mirror of
git://slackware.nl/current.git
synced 2024-12-27 09:59:16 +01:00
75a4a592e5
Mon Apr 25 13:37:00 UTC 2011 Slackware 13.37 x86_64 stable is released! Thanks to everyone who pitched in on this release: the Slackware team, the folks producing upstream code, and linuxquestions.org for providing a great forum for collaboration and testing. The ISOs are off to be replicated, a 6 CD-ROM 32-bit set and a dual-sided 32-bit/64-bit x86/x86_64 DVD. Please consider supporting the Slackware project by picking up a copy from store.slackware.com. We're taking pre-orders now, and offer a discount if you sign up for a subscription. As always, thanks to the Slackware community for testing, suggestions, and feedback. :-) Have fun!
128 lines
3.9 KiB
Bash
128 lines
3.9 KiB
Bash
#!/bin/sh
|
|
#
|
|
# Will check all certificates stored in $CERTDIR for their expiration date,
|
|
# and will display (if optional "stdout" argument is given), or mail a warning
|
|
# message to $MAILADDR (if script is executed without any parameter
|
|
# - unattended mode suitable for cron execution) for each particular certificate
|
|
# that is about to expire in time less to, or equal to $DAYS after this script
|
|
# has been executed, or if it has already expired.
|
|
# This stupid script (C) 2006,2007 Jan Rafaj
|
|
|
|
########################## CONFIGURATION SECTION BEGIN #########################
|
|
# Note: all settings are mandatory
|
|
# Warning will be sent if a certificate expires in time <= days given here
|
|
DAYS=7
|
|
# E-mail address where to send warnings
|
|
MAILADDR=root
|
|
# Directory with certificates to check
|
|
CERTDIR=/etc/ssl/certs
|
|
# Directory where to keep state files if this script isnt executed with "stdout"
|
|
STATEDIR=/var/run
|
|
########################### CONFIGURATION SECTION END ##########################
|
|
|
|
PATH=/bin:/usr/bin:/sbin:/usr/sbin
|
|
DAY_IN_SECS=$((60*60*24))
|
|
DATE_CURRENT=$(date '+%s')
|
|
|
|
usage()
|
|
{
|
|
echo "Usage: $0 [stdout]"
|
|
echo
|
|
echo "Detailed description and configuration is embedded within the script."
|
|
exit 0
|
|
}
|
|
|
|
message()
|
|
{
|
|
cat << EOF
|
|
WARNING: certificate $certfile
|
|
is about to expire in time equal to or less than $DAYS days from now on,
|
|
or has already expired - it might be a good idea to obtain/create new one.
|
|
|
|
EOF
|
|
}
|
|
|
|
message_mail()
|
|
{
|
|
message
|
|
cat << EOF
|
|
NOTE: This message is being sent only once.
|
|
|
|
A lock-file
|
|
$STATEDIR/certwatch-mailwarning-sent-$certfilebase
|
|
has been created, which will prevent this script from mailing you again
|
|
upon its subsequent executions by crond. You dont need to care about it;
|
|
the file will be auto-deleted as soon as you'll prolong your certificate.
|
|
EOF
|
|
}
|
|
|
|
unset stdout
|
|
case $# in
|
|
0) ;;
|
|
1) if [ "$1" = "-h" -o "$1" == "--help" ]; then
|
|
usage
|
|
elif [ "$1" = "stdout" ]; then
|
|
stdout=1
|
|
else
|
|
usage
|
|
fi
|
|
;;
|
|
*) usage ;;
|
|
esac
|
|
|
|
for dir in $STATEDIR $CERTDIR ; do
|
|
if [ ! -d $dir ]; then
|
|
echo "ERROR: directory $dir does not exist"
|
|
exit 1
|
|
fi
|
|
done
|
|
for binary in basename date find grep mail openssl touch ; do
|
|
if [ ! \( -x /usr/bin/$binary -o -x /bin/$binary \) ]; then
|
|
echo "ERROR: /usr/bin/$binary not found"
|
|
exit 1
|
|
fi
|
|
done
|
|
|
|
find $CERTDIR -type f -maxdepth 1 | while read certfile ; do
|
|
certfilebase="$(basename "$certfile")"
|
|
inform=PEM
|
|
echo "$certfile" | grep -q -i '\.net$'
|
|
if [ $? -eq 0 ]; then
|
|
# This is based purely on filename extension, so may give false results.
|
|
# But lets assume noone uses NET format certs today, ok?
|
|
continue
|
|
fi
|
|
echo "$certfile" | grep -q -i '\.der$'
|
|
if [ $? -eq 0 -o "$(file "$certfile" | egrep '(ASCII|PEM)')" == "" ]; then
|
|
inform=DER
|
|
fi
|
|
# We wont use '-checkend' since it is not properly documented (as of
|
|
# OpenSSL 0.9.8e).
|
|
DATE_CERT_EXPIRES=$(openssl x509 -in "$certfile" -inform $inform -noout -enddate | sed 's/^notAfter=//')
|
|
DATE_CERT_EXPIRES=$(date -d"$DATE_CERT_EXPIRES" +%s)
|
|
if [ $(($DATE_CERT_EXPIRES - $DATE_CURRENT)) -le $(($DAYS * $DAY_IN_SECS)) ]
|
|
then
|
|
if [ $stdout ]; then
|
|
message
|
|
else
|
|
if [ ! -f $STATEDIR/certwatch-mailwarning-sent-"$certfilebase" ]; then
|
|
subject="$0: certificate $certfile expiration warning"
|
|
message_mail | mail -r "certwatch@$HOSTNAME" \
|
|
-s "$subject" \
|
|
$MAILADDR 2>/dev/null
|
|
# echo "Mail about expiring certificate $certfile sent to $MAILADDR."
|
|
# echo "If you need to send it again, please remove lock-file"
|
|
# echo "$STATEDIR/certwatch-mailwarning-sent-$certfilebase ."
|
|
# echo
|
|
fi
|
|
touch $STATEDIR/certwatch-mailwarning-sent-"$certfilebase"
|
|
fi
|
|
else
|
|
if [ ! $stdout ]; then
|
|
if [ -f $STATEDIR/certwatch-mailwarning-sent-"$certfilebase" ]; then
|
|
rm $STATEDIR/certwatch-mailwarning-sent-"$certfilebase"
|
|
fi
|
|
fi
|
|
fi
|
|
done
|
|
|