#!/bin/bash
VERSION='Xymon check-ldap-cert script: version 1.0'
# clientlaunch.d/check-ldap-cert.cfg
#[cert]
# ENVFILE $XYMONCLIENTHOME/etc/xymonclient.cfg
# CMD $XYMONCLIENTHOME/ext/check-ldap-cert.bash
# LOGFILE $XYMONCLIENTHOME/logs/check-ldap-cert.log
# INTERVAL 5m
# This script checks the expiration of the TLS cert.
# It must read the ldap conf file and the location of the
# ldap conf file must be updated.
CONF='/usr/local/openldap/etc/ldap.conf'
#DEBUG# echo "bb=[$BB]"
#DEBUG# echo "bbdisp=[$BBDISP]"
NL="
"
DASHES="
"
DASH="
"
COLOR="clear"
COLUMN="cert"
MSG=""
# 60 seconds * 60 minutes * 24 hours * 90 days
((YELLOW = 60 * 60 * 24 * 90))
# 60 seconds * 60 minutes * 24 hours * 30 days
((RED = 60 * 60 * 24 * 30))
DATE=$(date)
dateSeconds=$(date -d "${DATE}" '+%s')
FILE=$(cat ${CONF} | grep -v '^#' | grep -i tls_cacertfile | awk '{print $2}')
expDate=$(openssl x509 -in ${FILE} -text -noout | grep 'Not After' | sed 's/Not After ://' | tr -s " ")
expSeconds=$(date -d "${expDate}" '+%s')
((differ = expSeconds - dateSeconds))
if (( RED > differ))
then
COLOR='red'
else
if (( YELLOW > differ))
then
COLOR='yellow'
else
COLOR='green'
fi
fi
text=$(openssl x509 -in ${FILE} -text -noout)
MSG="
Certificate expires: ${expDate}${DASHES}${text}"
#DEBUG# echo "$BB $BBDISP \"status $MACHINE.$COLUMN $COLOR ${DATE} $MSG\""
$BB $BBDISP "status $MACHINE.$COLUMN $COLOR ${DATE} $MSG ${DASHES}${VERSION}"
#DEBUG# tmp="$?"
#DEBUG# echo "error code: $tmp"