Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

SSL Check Warning on 403

https://support.nagios.com/forum/viewtopic.php?t=50860

Page 1 of 1

SSL Check Warning on 403

Posted: Fri Oct 26, 2018 11:04 am
by rkane
Hi all, I've got some SSL checks running on various URLs. A few of them are able to check the SSL expiry and report back but still throw a warning due to a 403 error. How do I set my SSL check to ignore this and only warn on the expiration date?

Re: SSL Check Warning on 403

Posted: Fri Oct 26, 2018 11:19 am
by npolovenko
Hi, @rkane . Try the following command:
[root@centos7x64 httpd]# /usr/local/nagios/libexec/check_http -H http://www.utsystem.edu -C 30 -p 443 --sni
SSL OK - Certificate 'utsystem.edu' will expire on 2020-04-24 18:59 -0500/CDT.

Re: SSL Check Warning on 403

Posted: Fri Oct 26, 2018 11:36 am
by rkane
Appreciate it, still has the same issue. My interpretation attached, what did I do wrong?
npolovenko wrote:Hi, @rkane . Try the following command:
[root@centos7x64 httpd]# /usr/local/nagios/libexec/check_http -H http://www.utsystem.edu -C 30 -p 443 --sni
SSL OK - Certificate 'utsystem.edu' will expire on 2020-04-24 18:59 -0500/CDT.

Re: SSL Check Warning on 403

Posted: Fri Oct 26, 2018 12:30 pm
by npolovenko
@rkane, What version of check_http are you running?
/usr/local/nagios/libexec/check_http -V
Please run this from the command line and show me the output:
/usr/local/nagios/libexec/check_http -H www.google.com -C 30,5 -p 443 --sni

Re: SSL Check Warning on 403

Posted: Fri Oct 26, 2018 1:38 pm
by rkane
# /usr/local/nagios/libexec/check_http -V
check_http v2.2.1.git (nagios-plugins 2.2.1)

# /usr/local/nagios/libexec/check_http -H http://www.google.com -C 30,5 -p 443 --sni
SSL OK - Certificate 'www.google.com' will expire on 2019-01-01 07:09 -0600/CST. HTTP OK: HTTP/1.1 200 OK - 12967 bytes in 0.085 second response time |time=0.085133s;;;0.000000 size=12967B;;;0

npolovenko wrote:@rkane, What version of check_http are you running?
/usr/local/nagios/libexec/check_http -V
Please run this from the command line and show me the output:
/usr/local/nagios/libexec/check_http -H http://www.google.com -C 30,5 -p 443 --sni

Re: SSL Check Warning on 403

Posted: Fri Oct 26, 2018 2:56 pm
by npolovenko
@rkane, I suggest compiling an older version of the check_http plugin, and using it instead.

Code: Select all

wget https://assets.nagios.com/downloads/nagiosxi/5/xi-5.4.13.tar.gz
tar xzf xi-5.4.13.tar.gz
cd /tmp/nagiosxi/subcomponents/nagiosplugins
tar xzf nagios-plugins-2.2.1.tar.gz
cd nagios-plugins-2.2.1/
./configure
make
cd plugins
cp check_http /usr/local/nagios/libexec/check_http_new

Code: Select all

/usr/local/nagios/libexec/check_http_new -H http://www.google.com -C 30,5 -p 443 --sni

Re: SSL Check Warning on 403

Posted: Mon Oct 29, 2018 7:23 am
by rkane
Good morning, hope you had a good weekend. Unfortunately those instructions failed, see below.

Code: Select all

[root@nagios ~]# wget https://assets.nagios.com/downloads/nagiosxi/5/xi-5.4.13.tar.gz
--2018-10-29 07:19:07--  https://assets.nagios.com/downloads/nagiosxi/5/xi-5.4.13.tar.gz
Resolving assets.nagios.com (assets.nagios.com)... 72.14.181.71, 2600:3c00::f03c:91ff:fedf:b821
Connecting to assets.nagios.com (assets.nagios.com)|72.14.181.71|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 55354889 (53M) [application/x-gzip]
Saving to: ‘xi-5.4.13.tar.gz’

100%[=======================================================================================>] 55,354,889  70.1MB/s   in 0.8s

2018-10-29 07:19:08 (70.1 MB/s) - ‘xi-5.4.13.tar.gz’ saved [55354889/55354889]

[root@nagios ~]# tar xzf xi-5.4.13.tar.gz
[root@nagios ~]# cd /tmp/nagiosxi/subcomponents/nagiosplugins
-bash: cd: /tmp/nagiosxi/subcomponents/nagiosplugins: No such file or directory
[root@nagios ~]# ls
anaconda-ks.cfg  certrequest.csr  Documents  initial-setup-ks.cfg  Music     Pictures  scripts    Videos
certfile.crt     Desktop          Downloads  keyfile.key           nagiosxi  Public    Templates  xi-5.4.13.tar.gz
[root@nagios ~]# cd tmp
-bash: cd: tmp: No such file or directory
[root@nagios ~]# cd ..
[root@nagios /]# ls
1  bin  boot  dev  etc  home  lib  lib64  media  mnt  opt  proc  root  run  sbin  srv  store  sys  tmp  usr  var
[root@nagios /]# cd /tmp/nagiosxi/subcomponents/nagiosplugins
-bash: cd: /tmp/nagiosxi/subcomponents/nagiosplugins: No such file or directory
[root@nagios /]# cd tmp
[root@nagios tmp]# ls
hsperfdata_root
lua_8gPxg8
MB-2OWJmxri
nagiosxi
sess_4noupovfg9judik2up29ijjks4
systemd-private-73fb50ee3c2f42a782026347301718ed-chronyd.service-ooh1cu
systemd-private-73fb50ee3c2f42a782026347301718ed-colord.service-ZU9pwz
systemd-private-73fb50ee3c2f42a782026347301718ed-cups.service-T3322Q
systemd-private-73fb50ee3c2f42a782026347301718ed-httpd.service-1542FZ
systemd-private-73fb50ee3c2f42a782026347301718ed-mariadb.service-ZaRPDu
systemd-private-73fb50ee3c2f42a782026347301718ed-ndo2db.service-JcUJHg
systemd-private-73fb50ee3c2f42a782026347301718ed-rtkit-daemon.service-8m4Mp7
vmware-root
vmware-vsphere-cli-distrib
[root@nagios tmp]# cd nagiosxi
[root@nagios nagiosxi]# ls
subcomponents
[root@nagios nagiosxi]# cd subcomponents
You have new mail in /var/spool/mail/root
[root@nagios subcomponents]# ls
extraplugins
[root@nagios subcomponents]# cd extraplugins
[root@nagios extraplugins]# ls
Nagios-Monitoring-Plugin-0.51
[root@nagios extraplugins]# tar xzf nagios-plugins-2.2.1.tar.gz
tar (child): nagios-plugins-2.2.1.tar.gz: Cannot open: No such file or directory
tar (child): Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error is not recoverable: exiting now
[root@nagios extraplugins]#

Re: SSL Check Warning on 403

Posted: Mon Oct 29, 2018 10:17 am
by npolovenko
Good morning, @rkane. Sorry, I should've mentioned that you needed to download the xi tar.gz archive to the /tmp/ folder. That's why this command did not work --> cd /tmp/nagiosxi/subcomponents/nagiosplugins, because you downloaded the archive to the root folder and the command was looking for it in the /tmp/ folder.

Actually, please follow these instructions instead. This is an older version of the plugins but I tested the check_http and it works as it should.

Code: Select all

Put the nagios-plugins-2.0.3.tar.gz in the /tmp/ folder
cd /tmp/
tar xzf nagios-plugins-2.0.3.tar.gz
 cd nagios-plugins-2.0.3
./configure
make
 cd plugins
 cp check_http /usr/local/nagios/libexec/check_http_new
 /usr/local/nagios/libexec/check_http_new -H www.google.com -C 30,5 -p 443 --sni

Re: SSL Check Warning on 403

Posted: Tue Oct 30, 2018 8:52 am
by rkane
That worked, thank you!
I modified the check_xi_service_http_cert command to use check_http_new....assuming that is the right way to finish it off?

Re: SSL Check Warning on 403

Posted: Tue Oct 30, 2018 10:30 am
by npolovenko
@rkane, Yes, exactly. Closing this thread as resolved.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited