nagios-check-tor-authority-cert - check certificate expiry time

svn:r13119

nagios-check-tor-authority-cert - check certificate expiry time
1a072507 · Peter Palfrader · cbf26037 · 1a072507
Commit 1a072507 authored 17 years ago by Peter Palfrader
--- a/contrib/nagios-check-tor-authority-cert
+++ b/contrib/nagios-check-tor-authority-cert
+#!/bin/bash
+
+# nagios-check-tor-authority-cert - check certificate expiry time
+
+# A nagios check for Tor v3 directory authorities:
+# - Checks the current certificate expiry time
+#
+# Usage: nagios-check-tor-authority-cert <authority identity fingerprint>
+# e.g.: nagios-check-tor-authority-cert A9AC67E64B200BBF2FA26DF194AC0469E2A948C6
+
+# $Id$
+
+# Copyright (c) 2008 Peter Palfrader <peter@palfrader.org>
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+
+set -e
+set -u
+
+if [ -z "${1:-}" ]; then
+	echo "Usage: $0 <authority identity fingerprint>" 2>&1
+	exit 3
+fi
+
+identity="$1"
+
+DIRSERVERS=""
+DIRSERVERS="$DIRSERVERS 86.59.21.38:80"         # tor26
+DIRSERVERS="$DIRSERVERS 128.31.0.34:9031"       # moria1
+DIRSERVERS="$DIRSERVERS 216.224.124.114:9030"   # ides
+DIRSERVERS="$DIRSERVERS 88.198.7.215:80"        # gabelmoo
+DIRSERVERS="$DIRSERVERS 140.247.60.64:80"       # lefkada
+
+TMPFILE="`tempfile`"
+trap 'rm -f "$TMPFILE"' 0
+
+for dirserver in $DIRSERVERS; do
+	wget -q -O "$TMPFILE" "http://$dirserver/tor/keys/fp/$identity"
+	if [ "$?" = 0 ]; then
+		break
+	else
+		cat /dev/null > "$TMPFILE"
+		continue
+	fi
+done
+
+if ! [ -s "$TMPFILE" ] ; then
+	echo "UNKNOWN: Downloading certificate for $identity failed."
+	exit 3
+fi
+
+expirydate="$(awk '$1=="dir-key-expires" {printf "%s %s", $2, $3}' < "$TMPFILE")"
+expiryunix=$(date -d "$expirydate" +%s)
+now=$(date +%s)
+
+if [ "$now" -ge "$expiryunix" ]; then
+	echo "CRITICAL: Certificate expired $expirydate (authority $identity)."
+	exit 2
+elif [ "$(( $now + 7*24*60*60 ))" -ge "$expiryunix" ]; then
+	echo "CRITICAL: Certificate expires $expirydate (authority $identity)."
+	exit 2
+elif [ "$(( $now + 30*24*60*60 ))" -ge "$expiryunix" ]; then
+	echo "WARNING: Certificate expires $expirydate (authority $identity)."
+	exit 1
+else
+	echo "OK: Certificate expires $expirydate (authority $identity)."
+	exit 1
+fi