使用nagios监控ssl证书过期时间

1、编写监控脚本。

# vim check_ssl_expiry.sh

#!/bin/bash
STATE_OK=0
STATE_WARNING=1
STATE_CRITICAL=2

Host=$1

end_date=$(echo | openssl s_client -connect $Host:443 2>/dev/null -servername $Host | openssl x509 -noout -dates | sed -n 's/notAfter=//p' | sed -n 's/ GMT//p')

if [ -n "$end_date" ];then
    end_date_seconds=$(date +%s -d "$end_date")
    now_seconds=$(date +%s)
    valid_days=$[($end_date_seconds-$now_seconds)/24/3600]
fi

if [ $valid_days -lt 60 ];then
    echo "WARNING: SSL cert of $Host will be expired after $valid_days days."
    exit $STATE_WARNING
elif [ $valid_days -lt 30 ];then
    echo "CRITICAL: SSL cert of $Host will be expired after $valid_days days."
    exit $STATE_CRITICAL
else
    echo "OK: SSL cert of $Host will be expired after $valid_days days."
    exit $STATE_OK
fi

2、添加command配置。

# vim command.cfg
#check_ssl_expiry command definition
define command {
    command_name check_ssl_expiry
    command_line /usr/lib/nagios/plugins/check_ssl_expiry $ARG1$
}

3、定义监控项service。

# vim ssl.cfg
define service{
    use                             oupeng-svc
    contact_groups                  group-sa
    service_description             check_ssl_www.opgirl.cn
    check_command                   check_ssl_expiry!www.opgirl.cn
}

4、重载配置。

# /etc/init.d/nagios reload

posted @ 2018-05-09 00:22  KeithTt  阅读(945)  评论(0编辑  收藏  举报