RuhNetConsulting
/
checkssl
mirror of https://github.com/srvrco/checkssl
1
0
Fork 0
Code Issues 0 Projects 0 Releases 4 Wiki Activity
Browse Source

allow muttiple different services to be checked

pull/10/head
srvrco 9 years ago
parent
87590475f2
commit
2529207c31
2 changed files with 57 additions and 15 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +15
    -5
      README
  2. +42
    -10
      checkssl

+ 15
- 5
README View File

@ -26,11 +26,11 @@ will run the renewssl command with the domain name passed as an argument. If t
running checkssl with no arguments gives help; running checkssl with no arguments gives help;
checkssl ver. 1.00
checkssl ver. 1.07
Checks ssl certs for a set of domains Checks ssl certs for a set of domains
Usage: checkssl [-h|--help] [-d|--debug] [-f|--file filename] [-s|--server stype] [-l|--location directory] Usage: checkssl [-h|--help] [-d|--debug] [-f|--file filename] [-s|--server stype] [-l|--location directory]
[-e|--expires days] [-r|--renew] [-u|--update] [-u|--upgrade] [-c|--command command] [domain]
[-e|--expires days] [-r|--renew] [-u|--update] [-U|--nocheck] [-c|--command command] [domain]
Options: Options:
-h, --help Display this help message and exit. -h, --help Display this help message and exit.
@ -44,11 +44,21 @@ Options:
(typically /etc/letsencrypt/live/) (typically /etc/letsencrypt/live/)
-e, --expires days -e, --expires days
Where 'days' is the number of days to alert if cert expires in that time period Where 'days' is the number of days to alert if cert expires in that time period
-r, --renew this just lists domain names that need to be renewed.
-r, --renew This just lists domain names that need to be renewed.
This list could be used by an auto renew script, or to email you. This list could be used by an auto renew script, or to email you.
-u, --upgrade Upgrade checkssl if a more recent version is available
-p, --problems This just lists the domains that have possible issues.
This list could be used to email you only if there is something to take care of.
-u, --upgrade Upgrade checkssl if a more recent version is available
-U, --nocheck Do not check if a more recent version is available
-c, --command run_command -c, --command run_command
Where 'run_command' is a command which will be run (with domain name passed)
Where 'run_command' is a command which will be run (with domain name passed)
for any certs due for renewal for any certs due for renewal
A domain name can also be specified on the command line A domain name can also be specified on the command line
If a file is provided, with a list of domains then each domain can include a port / service for testing i.e.
example.com
example.com:pop3s
example.com:587

+ 42
- 10
checkssl View File

@ -35,16 +35,18 @@
# 2016-08-25 removing set-x left in during some testing ... (1.06) # 2016-08-25 removing set-x left in during some testing ... (1.06)
# 2016-09-17 moved upgrade option (-u) so it works if only option. (1.07) # 2016-09-17 moved upgrade option (-u) so it works if only option. (1.07)
# 2016-10-14 added '-' to allowed characters for the alt name check # 2016-10-14 added '-' to allowed characters for the alt name check
# 2016-10-25 allow muttiple different services to be checked (1.08)
# --------------------------------------------------------------------------- # ---------------------------------------------------------------------------
PROGNAME=${0##*/} PROGNAME=${0##*/}
VERSION="1.07"
VERSION="1.08"
ORIGCMD="$0 $*" ORIGCMD="$0 $*"
UPDATE_LOCATION="https://raw.githubusercontent.com/srvrco/checkssl/master/checkssl" UPDATE_LOCATION="https://raw.githubusercontent.com/srvrco/checkssl/master/checkssl"
RENEW_ALERT="30" # set to number of days to be alerted for certificate renewal ( default, can be changed with -expires argument) RENEW_ALERT="30" # set to number of days to be alerted for certificate renewal ( default, can be changed with -expires argument)
_QUIET=0 _QUIET=0
_UPGRADE=0 _UPGRADE=0
_UPGRADE_CHECK=1
clean_up() { # Perform pre-exit housekeeping clean_up() { # Perform pre-exit housekeeping
rm -f LIST_OF_DOMAINS rm -f LIST_OF_DOMAINS
@ -101,7 +103,7 @@ signal_exit() { # Handle trapped signals
usage() { usage() {
echo -e "Usage: $PROGNAME [-h|--help] [-d|--debug] [-f|--file filename] [-s|--server stype] [-l|--location directory] echo -e "Usage: $PROGNAME [-h|--help] [-d|--debug] [-f|--file filename] [-s|--server stype] [-l|--location directory]
[-e|--expires days] [-r|--renew] [-u|--update] [-c|--command command] [domain]"
[-e|--expires days] [-r|--renew] [-u|--update] [-U|--nocheck] [-c|--command command] [domain]"
} }
log() { log() {
@ -146,6 +148,7 @@ help_message() {
-p, --problems This just lists the domains that have possible issues. -p, --problems This just lists the domains that have possible issues.
This list could be used to email you only if there is something to take care of. This list could be used to email you only if there is something to take care of.
-u, --upgrade Upgrade checkssl if a more recent version is available -u, --upgrade Upgrade checkssl if a more recent version is available
-U, --nocheck Do not check if a more recent version is available
-c, --command run_command -c, --command run_command
Where 'run_command' is a command which will be run (with domain name passed) Where 'run_command' is a command which will be run (with domain name passed)
for any certs due for renewal for any certs due for renewal
@ -224,6 +227,8 @@ while [[ -n $1 ]]; do
LOCATIONARG=true; shift; LOC="$1" ;; LOCATIONARG=true; shift; LOC="$1" ;;
-u | --upgrade) -u | --upgrade)
_UPGRADE=1 ;; _UPGRADE=1 ;;
-U | --nocheck)
_UPGRADE_CHECK=0 ;;
-* | --*) -* | --*)
usage usage
error_exit "Unknown option $1" ;; error_exit "Unknown option $1" ;;
@ -246,7 +251,10 @@ _requires grep
_requires awk _requires awk
_requires column _requires column
check_upgrade
# Check if upgrades are available (unless they have specified -U to ignore Upgrade checks)
if [[ $_UPGRADE_CHECK -eq 1 ]]; then
check_upgrade
fi
if [[ ! $FILEARG && ! $SERVERARG && ! $LOCATIONARG && ! $DOMAINARG ]]; then if [[ ! $FILEARG && ! $SERVERARG && ! $LOCATIONARG && ! $DOMAINARG ]]; then
help_message help_message
@ -257,7 +265,7 @@ fi
LIST_OF_DOMAINS=$(mktemp) LIST_OF_DOMAINS=$(mktemp)
DATA_OUT=$(mktemp) DATA_OUT=$(mktemp)
debug "created tmp files for input (${LIST_OF_DOMAINS}) and output (${DATA_OUT})" debug "created tmp files for input (${LIST_OF_DOMAINS}) and output (${DATA_OUT})"
echo "Domain|cert issued for|valid until|cert issued by| possible issues?" > "$DATA_OUT"
echo "Domain|port|cert issued for|valid until|cert issued by| possible issues?" > "$DATA_OUT"
# use name name from command line if specified # use name name from command line if specified
if [ $DOMAINARG ]; then if [ $DOMAINARG ]; then
@ -305,12 +313,36 @@ fi
debug "completed creating list of domains" debug "completed creating list of domains"
# read domains from file # read domains from file
while IFS= read -r DOMAIN; do
if [ ! -z "$DOMAIN" ]; then
DOMAIN=${DOMAIN// /}
while IFS= read -r LINE; do
if [ ! -z "$LINE" ]; then
PS=443
PORT=443
if [[ "$LINE" == *":"* ]]; then
DOMAIN=$(echo $LINE | awk -F":" '{print $1}')
PS=$(echo $LINE | awk -F":" '{print $2}')
else
DOMAIN=$(echo $LINE | awk '{print $1}')
fi
case "${PS}" in
https | 443) PORT=443 ;;
ftp | 21) PORT=21; REMOTE_EXTRA="-starttls ftp" ;;
ftpi | 990 ) PORT=990 ;;
imap | 143 ) PORT=143; REMOTE_EXTRA="-starttls imap" ;;
imaps | 993 ) PORT=993 ;;
pop3 | 110 ) PORT=110 ; REMOTE_EXTRA="-starttls pop3" ;;
pop3s | 995 ) PORT=995 ;;
smtp | 25 ) PORT=25; REMOTE_EXTRA="-starttls smtp" ;;
smtps | 587 ) PORT=587; REMOTE_EXTRA="-starttls smtp" ;;
xmpp | 5222 ) PORT=5222; REMOTE_EXTRA="-starttls xmpp" ;;
xmpps | 5269 ) PORT=5269 ;;
ldaps | 636 ) PORT=636 ;;
esac
# DOMAIN=${DOMAIN// /}
PROBLEMS="" PROBLEMS=""
debug " --------------- domain ${DOMAIN} ---------------------"
CERTINFO=$(echo | openssl s_client -servername "${DOMAIN}" -connect "${DOMAIN}:443" 2>/dev/null | openssl x509 2>/dev/null)
debug " --------------- domain ${DOMAIN}:${PORT}---------------------"
CERTINFO=$(echo | openssl s_client -servername "${DOMAIN}" -connect "${DOMAIN}:${PORT}" 2>/dev/null | openssl x509 2>/dev/null)
ISSUEDTO=$(echo "$CERTINFO" | openssl x509 -noout -subject 2>/dev/null|cut -d= -f 3-) ISSUEDTO=$(echo "$CERTINFO" | openssl x509 -noout -subject 2>/dev/null|cut -d= -f 3-)
[[ -z $ISSUEDTO ]] && ISSUEDTO="-" [[ -z $ISSUEDTO ]] && ISSUEDTO="-"
debug "$ISSUEDTO" debug "$ISSUEDTO"
@ -348,7 +380,7 @@ while IFS= read -r DOMAIN; do
fi fi
fi fi
fi fi
printf "%s|%s|%s|%s|%s\n" "$DOMAIN" "$ISSUEDTO" "$ENDDATE" "$ISSUER" "$PROBLEMS">> "$DATA_OUT"
printf "%s|%s|%s|%s|%s|%s\n" "$DOMAIN" "$PS" "$ISSUEDTO" "$ENDDATE" "$ISSUER" "$PROBLEMS">> "$DATA_OUT"
fi fi
done < "$LIST_OF_DOMAINS" done < "$LIST_OF_DOMAINS"


Write Preview
Loading…
Cancel
Save