mirror of git://bitreich.org/reed-alert
Add ssl-expiration probe to check if a ssl certificate is about to
expire under a specified time. Contribution from Denis Fondras
This commit is contained in:
parent
72d28cf74b
commit
c1bb305f9d
25
README
25
README
|
@ -294,6 +294,7 @@ This may be the most useful probe because it let the user do any check needed.
|
|||
|
||||
Example : `(=> alert command :command "tail -n 10 /var/log/messages | grep -v CRITICAL")`
|
||||
|
||||
|
||||
service
|
||||
-------
|
||||
Check if a service is started on the system.
|
||||
|
@ -303,6 +304,7 @@ Check if a service is started on the system.
|
|||
|
||||
Example : `(=> alert service :name "mysql-server")`
|
||||
|
||||
|
||||
file-less-than
|
||||
--------------
|
||||
Check if a file has a size less than a specified limit.
|
||||
|
@ -315,9 +317,11 @@ Check if a file has a size less than a specified limit.
|
|||
|
||||
Example : `(=> alert file-less-than :path "/var/log/nginx.log" :limit 60)`
|
||||
|
||||
|
||||
curl-http-status
|
||||
----------------
|
||||
Do a HTTP request and return an error if the return code isn't 200. Requires curl.
|
||||
Do a HTTP request and return an error if the return code isn't
|
||||
200. Requires curl.
|
||||
|
||||
> Set the url to request.
|
||||
:url "STRING"
|
||||
|
@ -325,6 +329,25 @@ Do a HTTP request and return an error if the return code isn't 200. Requires cur
|
|||
> Set the time to wait before aborting.
|
||||
:timeout INTEGER
|
||||
|
||||
|
||||
ssl-expiration
|
||||
--------------------
|
||||
Check if a remote SSL certificate expires in less than a specified
|
||||
time. Requires openssl.
|
||||
|
||||
> Set the hostname for the request.
|
||||
:host "STRING"
|
||||
|
||||
> Set the expiration time limit in seconds.
|
||||
:seconds INTEGER
|
||||
|
||||
> Set the port for the request (OPTIONAL).
|
||||
:port INTEGER (default to 443)
|
||||
|
||||
Example : `(=> alert ssl-expiration :host "domain.local" :seconds (* 7 24 60 60))
|
||||
Example : `(=> alert ssl-expiration :host "domain.local" :seconds 86400 :port 6697)
|
||||
|
||||
|
||||
The configuration file
|
||||
======================
|
||||
|
||||
|
|
|
@ -55,6 +55,11 @@
|
|||
;; check if web page :url answer under :limit
|
||||
(=> empty command :command "curl -m 10 http://google.fr/")
|
||||
|
||||
;; check if a certificate is still valid within a time range
|
||||
(=> mail ssl-expiration :host "google.fr" :seconds 1296000)
|
||||
(=> mail ssl-expiration :host "freenode.net" :seconds (* 7 24 60 60))
|
||||
(=> mail ssl-expiration :host "freenode.net" :seconds 1296000 :port 6697)
|
||||
|
||||
;; we declare a new probe here
|
||||
(create-probe
|
||||
check-http-pattern
|
||||
|
|
12
probes.lisp
12
probes.lisp
|
@ -120,3 +120,15 @@
|
|||
(list "curl" "-f"
|
||||
(format nil "-m~a" (getf params :timeout 5))
|
||||
(getf params :url))))
|
||||
|
||||
(create-probe
|
||||
ssl-expiration
|
||||
(command-return-code
|
||||
(concatenate 'string
|
||||
"echo | openssl s_client -showcerts -servername "
|
||||
(getf params :host) " -connect "
|
||||
(getf params :host) ":" (princ-to-string
|
||||
(getf params :port 443))
|
||||
" 2>/dev/null | openssl x509 -inform pem -noout -checkend "
|
||||
(princ-to-string
|
||||
(getf params :seconds)))))
|
||||
|
|
Loading…
Reference in New Issue