Hi All,
I am using a plugin to monitor SSL Client Certificates. As these certificates are client certificates, we are saving a copy of the cert file on a directory on the server and then checking the expiry date using the plugin.
This plugin gives the output as OK, WARNING or CRITICAL but the state of the Alert is always OK.
This is causing major issues as we are not notified when the SSL expires.
I have tried modifying the script hoping that this was an issue with the return code, but the return code is correct.
I am not sure what can be done to fix this.
Any suggestions to help would be appreciated.
Thank you,
Rebecca Murray
SSL Cert Plugin
Re: SSL Cert Plugin
Do you have a link to the script or can you attach it here? What is the full command you're running it with?
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
-
RebeccaIlene
- Posts: 164
- Joined: Tue Apr 02, 2019 8:38 pm
Re: SSL Cert Plugin
Thank you for the reply. Below is the plugin code.
#! /usr/bin/env python
import time
import subprocess
import re
import argparse
def getTimeString(cpath):
notAfter = subprocess.Popen(["openssl", "x509", "-enddate", "-noout", "-in", cpath], stdout=subprocess.PIPE)
notAfter = notAfter.stdout.read()
end = re.search("notAfter=", notAfter).end()
return notAfter[end:].rstrip()
def parseMe(timeString):
struct_time = time.strptime(timeString, "%b %d %H:%M:%S %Y %Z")
return struct_time
def getTimeDelta(stime):
# return time delta in days
now = time.localtime();
return (time.mktime(stime) - time.mktime(now)) / (60 * 60 * 24)
def parse_argument(args):
cthreshold = args.critical
wthreshold = args.warning
path = args.path
tstring = getTimeString(path)
tstruct = parseMe(tstring)
ndays = getTimeDelta(tstruct)
if ndays <= int(cthreshold):
status=2
msg = 'CRITICAL'
elif ndays <= int(wthreshold) and ndays > int(cthreshold):
status=1
msg = 'WARNING'
elif ndays > int(wthreshold):
status=0
msg = 'OK'
else:
status=3
msg = 'UNKNOWN'
print msg
return status
def main():
parser = argparse.ArgumentParser(description='check_ssl_certificate')
parser.add_argument('-c', action="store", dest="critical", help='Set Critical Threshold')
parser.add_argument('-w', action="store", dest="warning", help='Set Warning Threshold')
parser.add_argument('-p', action="store", dest="path", help='Set Cert Path')
args = parser.parse_args()
parse_argument(args)
if __name__ == '__main__':
main()
#! /usr/bin/env python
import time
import subprocess
import re
import argparse
def getTimeString(cpath):
notAfter = subprocess.Popen(["openssl", "x509", "-enddate", "-noout", "-in", cpath], stdout=subprocess.PIPE)
notAfter = notAfter.stdout.read()
end = re.search("notAfter=", notAfter).end()
return notAfter[end:].rstrip()
def parseMe(timeString):
struct_time = time.strptime(timeString, "%b %d %H:%M:%S %Y %Z")
return struct_time
def getTimeDelta(stime):
# return time delta in days
now = time.localtime();
return (time.mktime(stime) - time.mktime(now)) / (60 * 60 * 24)
def parse_argument(args):
cthreshold = args.critical
wthreshold = args.warning
path = args.path
tstring = getTimeString(path)
tstruct = parseMe(tstring)
ndays = getTimeDelta(tstruct)
if ndays <= int(cthreshold):
status=2
msg = 'CRITICAL'
elif ndays <= int(wthreshold) and ndays > int(cthreshold):
status=1
msg = 'WARNING'
elif ndays > int(wthreshold):
status=0
msg = 'OK'
else:
status=3
msg = 'UNKNOWN'
print msg
return status
def main():
parser = argparse.ArgumentParser(description='check_ssl_certificate')
parser.add_argument('-c', action="store", dest="critical", help='Set Critical Threshold')
parser.add_argument('-w', action="store", dest="warning", help='Set Warning Threshold')
parser.add_argument('-p', action="store", dest="path", help='Set Cert Path')
args = parser.parse_args()
parse_argument(args)
if __name__ == '__main__':
main()
Re: SSL Cert Plugin
It's a little hard to read the posted code without any leading whitespace in there.
I have attached a possible fix. (I cant test the code myself)
In the top of the file after the line "import argparse" add another line "import sys". (Attached Capture1.PNG screenshot)
Find the line "return status" and replace it with "sys.exit(status)". (Attached Capture2.PNG screenshot)
Take note of the whitespace before the old return statement.
I have attached a possible fix. (I cant test the code myself)
In the top of the file after the line "import argparse" add another line "import sys". (Attached Capture1.PNG screenshot)
Find the line "return status" and replace it with "sys.exit(status)". (Attached Capture2.PNG screenshot)
Take note of the whitespace before the old return statement.
You do not have the required permissions to view the files attached to this post.
Re: SSL Cert Plugin
Can you attach the script instead of copying and pasting? Change the extension to .txt if necessary. The formatting is off with the copy and paste and throwing errors when I try to test it.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
-
RebeccaIlene
- Posts: 164
- Joined: Tue Apr 02, 2019 8:38 pm
Re: SSL Cert Plugin
Sure. Thank you for your help.
Please find attached code in a .txt file.
Please find attached code in a .txt file.
You do not have the required permissions to view the files attached to this post.
Re: SSL Cert Plugin
It looks @Tanel's response and mine overlapped and I didn't see theirs. The modified script that they provided appears to be good and worked on my lab machine. Make the changes or use they script they provided and let us know if there are any further issues.
Thanks @Tanel!
Thanks @Tanel!
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
-
RebeccaIlene
- Posts: 164
- Joined: Tue Apr 02, 2019 8:38 pm
Re: SSL Cert Plugin
Hi All,
Thanks for looking into this and helping fix it.
This thread can now be closed.
Regards,
Rebecca Murray
Thanks for looking into this and helping fix it.
This thread can now be closed.
Regards,
Rebecca Murray