
|
+
end
|
86
|
+
body = JSON.parse(response.body)
|
87
|
+
unless STATUSES.include? body['status']
|
88
|
+
warning 'Invalid status returned ' + body['status']
|
89
|
+
end
|
90
|
+
|
91
|
+
if STATUSES.index(body['status']) <= STATUSES.index(config[:critical])
|
92
|
+
critical body['status']
|
93
|
+
elsif STATUSES.index(body['status']) <= STATUSES.index(config[:warn])
|
94
|
+
warning body['status']
|
95
|
+
else
|
96
|
+
ok
|
97
|
+
end
|
98
|
+
end
|
99
|
+
end
|
100
|
+
|
101
|
+
# vim: set tabstop=2 shiftwidth=2 expandtab:
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: sensu-plugins-ssl
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.5.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sensu-Plugins and contributors
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-
|
11
|
+
date: 2017-09-26 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: sensu-plugin
|
@@ -175,6 +175,8 @@ executables:
|
|
175
175
|
- check-ssl-cert.rb
|
176
176
|
- check-ssl-crl.rb
|
177
177
|
- check-ssl-host.rb
|
178
|
+
- check-ssl-hsts-preloadable.rb
|
179
|
+
- check-ssl-hsts-status.rb
|
178
180
|
- check-ssl-qualys.rb
|
179
181
|
extensions: []
|
180
182
|
extra_rdoc_files: []
|
@@ -187,6 +189,8 @@ files:
|
|
187
189
|
- bin/check-ssl-cert.rb
|
188
190
|
- bin/check-ssl-crl.rb
|
189
191
|
- bin/check-ssl-host.rb
|
192
|
+
- bin/check-ssl-hsts-preloadable.rb
|
193
|
+
- bin/check-ssl-hsts-status.rb
|
190
194
|
- bin/check-ssl-qualys.rb
|
191
195
|
- lib/sensu-plugins-ssl.rb
|
192
196
|
- lib/sensu-plugins-ssl/version.rb
|
@@ -216,7 +220,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
216
220
|
version: '0'
|
217
221
|
requirements: []
|
218
222
|
rubyforge_project:
|
219
|
-
rubygems_version: 2.
|
223
|
+
rubygems_version: 2.6.13
|
220
224
|
signing_key:
|
221
225
|
specification_version: 4
|
222
226
|
summary: Sensu plugins for SSL
|