cert_check.py hinzugefügt

2025-08-03 16:48:54 +02:00
parent cc188037f1
commit 9b1c2c9446
1 changed files with 61 additions and 0 deletions
@@ -0,0 +1,61 @@
+#!/usr/bin/env python3
+import subprocess
+import sys
+from datetime import datetime
+
+def get_expiry(cert_path):
+    try:
+        out = subprocess.check_output(
+            ['openssl', 'x509', '-enddate', '-noout', '-in', cert_path],
+            stderr=subprocess.DEVNULL
+        ).decode().strip()
+        date_str = out.split('=', 1)[1]
+        return datetime.strptime(date_str, "%b %d %H:%M:%S %Y %Z")
+    except Exception:
+        return None
+
+def check_cert(name, path, warn_days=30, crit_days=15):
+    expiry = get_expiry(path)
+    if expiry is None:
+        print(f"2 UCS_CERT_{name} - CRITICAL - Zertifikat {path} nicht lesbar")
+        return 2
+    days_left = (expiry - datetime.utcnow()).days
+    if days_left < 0:
+        print(f"2 UCS_CERT_{name} - CRITICAL - Zertifikat ist abgelaufen am {expiry}")
+        return 2
+    elif days_left <= crit_days:
+        print(f"2 UCS_CERT_{name} - CRITICAL - Läuft in {days_left} Tagen ab ({expiry})")
+        return 2
+    elif days_left <= warn_days:
+        print(f"1 UCS_CERT_{name} - WARNING - Läuft in {days_left} Tagen ab ({expiry})")
+        return 1
+    else:
+        print(f"0 UCS_CERT_{name} - OK - Gültig für {days_left} Tage (bis {expiry})")
+        return 0
+
+def main():
+    def ucr_get(var):
+        try:
+            return subprocess.check_output(['ucr', 'get', var], text=True).strip()
+        except subprocess.CalledProcessError:
+            return None
+
+    certs = {
+        'Apache': ucr_get('apache2/ssl/certificate'),
+        'Dovecot': ucr_get('mail/dovecot/ssl/certificate'),
+        'Dostfix': ucr_get('mail/postfix/ssl/certificate'),
+    }
+
+    exit_codes = []
+    for name, path in certs.items():
+        if path:
+            ret = check_cert(name, path)
+            exit_codes.append(ret)
+        else:
+            print(f"1 cert_{name} - WARNING - Kein Zertifikatspfad gesetzt")
+            exit_codes.append(1)
+
+    sys.exit(max(exit_codes) if exit_codes else 3)
+
+if __name__ == "__main__":
+    main()