diff options
Diffstat (limited to 'web/attachments/432992-nagios-plugins-1.4.15-certexpire_warncrit.patch')
-rw-r--r-- | web/attachments/432992-nagios-plugins-1.4.15-certexpire_warncrit.patch | 293 |
1 files changed, 293 insertions, 0 deletions
diff --git a/web/attachments/432992-nagios-plugins-1.4.15-certexpire_warncrit.patch b/web/attachments/432992-nagios-plugins-1.4.15-certexpire_warncrit.patch new file mode 100644 index 0000000..a3935e8 --- /dev/null +++ b/web/attachments/432992-nagios-plugins-1.4.15-certexpire_warncrit.patch | |||
@@ -0,0 +1,293 @@ | |||
1 | diff -ru nagios-plugins-1.4.15/plugins/check_http.c nagios-plugins-1.4.15-modified/plugins/check_http.c | ||
2 | --- nagios-plugins-1.4.15/plugins/check_http.c 2010-07-27 20:47:16.000000000 +0000 | ||
3 | +++ nagios-plugins-1.4.15-modified/plugins/check_http.c 2012-01-11 04:03:34.000000000 +0000 | ||
4 | @@ -58,7 +58,7 @@ | ||
5 | |||
6 | #ifdef HAVE_SSL | ||
7 | int check_cert = FALSE; | ||
8 | -int days_till_exp; | ||
9 | +int days_till_exp_warn, days_till_exp_crit; | ||
10 | char *randbuff; | ||
11 | X509 *server_cert; | ||
12 | # define my_recv(buf, len) ((use_ssl) ? np_net_ssl_read(buf, len) : read(sd, buf, len)) | ||
13 | @@ -178,6 +178,7 @@ | ||
14 | { | ||
15 | int c = 1; | ||
16 | char *p; | ||
17 | + char *temp; | ||
18 | |||
19 | enum { | ||
20 | INVERT_REGEX = CHAR_MAX + 1, | ||
21 | @@ -292,13 +293,25 @@ | ||
22 | break; | ||
23 | case 'C': /* Check SSL cert validity */ | ||
24 | #ifdef HAVE_SSL | ||
25 | - if (!is_intnonneg (optarg)) | ||
26 | - usage2 (_("Invalid certificate expiration period"), optarg); | ||
27 | + if ((temp=strchr(optarg,','))!=NULL) { | ||
28 | + *temp='\0'; | ||
29 | + if (!is_intnonneg (temp)) | ||
30 | + usage2 (_("Invalid certificate expiration period"), optarg); | ||
31 | + days_till_exp_warn = atoi(optarg); | ||
32 | + *temp=','; | ||
33 | + temp++; | ||
34 | + if (!is_intnonneg (temp)) | ||
35 | + usage2 (_("Invalid certificate expiration period"), temp); | ||
36 | + days_till_exp_crit = atoi (temp); | ||
37 | + } | ||
38 | else { | ||
39 | - days_till_exp = atoi (optarg); | ||
40 | - check_cert = TRUE; | ||
41 | + days_till_exp_crit=0; | ||
42 | + if (!is_intnonneg (optarg)) | ||
43 | + usage2 (_("Invalid certificate expiration period"), optarg); | ||
44 | + days_till_exp_warn = atoi (optarg); | ||
45 | } | ||
46 | - /* Fall through to -S option */ | ||
47 | + check_cert = TRUE; | ||
48 | + /* Fall through to -S option */ | ||
49 | #endif | ||
50 | case 'S': /* use SSL */ | ||
51 | #ifndef HAVE_SSL | ||
52 | @@ -809,7 +822,7 @@ | ||
53 | if (use_ssl == TRUE) { | ||
54 | np_net_ssl_init_with_hostname(sd, (use_sni ? host_name : NULL)); | ||
55 | if (check_cert == TRUE) { | ||
56 | - result = np_net_ssl_check_cert(days_till_exp); | ||
57 | + result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit); | ||
58 | np_net_ssl_cleanup(); | ||
59 | if (sd) close(sd); | ||
60 | return result; | ||
61 | @@ -1424,6 +1437,13 @@ | ||
62 | printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than")); | ||
63 | printf (" %s\n", _("14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when")); | ||
64 | printf (" %s\n", _("the certificate is expired.")); | ||
65 | + | ||
66 | + printf (" %s\n\n", "CHECK CERTIFICATE: check_http -H www.verisign.com -C 30,14"); | ||
67 | + printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 30 days,")); | ||
68 | + printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than")); | ||
69 | + printf (" %s\n", _("30 days, but more than 14 days, a STATE_WARNING is returned.")); | ||
70 | + printf (" %s\n", _("A STATE_CRITICAL will be returned when certificate expires in less than 14 days")); | ||
71 | + | ||
72 | #endif | ||
73 | |||
74 | printf (UT_SUPPORT); | ||
75 | @@ -1441,6 +1461,6 @@ | ||
76 | printf (" [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n"); | ||
77 | printf (" [-e <expect>] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n"); | ||
78 | printf (" [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n"); | ||
79 | - printf (" [-A string] [-k string] [-S] [--sni] [-C <age>] [-T <content-type>]\n"); | ||
80 | - printf (" [-j method]\n"); | ||
81 | + printf (" [-A string] [-k string] [-S] [--sni] [-C <warn_age>[,<crit_age>]]\n"); | ||
82 | + printf (" [-T <content-type>] [-j method]\n"); | ||
83 | } | ||
84 | diff -ru nagios-plugins-1.4.15/plugins/check_smtp.c nagios-plugins-1.4.15-modified/plugins/check_smtp.c | ||
85 | --- nagios-plugins-1.4.15/plugins/check_smtp.c 2010-07-27 20:47:16.000000000 +0000 | ||
86 | +++ nagios-plugins-1.4.15-modified/plugins/check_smtp.c 2012-01-11 04:19:41.000000000 +0000 | ||
87 | @@ -41,7 +41,7 @@ | ||
88 | |||
89 | #ifdef HAVE_SSL | ||
90 | int check_cert = FALSE; | ||
91 | -int days_till_exp; | ||
92 | +int days_till_exp_warn, days_till_exp_crit; | ||
93 | # define my_recv(buf, len) ((use_ssl && ssl_established) ? np_net_ssl_read(buf, len) : read(sd, buf, len)) | ||
94 | # define my_send(buf, len) ((use_ssl && ssl_established) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0)) | ||
95 | #else /* ifndef HAVE_SSL */ | ||
96 | @@ -271,7 +271,7 @@ | ||
97 | |||
98 | # ifdef USE_OPENSSL | ||
99 | if ( check_cert ) { | ||
100 | - result = np_net_ssl_check_cert(days_till_exp); | ||
101 | + result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit); | ||
102 | if(result != STATE_OK){ | ||
103 | printf ("%s\n", _("CRITICAL - Cannot retrieve server certificate.")); | ||
104 | } | ||
105 | @@ -453,6 +453,7 @@ | ||
106 | process_arguments (int argc, char **argv) | ||
107 | { | ||
108 | int c; | ||
109 | + char* temp; | ||
110 | |||
111 | int option = 0; | ||
112 | static struct option longopts[] = { | ||
113 | @@ -595,12 +596,26 @@ | ||
114 | case 'D': | ||
115 | /* Check SSL cert validity */ | ||
116 | #ifdef USE_OPENSSL | ||
117 | - if (!is_intnonneg (optarg)) | ||
118 | - usage2 ("Invalid certificate expiration period",optarg); | ||
119 | - days_till_exp = atoi (optarg); | ||
120 | - check_cert = TRUE; | ||
121 | + if ((temp=strchr(optarg,','))!=NULL) { | ||
122 | + *temp='\0'; | ||
123 | + if (!is_intnonneg (temp)) | ||
124 | + usage2 ("Invalid certificate expiration period", optarg); | ||
125 | + days_till_exp_warn = atoi(optarg); | ||
126 | + *temp=','; | ||
127 | + temp++; | ||
128 | + if (!is_intnonneg (temp)) | ||
129 | + usage2 (_("Invalid certificate expiration period"), temp); | ||
130 | + days_till_exp_crit = atoi (temp); | ||
131 | + } | ||
132 | + else { | ||
133 | + days_till_exp_crit=0; | ||
134 | + if (!is_intnonneg (optarg)) | ||
135 | + usage2 ("Invalid certificate expiration period", optarg); | ||
136 | + days_till_exp_warn = atoi (optarg); | ||
137 | + } | ||
138 | + check_cert = TRUE; | ||
139 | #else | ||
140 | - usage (_("SSL support not available - install OpenSSL and recompile")); | ||
141 | + usage (_("SSL support not available - install OpenSSL and recompile")); | ||
142 | #endif | ||
143 | break; | ||
144 | case '4': | ||
145 | @@ -785,7 +800,7 @@ | ||
146 | printf (" %s\n", "-F, --fqdn=STRING"); | ||
147 | printf (" %s\n", _("FQDN used for HELO")); | ||
148 | #ifdef HAVE_SSL | ||
149 | - printf (" %s\n", "-D, --certificate=INTEGER"); | ||
150 | + printf (" %s\n", "-D, --certificate=INTEGER[,INTEGER]"); | ||
151 | printf (" %s\n", _("Minimum number of days a certificate has to be valid.")); | ||
152 | printf (" %s\n", "-S, --starttls"); | ||
153 | printf (" %s\n", _("Use STARTTLS for the connection.")); | ||
154 | @@ -819,8 +834,8 @@ | ||
155 | print_usage (void) | ||
156 | { | ||
157 | printf ("%s\n", _("Usage:")); | ||
158 | - printf ("%s -H host [-p port] [-e expect] [-C command] [-f from addr]", progname); | ||
159 | - printf ("[-A authtype -U authuser -P authpass] [-w warn] [-c crit] [-t timeout]\n"); | ||
160 | - printf ("[-F fqdn] [-S] [-D days] [-v] [-4|-6]\n"); | ||
161 | + printf ("%s -H host [-p port] [-4|-6] [-e expect] [-C command] [-f from addr]\n", progname); | ||
162 | + printf ("[-A authtype -U authuser -P authpass] [-w warn] [-c crit] [-t timeout] [-v]\n"); | ||
163 | + printf ("[-F fqdn] [-S] [-D <warn days to cert expiry>[<crit days to warn expire>]\n"); | ||
164 | } | ||
165 | |||
166 | diff -ru nagios-plugins-1.4.15/plugins/check_tcp.c nagios-plugins-1.4.15-modified/plugins/check_tcp.c | ||
167 | --- nagios-plugins-1.4.15/plugins/check_tcp.c 2010-07-27 20:47:16.000000000 +0000 | ||
168 | +++ nagios-plugins-1.4.15-modified/plugins/check_tcp.c 2012-01-11 04:20:15.000000000 +0000 | ||
169 | @@ -39,7 +39,7 @@ | ||
170 | |||
171 | #ifdef HAVE_SSL | ||
172 | static int check_cert = FALSE; | ||
173 | -static int days_till_exp; | ||
174 | +static int days_till_exp_warn, days_till_exp_crit; | ||
175 | # define my_recv(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_read(buf, len) : read(sd, buf, len)) | ||
176 | # define my_send(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0)) | ||
177 | #else | ||
178 | @@ -235,8 +235,8 @@ | ||
179 | if (flags & FLAG_SSL){ | ||
180 | result = np_net_ssl_init(sd); | ||
181 | if (result == STATE_OK && check_cert == TRUE) { | ||
182 | - result = np_net_ssl_check_cert(days_till_exp); | ||
183 | - if(result != STATE_OK) { | ||
184 | + result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit); | ||
185 | + if (result != STATE_OK) { | ||
186 | printf(_("CRITICAL - Cannot retrieve server certificate.\n")); | ||
187 | } | ||
188 | } | ||
189 | @@ -383,6 +383,7 @@ | ||
190 | { | ||
191 | int c; | ||
192 | int escape = 0; | ||
193 | + char *temp; | ||
194 | |||
195 | int option = 0; | ||
196 | static struct option longopts[] = { | ||
197 | @@ -555,9 +556,22 @@ | ||
198 | case 'D': /* Check SSL cert validity - days 'til certificate expiration */ | ||
199 | #ifdef HAVE_SSL | ||
200 | # ifdef USE_OPENSSL /* XXX */ | ||
201 | - if (!is_intnonneg (optarg)) | ||
202 | + if ((temp=strchr(optarg,','))!=NULL) { | ||
203 | + *temp='\0'; | ||
204 | + if (!is_intnonneg (temp)) | ||
205 | + usage2 (_("Invalid certificate expiration period"), optarg); days_till_exp_warn = atoi(optarg); | ||
206 | + *temp=','; | ||
207 | + temp++; | ||
208 | + if (!is_intnonneg (temp)) | ||
209 | + usage2 (_("Invalid certificate expiration period"), temp); | ||
210 | + days_till_exp_crit = atoi (temp); | ||
211 | + } | ||
212 | + else { | ||
213 | + days_till_exp_crit=0; | ||
214 | + if (!is_intnonneg (optarg)) | ||
215 | usage2 (_("Invalid certificate expiration period"), optarg); | ||
216 | - days_till_exp = atoi (optarg); | ||
217 | + days_till_exp_warn = atoi (optarg); | ||
218 | + } | ||
219 | check_cert = TRUE; | ||
220 | flags |= FLAG_SSL; | ||
221 | break; | ||
222 | @@ -629,8 +643,9 @@ | ||
223 | printf (" %s\n", _("Seconds to wait between sending string and polling for response")); | ||
224 | |||
225 | #ifdef HAVE_SSL | ||
226 | - printf (" %s\n", "-D, --certificate=INTEGER"); | ||
227 | + printf (" %s\n", "-D, --certificate=INTEGER[,INTEGER]"); | ||
228 | printf (" %s\n", _("Minimum number of days a certificate has to be valid.")); | ||
229 | + printf (" %s\n", _("1st is #days for warning, 2nd is critical (if not specified - 0).")); | ||
230 | printf (" %s\n", "-S, --ssl"); | ||
231 | printf (" %s\n", _("Use SSL for the connection.")); | ||
232 | #endif | ||
233 | @@ -652,6 +667,6 @@ | ||
234 | printf ("%s -H host -p port [-w <warning time>] [-c <critical time>] [-s <send string>]\n",progname); | ||
235 | printf ("[-e <expect string>] [-q <quit string>][-m <maximum bytes>] [-d <delay>]\n"); | ||
236 | printf ("[-t <timeout seconds>] [-r <refuse state>] [-M <mismatch state>] [-v] [-4|-6] [-j]\n"); | ||
237 | - printf ("[-D <days to cert expiry>] [-S <use SSL>] [-E]\n"); | ||
238 | + printf ("[-D <warn days to cert expiry>[,<crit days to warn expire>]] [-S <use SSL>] [-E]\n"); | ||
239 | } | ||
240 | |||
241 | Only in nagios-plugins-1.4.15-modified/plugins: .deps | ||
242 | Only in nagios-plugins-1.4.15-modified/plugins: Makefile | ||
243 | diff -ru nagios-plugins-1.4.15/plugins/netutils.h nagios-plugins-1.4.15-modified/plugins/netutils.h | ||
244 | --- nagios-plugins-1.4.15/plugins/netutils.h 2010-07-27 20:47:16.000000000 +0000 | ||
245 | +++ nagios-plugins-1.4.15-modified/plugins/netutils.h 2012-01-11 03:52:18.000000000 +0000 | ||
246 | @@ -103,7 +103,7 @@ | ||
247 | void np_net_ssl_cleanup(); | ||
248 | int np_net_ssl_write(const void *buf, int num); | ||
249 | int np_net_ssl_read(void *buf, int num); | ||
250 | -int np_net_ssl_check_cert(int days_till_exp); | ||
251 | +int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit); | ||
252 | #endif /* HAVE_SSL */ | ||
253 | |||
254 | #endif /* _NETUTILS_H_ */ | ||
255 | diff -ru nagios-plugins-1.4.15/plugins/sslutils.c nagios-plugins-1.4.15-modified/plugins/sslutils.c | ||
256 | --- nagios-plugins-1.4.15/plugins/sslutils.c 2010-07-27 20:47:16.000000000 +0000 | ||
257 | +++ nagios-plugins-1.4.15-modified/plugins/sslutils.c 2012-01-11 03:51:39.000000000 +0000 | ||
258 | @@ -94,7 +94,7 @@ | ||
259 | return SSL_read(s, buf, num); | ||
260 | } | ||
261 | |||
262 | -int np_net_ssl_check_cert(int days_till_exp){ | ||
263 | +int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){ | ||
264 | # ifdef USE_OPENSSL | ||
265 | X509 *certificate=NULL; | ||
266 | ASN1_STRING *tm; | ||
267 | @@ -154,15 +154,21 @@ | ||
268 | stamp.tm_mon + 1, | ||
269 | stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min); | ||
270 | |||
271 | - if (days_left > 0 && days_left <= days_till_exp) { | ||
272 | - printf (_("WARNING - Certificate expires in %d day(s) (%s).\n"), days_left, timestamp); | ||
273 | - return STATE_WARNING; | ||
274 | + if (days_left > 0 && days_left <= days_till_exp_warn) { | ||
275 | + printf (_("%s - Certificate expires in %d day(s) (%s).\n"), (days_left>days_till_exp_crit)?"CRITICAL":"WARNING", days_left, timestamp); | ||
276 | + if (days_left > days_till_exp_crit) | ||
277 | + return STATE_WARNING; | ||
278 | + else | ||
279 | + return STATE_CRITICAL; | ||
280 | } else if (time_left < 0) { | ||
281 | printf (_("CRITICAL - Certificate expired on %s.\n"), timestamp); | ||
282 | return STATE_CRITICAL; | ||
283 | } else if (days_left == 0) { | ||
284 | - printf (_("WARNING - Certificate expires today (%s).\n"), timestamp); | ||
285 | - return STATE_WARNING; | ||
286 | + printf (_("%s - Certificate expires today (%s).\n"), (days_left>days_till_exp_crit)?"CRITICAL":"WARNING", timestamp); | ||
287 | + if (days_left > days_till_exp_crit) | ||
288 | + return STATE_WARNING; | ||
289 | + else | ||
290 | + return STATE_CRITICAL; | ||
291 | } | ||
292 | |||
293 | printf (_("OK - Certificate will expire on %s.\n"), timestamp); | ||