#!/bin/bash # # Copyright (c) Members of the EGEE Collaboration. 2004. # See http://public.eu-egee.org/partners/ for details on # the copyright holders. # For license conditions see the license file or # http://eu-egee.org/license.html # # Authors: # # Akos Frohner # # Fixes: # # 08/11/06 A. Forti: Pattern matching for cert permission. # # 23/11/06 C.Morey: trimmed lots of stuff, just want host check for cfengine # 04/04/2011 A.Forti: Changed date format and added $DAYS_LEFT if condition # Replaced echo statement with email triggering # Cleaned up the unnecessary variables # Added a condition on the cert existence # $Id: check-cert-date.sh,v 1.8 2011/04/06 08:38:45 aforti Exp $ sendalert(){ subject=$1 body=$2 # echo $subject $body sendEmail -f root@tier2.hep.manchester.ac.uk -u $subject -m $body -t ops@tier2.hep.manchester.ac.uk -s mercury 2>1 > /dev/null } ######## # Main # ######## OPENSSL=$(which openssl 2>/dev/null) if [ -z "$OPENSSL" ]; then echo "Please install 'openssl' to run $0!" >&2 exit 1 fi X509_HOST_CERT=${X509_HOST_CERT:-/etc/grid-security/hostcert.pem} hn=`hostname -s` if [ -r $X509_HOST_CERT ] ; then CERT_END_DATE=`$OPENSSL x509 -in $X509_HOST_CERT -noout -enddate | cut -d= -f 2` EXPIRES=$(date --date="$CERT_END_DATE" +%s) TODAY=$(date +%s) SECS_LEFT=$(($EXPIRES-$TODAY)) DAYS_LEFT=$(($SECS_LEFT/86400)) if [ "$EXPIRES" '<' "$TODAY" ]; then sendalert "$hn Certificate expired!" "Certificate $X509_HOST_CERT on $hn has expired!" exit 1 elif [ "$SECS_LEFT" -lt $((30*86400)) ]; then sendalert "$hn Certificate expiration alert!" "Certificate $X509_HOST_CERT on $hn is expiring in $DAYS_LEFT days." exit 1 fi else sendalert "Host certificate $X509_HOST_CERT not installed on $hn." "Either install it or don't run this script on host $hn." fi