scripte/Univention_Cert_check
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9b1c2c9446ee6ca3c1e151b0b72ea779f9ac7da0
Univention_Cert_check/cert_check.py
T
patrick 9b1c2c9446 cert_check.py hinzugefügt
2025-08-03 16:48:54 +02:00

62 lines
1.9 KiB
Python
Raw Blame History

#!/usr/bin/env python3
import subprocess
import sys
from datetime import datetime
def get_expiry(cert_path):
try:
out = subprocess.check_output(
['openssl', 'x509', '-enddate', '-noout', '-in', cert_path],
stderr=subprocess.DEVNULL
).decode().strip()
date_str = out.split('=', 1)[1]
return datetime.strptime(date_str, "%b %d %H:%M:%S %Y %Z")
except Exception:
return None
def check_cert(name, path, warn_days=30, crit_days=15):
expiry = get_expiry(path)
if expiry is None:
print(f"2 UCS_CERT_{name} - CRITICAL - Zertifikat {path} nicht lesbar")
return 2
days_left = (expiry - datetime.utcnow()).days
if days_left < 0:
print(f"2 UCS_CERT_{name} - CRITICAL - Zertifikat ist abgelaufen am {expiry}")
return 2
elif days_left <= crit_days:
print(f"2 UCS_CERT_{name} - CRITICAL - Läuft in {days_left} Tagen ab ({expiry})")
return 2
elif days_left <= warn_days:
print(f"1 UCS_CERT_{name} - WARNING - Läuft in {days_left} Tagen ab ({expiry})")
return 1
else:
print(f"0 UCS_CERT_{name} - OK - Gültig für {days_left} Tage (bis {expiry})")
return 0
def main():
def ucr_get(var):
try:
return subprocess.check_output(['ucr', 'get', var], text=True).strip()
except subprocess.CalledProcessError:
return None
certs = {
'Apache': ucr_get('apache2/ssl/certificate'),
'Dovecot': ucr_get('mail/dovecot/ssl/certificate'),
'Dostfix': ucr_get('mail/postfix/ssl/certificate'),
}
exit_codes = []
for name, path in certs.items():
if path:
ret = check_cert(name, path)
exit_codes.append(ret)
else:
print(f"1 cert_{name} - WARNING - Kein Zertifikatspfad gesetzt")
exit_codes.append(1)
sys.exit(max(exit_codes) if exit_codes else 3)
if __name__ == "__main__":
main()
Reference in New Issue View Git Blame Copy Permalink