使用nagios监控ssl证书过期时间
1、编写监控脚本。
# vim check_ssl_expiry.sh
#!/bin/bash
STATE_OK=0
STATE_WARNING=1
STATE_CRITICAL=2
Host=$1
end_date=$(echo | openssl s_client -connect $Host:443 2>/dev/null -servername $Host | openssl x509 -noout -dates | sed -n 's/notAfter=//p' | sed -n 's/ GMT//p')
if [ -n "$end_date" ];then
end_date_seconds=$(date +%s -d "$end_date")
now_seconds=$(date +%s)
valid_days=$[($end_date_seconds-$now_seconds)/24/3600]
fi
if [ $valid_days -lt 60 ];then
echo "WARNING: SSL cert of $Host will be expired after $valid_days days."
exit $STATE_WARNING
elif [ $valid_days -lt 30 ];then
echo "CRITICAL: SSL cert of $Host will be expired after $valid_days days."
exit $STATE_CRITICAL
else
echo "OK: SSL cert of $Host will be expired after $valid_days days."
exit $STATE_OK
fi
2、添加command配置。
# vim command.cfg
#check_ssl_expiry command definition
define command {
command_name check_ssl_expiry
command_line /usr/lib/nagios/plugins/check_ssl_expiry $ARG1$
}
3、定义监控项service。
# vim ssl.cfg
define service{
use oupeng-svc
contact_groups group-sa
service_description check_ssl_www.opgirl.cn
check_command check_ssl_expiry!www.opgirl.cn
}
4、重载配置。
# /etc/init.d/nagios reload