Add dsa-check-cert-expire-dir

diff --git a/dsa-nagios-checks/checks/dsa-check-cert-expire-dir b/dsa-nagios-checks/checks/dsa-check-cert-expire-dir
new file mode 100755 (executable)
index 0000000..2c8eaa1
--- /dev/null
+++ b/dsa-nagios-checks/checks/dsa-check-cert-expire-dir
@@ -0,0 +1,90 @@
+#!/bin/bash
+
+# Checks if any of the *.crt files in a directory on disk will expire soon
+
+# Copyright 2009,2016 Peter Palfrader
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+
+sn="$0"
+if [ "${sn%/*}" = "$sn" ]; then
+  CERT_CHECK=dsa-check-cert-expire
+else
+  CERT_CHECK="${sn%/*}/dsa-check-cert-expire"
+fi
+
+if [ "$#" != 1 ] ; then
+  echo >&2 "Usage: $0 <directory>"
+  exit 1
+fi
+
+DIR="$1"
+
+if ! [ -d "$DIR" ]; then
+  echo "Not a directory: $DIR"
+  exit 1
+fi
+
+OK=""
+WARN=""
+CRIT=""
+UNKNOWN=""
+cOK=0
+cWARN=0
+cCRIT=0
+cUNKNOWN=0
+
+t=$(tempfile)
+trap "rm -f '$t'" EXIT
+
+for i in "$DIR"/*.crt; do
+  d="${i%.crt}"
+  d="${d##*/}"
+  echo -n "$d: " >> "$t"
+  "$CERT_CHECK" "$i" >> "$t" 2>&1
+  rc=$?
+  if [ "$rc" = 0 ]; then
+    OK="$OK $d"
+    cOK=$(( cOK + 1 ))
+  elif [ "$rc" = 1 ]; then
+    WARN="$WARN $d"
+    cWARN=$(( cWARN + 1 ))
+  elif [ "$rc" = 2 ]; then
+    CRIT="$CRIT $d"
+    cCRIT=$(( cCRIT + 1 ))
+  else
+    UNKNOWN="$UNKNOWN $d"
+    cUNKNOWN=$(( cUNKNOWN + 1 ))
+  fi
+done
+
+if [ -n "$CRIT" ]; then rc=2;
+elif [ -n "$WARN" ]; then rc=1;
+elif [ -n "$UNKNOWN" ]; then rc=3;
+else rc=0;
+fi
+
+[ -n "$CRIT" ] && echo "CRITICAL ($cCRIT):$CRIT, "
+[ -n "$WARN" ] && echo "WARN ($cWARN):$WARN, "
+[ -n "$UNKNOWN" ] && echo "UNKNOWN ($cUNKNOWN):$UNKNOWN, "
+[ -n "$OK" ] && echo "OK ($cOK):$OK."
+cat "$t"
+exit $rc

diff --git a/dsa-nagios-checks/debian/changelog b/dsa-nagios-checks/debian/changelog
index fb85907..0582478 100644 (file)
--- a/dsa-nagios-checks/debian/changelog
+++ b/dsa-nagios-checks/debian/changelog
@@ -15,6 +15,7 @@ dsa-nagios-checks (108+XXXX) UNRELEASED; urgency=medium
   * dsa-check-drbd: Add --ok-no-devices option.
   * dsa-check-backuppg: allow specifying which timeline we expect a database
     to be on.
+  * dsa-check-cert-expire-dir: add
 
   [ Tollef Fog Heen ]
   * dsa-update-unowned-file-status: ignore fdescfs, used for /dev/fd on
@@ -27,7 +28,7 @@ dsa-nagios-checks (108+XXXX) UNRELEASED; urgency=medium
   * Add dsa-check-hpssacli, replaces hpacucli for new hosts.
   * dsa-check-hpssacli: accept 12.0Gbps as transfer speed for SAS
 
- -- Peter Palfrader <weasel@debian.org>  Sun, 17 Jan 2016 18:47:12 +0100
+ -- Peter Palfrader <weasel@debian.org>  Tue, 02 Feb 2016 07:58:55 +0100
 
 dsa-nagios-checks (108) unstable; urgency=medium