Support for Nagios products and services
https://support.nagios.com/forum/
Code: Select all
rpm -qa | grep openssl
cat /etc/*elease
uname -aCode: Select all
Add the attached file to your nagios server in /tmp
chmod +x /tmp/check_ciphers.sh
/tmp/check_ciphers.sh -s [hostname or ip of web server] -d 1 -l /tmp/cipher-log -p 443I'm trying the ciphers script it showing error please find the error message for your reference below[root@NAGIOSXILB libexec]# rpm -qa | grep openssl
openssl-1.0.1e-15.el6.x86_64
openssl-devel-1.0.1e-15.el6.x86_64
openssl098e-0.9.8e-17.el6.centos.2.x86_64
[root@NAGIOSXILB libexec]# cat /etc/*elease
CentOS release 6.5 (Final)
LSB_VERSION=base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-noarch
CentOS release 6.5 (Final)
CentOS release 6.5 (Final)
[root@NAGIOSXILB libexec]# uname -a
Linux NAGIOSXILB 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
[root@NAGIOSXILB libexec]#
[root@NAGIOSXILB /]# /tmp/check_ciphers.sh -s 23.58.34.254 -d l -l /tmp/cipher-log1 -p 443
: No such file or directory
[root@NAGIOSXILB /]#
[root@NAGIOSXILB /]#
[root@NAGIOSXILB /]# ls -lrt /tmp/check_ciphers.sh
-rwxr-xr-x 1 root root 2225 Nov 17 10:28 /tmp/check_ciphers.sh
[root@NAGIOSXILB /]#
[root@NAGIOSXILB /]#
Code: Select all
cd /tmp
./check_ciphers.sh -s 23.58.34.254 -d 1 -l /tmp/cipher-log1 -p 443[root@NAGIOSXILB tmp]# ./check_ciphers.sh -s 23.58.34.254 -d 1 -l /tmp/cipher-log1 -p 443
: No such file or directory
Code: Select all
cat /tmp/check_ciphers.shCode: Select all
vi /tmp/check_ciphers.shCode: Select all
:set ff?Code: Select all
#!/usr/bin/env bash
## enable file and stdout logging.
logit() {
if [[ -z $LOG ]]; then
printf "%s\n" "$1"
else
printf "%s\n" "$1" | tee -a "$LOG"
fi
}
## Main function to test all supported local ciphers against remote systems and
verify mutual ciphers.
check_ssl_ciphers() {
ciphers=$(openssl ciphers 'ALL:eNULL' | sed -e 's/:/ /g')
logit "Obtaining cipher list from $(openssl version)."
for cipher in ${ciphers[@]}; do
result="Testing $cipher..."
check_res+=$(echo -n | openssl s_client -cipher "$cipher" -conne
ct $SERVER:$PORT 2>&1)
if [[ $VERBOSE -eq 1 ]]; then
echo "$check_res"
fi
if [[ "$check_res" =~ "Cipher is ${cipher}" || "$check_res" =~ "
Cipher :" ]] ; then
result+="YES"
else
if [[ "$result" =~ ":error:" ]] ; then
error=$(echo -n $result | cut -d':' -f6)
result+="NO ($error)"
else
result+="UNKNOWN RESPONSE"
fi
fi
logit "$result"
sleep $DELAY
done
}
## usage ...
usage() {
cat <<EOF
Usage: $0 [options]
This script is intended to check a your local openssl version, against a remote
servers supported ciphers.
NMAP may be used as a one-line alternative as well with: nmap --script ssl-enum-
ciphers -p 443 www.example.com
Note: Despite the name, this is not an appropriate nagios plugin! It should only
be used for manual validation of ciphers.
-s - Server name or IP.
-p - Remote server port.
-d - Delay between requests.
-l - Log file for output.
-v - Verbose output.
-h - This output.
EOF
}
## Handle cli arguments
while getopts "hvd:l:s:p:" opt
do
case $opt in
h)
usage
exit 0
;;
d)
DELAY=$OPTARG
;;
l)
LOG="$OPTARG"
;;
s)
SERVER="$OPTARG"
;;
p)
PORT=$OPTARG
;;
v)
VERBOSE=1
;;
?)
usage
exit 1
;;
esac
done
## Validate necessary args
if [[ -z $SERVER ]]; then
echo ERROR: Server address is required.
usage
exit 1
fi
if [[ -z $PORT ]]; then
echo WARNING: Using default port of 443.
PORT=443
fi
if [[ -z $DELAY ]]; then
echo WARNING: Using default delay of 1.
DELAY=1
fi
if [[ -z $VERBOSE ]]; then
VERBOSE=0
fi
## execute main()
check_ssl_ciphers