zoukankan      html  css  js  c++  java
  • 监控案例一--监控HTTPS证书过期

    通过脚本获取到证书到有效期结束还有多少天。

     1 #!/bin/bash
     2 host=$1
     3 port=$2
     4 end_date=`/usr/bin/openssl s_client -servername $host -host $host -port $port -showcerts </dev/null 2>/dev/null |
     5   sed -n '/BEGIN CERTIFICATE/,/END CERT/p' |
     6   /usr/bin/openssl  x509 -text 2>/dev/null |
     7   sed -n 's/ *Not After : *//p'`
     8 # openssl 检验和验证SSL证书。
     9 # -servername $host 因一台主机存在多个证书,利用SNI特性检查
    10 # </dev/null 定向标准输入,防止交互式程序。从/dev/null 读时,直接读出0 。
    11 # sed -n 和p 一起使用,仅显示匹配到的部分。 //,// 区间匹配。
    12 # openssl x509 -text 解码证书信息,包含证书的有效期。
    13 
    14 if [ -n "$end_date" ]
    15 then
    16     end_date_seconds=`date '+%s' --date "$end_date"`
    17     now_seconds=`date '+%s'`
    18     echo "($end_date_seconds-$now_seconds)/24/3600" | bc
    19 fi
    View Code

    也可以使用python获取到期时间,看个人所好

     1 #!/usr/bin/python
     2 import socket
     3 import ssl
     4 import datetime
     5 import argparse
     6 
     7 def ssl_expiry_datetime(hostname):
     8     ssl_date_fmt = r'%b %d %H:%M:%S %Y %Z'
     9 
    10     context = ssl.create_default_context()
    11     conn = context.wrap_socket(socket.socket(socket.AF_INET),server_hostname=hostname,)
    12     # 3 second timeout because Lambda has runtime limitations
    13     conn.settimeout(3.0)
    14 
    15     conn.connect((hostname, 443))
    16     ssl_info = conn.getpeercert()
    17     # parse the string from the certificate into a Python datetime object
    18     return datetime.datetime.strptime(ssl_info['notAfter'], ssl_date_fmt)
    19 
    20 
    21 def ssl_valid_time_remaining(hostname):
    22     """Get the number of days left in a cert's lifetime."""
    23     expires = ssl_expiry_datetime(hostname)
    24     return expires - datetime.datetime.utcnow()
    25 
    26 
    27 parser = argparse.ArgumentParser(description='returns the time before expiration of certificate')
    28 parser.add_argument("-c","--hostname", help="hostname of the certificate you want to check")
    29 args = parser.parse_args()
    30 
    31 expire = ssl_valid_time_remaining(args.hostname)
    32 #print int(round(datetime.timedelta.total_seconds(expire), 0))
    33 print expire.days
    View Code

     假如监控的证书不是很多,完全可以使用以上脚本,在zabbix中配置相应的item即可,若是证书很多,可以通过zabbix LLD的功能,如下是自动发现域名脚本:

     1 #!/usr/bin/env python
     2 #coding:utf-8
     3 
     4 import os
     5 import sys
     6 import json
     7 
     8 #这个函数主要是构造出一个特定格式的字典,用于zabbix
     9 def ssl_cert_discovery():
    10     web_list=[]
    11     web_dict={"data":None}
    12     with open("/etc/zabbix/scripts/ssl_cert_list","r") as f:
    13         for sslcert in f:
    14             dict={}
    15             dict["{#DOMAINNAME}"]=sslcert.strip().split()[0]
    16             dict["{#PORT}"]=sslcert.strip().split()[1]
    17             web_list.append(dict)
    18     web_dict["data"]=web_list
    19     jsonStr = json.dumps(web_dict,indent=4)
    20     return jsonStr
    21 if __name__ == "__main__":
    22     print ssl_cert_discovery()
    View Code

    域名列表:

    /etc/zabbix/scripts/ssl_cert_list:
    www.baidu.com 443
    www.qq.com 443

    zabbix配置:

    /etc/zabbix/zabbix_agentd.conf.d/userparameter_sslcert.conf:
    UserParameter=sslcert_discovery,/usr/bin/python  /etc/zabbix/scripts/sshcert_discovery.py
    UserParameter=sslcert.info[*],/bin/bash /etc/zabbix/scripts/check-cert-expire.sh $1 $2
  • 相关阅读:
    New version of VS2005 extensions for SharePoint 3.0
    QuickPart : 用户控件包装器 for SharePoint Server 2007
    随想
    发布 SharePoint Server 2007 Starter Page
    如何在SharePoint Server中整合其他应用系统?
    Office SharePoint Server 2007 中文180天评估版到货!
    RMS 1.0 SP2
    SharePoint Server 2007 Web内容管理中的几个关键概念
    如何为已存在的SharePoint站点启用SSL
    Some update information about Office 2007
  • 原文地址:https://www.cnblogs.com/weidongliu/p/13598049.html
Copyright © 2011-2022 走看看