From a15f8ee4ab7d29de0e65f95941ca0dfbded5d815 Mon Sep 17 00:00:00 2001
From: patrick <patrick@perlbach24.de>
Date: Sun, 10 Aug 2025 13:07:47 +0200
Subject: [PATCH] =?UTF-8?q?check-npm.sh=20hinzugef=C3=BCgt?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 check-npm.sh | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 56 insertions(+)
 create mode 100644 check-npm.sh

diff --git a/check-npm.sh b/check-npm.sh
new file mode 100644
index 0000000..a7c24c4
--- /dev/null
+++ b/check-npm.sh
@@ -0,0 +1,56 @@
+#!/bin/bash
+# Checkmk Local Check: Alle NPM-SSL-Zertifikate prüfen mit Domainnamen
+# Speicherort: /usr/lib/check_mk_agent/local/npm_cert_check.sh
+
+CERT_BASE="/etc/letsencrypt/live"
+WARN_DAYS=30
+CRIT_DAYS=10
+
+check_cert() {
+    local cert_file="$1"
+
+    # CN (Common Name) auslesen
+    CN=$(openssl x509 -noout -subject -in "$cert_file" 2>/dev/null | sed -n 's/^subject=.*CN=//p')
+    if [ -z "$CN" ]; then
+        CN=$(basename "$(dirname "$cert_file")") # Fallback: Ordnername
+    fi
+
+    # Ablaufdatum auslesen
+    EXPIRY_DATE=$(openssl x509 -enddate -noout -in "$cert_file" 2>/dev/null | cut -d= -f2)
+    if [ -z "$EXPIRY_DATE" ]; then
+        echo "2 cert_${CN} - Fehler beim Lesen des Zertifikats"
+        return
+    fi
+
+    EXPIRY_TS=$(date -d "$EXPIRY_DATE" +%s)
+    NOW_TS=$(date +%s)
+    DAYS_LEFT=$(( (EXPIRY_TS - NOW_TS) / 86400 ))
+
+    # Status setzen
+    if [ $DAYS_LEFT -lt 0 ]; then
+        STATUS=2
+    elif [ $DAYS_LEFT -le $CRIT_DAYS ]; then
+        STATUS=2
+    elif [ $DAYS_LEFT -le $WARN_DAYS ]; then
+        STATUS=1
+    else
+        STATUS=0
+    fi
+
+    # SAN-Einträge (Alternative Namen) auslesen
+    SAN=$(openssl x509 -noout -text -in "$cert_file" 2>/dev/null | grep -A1 "Subject Alternative Name" | tail -n1 | sed 's/DNS://g; s/,//g')
+
+    echo "$STATUS cert_${CN} days_left=$DAYS_LEFT;${WARN_DAYS};${CRIT_DAYS};0; Zertifikat '$CN' läuft in $DAYS_LEFT Tagen ab (SAN: $SAN)"
+}
+
+# Alle Zertifikate unter /etc/letsencrypt/live/npm-* prüfen
+if [ -d "$CERT_BASE" ]; then
+    find "$CERT_BASE" -mindepth 1 -maxdepth 1 -type d -name "npm-*" | while read -r dir; do
+        cert_file="$dir/fullchain.pem"
+        if [ -f "$cert_file" ]; then
+            check_cert "$cert_file"
+        fi
+    done
+else
+    echo "2 cert_check - Zertifikatspfad $CERT_BASE nicht gefunden"
+fi