sensu-plugins-ssl 1.5.0 → 2.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/CHANGELOG.md +16 -1
- data/README.md +8 -0
- data/bin/check-ssl-qualys.rb +71 -21
- data/lib/sensu-plugins-ssl/version.rb +2 -2
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: a3a3897180c22577185edd1adc5a1dbf56c40f6bebd440ca0a115d25977ba4ce
|
4
|
+
data.tar.gz: 61647f568fffad2d7a6e9017ef80605ad2cef91f63067e926fef5ed911c3b57c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 865092f6bc7e45b28a6e70ad6fe2f97cc4872a5c4e49bcb1ac5de50808529ab83a98cd10a3c94178d8e26fdb0d5ea05bc38fb212e39d64fc7a1942ebeaff348f
|
7
|
+
data.tar.gz: a5367f0f04bb14f7ac3c2e5fa4aea72001ef80d763f688aa8a501774bf360892881a64cbc88d34ee6bf393afc3911d0741cf0bdcaee18895c54bae5a42df0989
|
data/CHANGELOG.md
CHANGED
@@ -5,6 +5,20 @@ This CHANGELOG follows the format listed [here](https://github.com/sensu-plugins
|
|
5
5
|
|
6
6
|
## [Unreleased]
|
7
7
|
|
8
|
+
## [2.0.0] - 2018-03-27
|
9
|
+
### Breaking Changes
|
10
|
+
- `check-ssl-qualys.rb`: when you submit a request with caching enabled it will return back a response including an eta key. Rather than sleeping for some arbitrary number of time we now use this key when its greater than `--between-checks` to wait before attempting the next attempt to query. If it is lower or not present we fall back to `--between-checks` (@majormoses)
|
11
|
+
- `check-ssl-qualys.rb`: new `--timeout` parameter to short circuit slow apis (@majormoses)
|
12
|
+
|
13
|
+
### Changed
|
14
|
+
- `check-ssl-qualys.rb`: updated `--api-url` to default to `v3` but remains backwards compatible (@jhoblitt) (@majormoses)
|
15
|
+
|
16
|
+
### Added
|
17
|
+
`check-ssl-qualys.rb`: option `--debug` to enable debug logging (@majormoses)
|
18
|
+
|
19
|
+
### Fixed
|
20
|
+
- `check-ssl-hsts-preloadable.rb`: Fixed testing warnings for if a domain can be HSTS preloaded (@rwky)
|
21
|
+
|
8
22
|
## [1.5.0] - 2017-09-26
|
9
23
|
### Added
|
10
24
|
- Ruby 2.4.1 testing
|
@@ -91,7 +105,8 @@ This CHANGELOG follows the format listed [here](https://github.com/sensu-plugins
|
|
91
105
|
### Added
|
92
106
|
- initial release
|
93
107
|
|
94
|
-
[Unreleased]: https://github.com/sensu-plugins/sensu-plugins-ssl/compare/
|
108
|
+
[Unreleased]: https://github.com/sensu-plugins/sensu-plugins-ssl/compare/2.0.0...HEAD
|
109
|
+
[2.0.0]: https://github.com/sensu-plugins/sensu-plugins-ssl/compare/1.5.0...2.0.0
|
95
110
|
[1.5.0]: https://github.com/sensu-plugins/sensu-plugins-ssl/compare/1.4.0...1.5.0
|
96
111
|
[1.4.0]: https://github.com/sensu-plugins/sensu-plugins-ssl/compare/1.3.1...1.4.0
|
97
112
|
[1.3.1]: https://github.com/sensu-plugins/sensu-plugins-ssl/compare/1.3.0...1.3.1
|
data/README.md
CHANGED
@@ -46,6 +46,14 @@ or an online CRL:
|
|
46
46
|
|
47
47
|
Critical and Warning thresholds are specified in minutes.
|
48
48
|
|
49
|
+
### `bin/check-ssl-qualys.rb`
|
50
|
+
|
51
|
+
Checks the ssllabs qualysis api for grade of your server, this check can be quite long so it should not be scheduled with a low interval and will probably need to adjust the check `timeout` options per the [check attributes spec](https://docs.sensu.io/sensu-core/1.2/reference/checks/#check-attributes) based on my tests you should expect this to take around 3 minutes.
|
52
|
+
```
|
53
|
+
./bin/check-ssl-qualys.rb -d google.com
|
54
|
+
```
|
55
|
+
|
56
|
+
|
49
57
|
## Installation
|
50
58
|
|
51
59
|
[Installation and Setup](http://sensu-plugins.io/docs/installation_instructions.html)
|
data/bin/check-ssl-qualys.rb
CHANGED
@@ -1,5 +1,6 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
2
|
# encoding: UTF-8
|
3
|
+
|
3
4
|
# check-ssl-qualys.rb
|
4
5
|
#
|
5
6
|
# DESCRIPTION:
|
@@ -41,6 +42,7 @@
|
|
41
42
|
require 'sensu-plugin/check/cli'
|
42
43
|
require 'json'
|
43
44
|
require 'net/http'
|
45
|
+
require 'timeout'
|
44
46
|
|
45
47
|
# Checks a single DNS entry has a rating above a certain level
|
46
48
|
class CheckSSLQualys < Sensu::Plugin::Check::CLI
|
@@ -56,7 +58,7 @@ class CheckSSLQualys < Sensu::Plugin::Check::CLI
|
|
56
58
|
option :api_url,
|
57
59
|
description: 'The URL of the API to run against',
|
58
60
|
long: '--api-url URL',
|
59
|
-
default: 'https://api.ssllabs.com/api/
|
61
|
+
default: 'https://api.ssllabs.com/api/v3/'
|
60
62
|
|
61
63
|
option :warn,
|
62
64
|
short: '-w GRADE',
|
@@ -72,6 +74,12 @@ class CheckSSLQualys < Sensu::Plugin::Check::CLI
|
|
72
74
|
proc: proc { |g| GRADE_OPTIONS.index(g) },
|
73
75
|
default: 3 # 'B'
|
74
76
|
|
77
|
+
option :debug,
|
78
|
+
long: '--debug BOOL',
|
79
|
+
description: 'toggles extra debug printing',
|
80
|
+
boolean: true,
|
81
|
+
default: false
|
82
|
+
|
75
83
|
option :num_checks,
|
76
84
|
short: '-n NUM_CHECKS',
|
77
85
|
long: '--number-checks NUM_CHECKS',
|
@@ -82,17 +90,31 @@ class CheckSSLQualys < Sensu::Plugin::Check::CLI
|
|
82
90
|
option :between_checks,
|
83
91
|
short: '-t SECONDS',
|
84
92
|
long: '--time-between SECONDS',
|
85
|
-
description: 'The time between each poll of the API',
|
93
|
+
description: 'The fallback time between each poll of the API, when an ETA is given by the previous response and is higher than this value it is used',
|
86
94
|
proc: proc { |t| t.to_i },
|
87
95
|
default: 10
|
88
96
|
|
97
|
+
option :timeout,
|
98
|
+
short: '-t SECONDS',
|
99
|
+
descriptions: 'the ammount of seconds that this is allowed to run for',
|
100
|
+
proc: proc(&:to_i),
|
101
|
+
default: 300
|
102
|
+
|
89
103
|
def ssl_api_request(from_cache)
|
90
104
|
params = { host: config[:domain] }
|
91
|
-
params[:startNew] =
|
105
|
+
params[:startNew] = if from_cache == true
|
106
|
+
'off'
|
107
|
+
else
|
108
|
+
'on'
|
109
|
+
end
|
92
110
|
|
93
111
|
uri = URI("#{config[:api_url]}analyze")
|
94
112
|
uri.query = URI.encode_www_form(params)
|
95
|
-
|
113
|
+
begin
|
114
|
+
response = Net::HTTP.get_response(uri)
|
115
|
+
rescue StandardError => e
|
116
|
+
warning e
|
117
|
+
end
|
96
118
|
|
97
119
|
warning 'Bad response recieved from API' unless response.is_a?(Net::HTTPSuccess)
|
98
120
|
|
@@ -107,11 +129,37 @@ class CheckSSLQualys < Sensu::Plugin::Check::CLI
|
|
107
129
|
|
108
130
|
def ssl_recheck
|
109
131
|
1.upto(config[:num_checks]) do |step|
|
110
|
-
|
132
|
+
p "step: #{step}" if config[:debug]
|
133
|
+
start_time = Time.now
|
134
|
+
p "start_time: #{start_time}" if config[:debug]
|
135
|
+
json = if step == 1
|
136
|
+
ssl_check(false)
|
137
|
+
else
|
138
|
+
ssl_check(true)
|
139
|
+
end
|
111
140
|
return json if json['status'] == 'READY'
|
112
|
-
|
141
|
+
if json['endpoints'] && json['endpoints'].is_a?(Array)
|
142
|
+
p "endpoints: #{json['endpoints']}" if config[:debug]
|
143
|
+
# The api response sometimes has low eta (which seems unrealistic) from
|
144
|
+
# my tests that can be 0 or low numbers which would imply it is done...
|
145
|
+
# Basically we check if present and if its higher than the specified
|
146
|
+
# time to wait between checks. If so we use the eta from the api get
|
147
|
+
# response otherwise we use the time between check values. We have an
|
148
|
+
# overall timeout that protects us from the api telling us to wait for
|
149
|
+
# insanely long time periods. The highest I have seen the eta go was
|
150
|
+
# around 250 seconds but put it in just in case as the api has very
|
151
|
+
# erratic response times.
|
152
|
+
if json['endpoints'].first.is_a?(Hash) && json['endpoints'].first.key?('eta') && json['endpoints'].first['eta'] > config[:between_checks]
|
153
|
+
p "eta: #{json['endpoints'].first['eta']}" if config[:debug]
|
154
|
+
sleep(json['endpoints'].first['eta'])
|
155
|
+
else
|
156
|
+
p "sleeping with default: #{config[:between_checks]}" if config[:debug]
|
157
|
+
sleep(config[:between_checks])
|
158
|
+
end
|
159
|
+
end
|
160
|
+
p "elapsed: #{Time.now - start_time}" if config[:debug]
|
161
|
+
warning 'Timeout waiting for check to finish' if step == config[:num_checks]
|
113
162
|
end
|
114
|
-
warning 'Timeout waiting for check to finish'
|
115
163
|
end
|
116
164
|
|
117
165
|
def ssl_grades
|
@@ -121,23 +169,25 @@ class CheckSSLQualys < Sensu::Plugin::Check::CLI
|
|
121
169
|
end
|
122
170
|
|
123
171
|
def lowest_grade
|
124
|
-
ssl_grades.sort_by! { |g| GRADE_OPTIONS.index(g) }
|
172
|
+
ssl_grades.sort_by! { |g| GRADE_OPTIONS.index(g) }.reverse![0]
|
125
173
|
end
|
126
174
|
|
127
175
|
def run
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
|
135
|
-
|
136
|
-
critical
|
137
|
-
|
138
|
-
|
139
|
-
|
140
|
-
|
176
|
+
Timeout.timeout(config[:timeout]) do
|
177
|
+
grade = lowest_grade
|
178
|
+
unless grade
|
179
|
+
message "#{config[:domain]} not rated"
|
180
|
+
critical
|
181
|
+
end
|
182
|
+
message "#{config[:domain]} rated #{grade}"
|
183
|
+
grade_rank = GRADE_OPTIONS.index(grade)
|
184
|
+
if grade_rank > config[:critical]
|
185
|
+
critical
|
186
|
+
elsif grade_rank > config[:warn]
|
187
|
+
warning
|
188
|
+
else
|
189
|
+
ok
|
190
|
+
end
|
141
191
|
end
|
142
192
|
end
|
143
193
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: sensu-plugins-ssl
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 2.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sensu-Plugins and contributors
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2018-03-27 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: sensu-plugin
|
@@ -220,7 +220,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
220
220
|
version: '0'
|
221
221
|
requirements: []
|
222
222
|
rubyforge_project:
|
223
|
-
rubygems_version: 2.6
|
223
|
+
rubygems_version: 2.7.6
|
224
224
|
signing_key:
|
225
225
|
specification_version: 4
|
226
226
|
summary: Sensu plugins for SSL
|