taoCMS是基于php+sqlite/mysql的国内最小(100Kb左右)的功能完善的CMS管理系统

监控SSL证书过期 Monitor SSL certificate expiry

2016-12-12


前几天有个老的证书过期,被BOSS狠狠的D了一顿。虽亡羊补牢,仍为时不晚。
之前是用Nagios插件check_http干这样的事情,现在公司用的zabbix。所以网上学习了一把,和大家分享下;特别是Zabbix的那段代码写的贼好,一定要赏析。

Nagios:
p1–command–
./libexec/check_http --ssl -I xx.xx.xx.xx -H i.host.com -p 443 -u / -C 30 #(过期时间小于30天告警)
--ssl, Connect via SSL
-H, --IP-address=ADDRESS
-I, --IP-address=ADDRESS
-u --url=PATH
-c, --critical=DOUBLE

p2–checkcommands.cfg –


# Service : 'check_https_cert'
define command {
command_name check_https_cert
command_line $USER1$/check_http --ssl -I $ARG1$ -H $ARG2$ -u $ARG3$ -C 30
}

p3–services.cfg–
# Service : 'SSL Certificate'
define service {
use not-so-critical-service
host_name i1.host
service_description Mon SSL Cert
contact_groups dc-c1
check_command check_https_cert!xx.xx.xx.xx!i.host.com!/
}

Zabbix:

SSL certificate check
Description

This extension monitors the number of remaining days of validity of an SSL certificate.
It includes a template with:

one item
SSL certificate validity: number of remaining days
six triggers
SSL certificate expires in less than 90 days: Not classified severity level
SSL certificate expires in less than 60 days: Information severity level
SSL certificate expires in less than 30 days: Warning severity level
SSL certificate expires in less than 15 days: Average severity level
SSL certificate expires in less than 7 days: High severity level
SSL certificate expired: Disaster severity level
one macro
{$SSL_PORT}: service port number (set to 443 in template)

zext_ssl_cert.sh external script is used by «SSL certificate validity» item.
Installation
Zabbix server

zext_ssl_cert.sh (latest version) must be installed in Zabbix external scripts directory (/etc/zabbix/externalscripts by default).

Template_zext_ssl_cert.xml template (latest version) must be imported in Zabbix host templates.
Configuration

Linking Template_zext_ssl_cert to an host adds HTTPS (port 443) SSL certificate check.
If it is used to check a service other than HTTPS, {$SSL_PORT} has to be defined to corresponding port in host configuration.

  • –解读下shell脚本这段–
  • 漂亮。

    参考资料:https://www.zabbix.org/wiki/Docs/howto/ssl_certificate_check

    https://gist.github.com/myaaaaa-chan/7748364


    类别:技术文章 | 阅读:359226 | 评论:0 | 标签:监控 域名过期

    想收藏或者和大家分享这篇好文章→

    “监控SSL证书过期 Monitor SSL certificate expiry”共有0条留言

    发表评论

    姓名:

    邮箱:

    网址:

    验证码:

    公告

    taoCMS发布taoCMS 3.0.2(最后更新21年03月15日),请大家速速升级,欢迎大家试用和提出您宝贵的意见建议。

    捐助与联系

    ☟请使用新浪微博联系我☟

    ☟在github上follow我☟

    标签云