mirror of
https://github.com/hermanekt/Zabbix-ssl-certificate-check-with-grade.git
synced 2025-12-06 04:23:19 +00:00
init
This commit is contained in:
Tomáš Heřmánek
675
Template_SSL_Certificates.xml
Normal file
675
Template_SSL_Certificates.xml
Normal file
@@ -0,0 +1,675 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<zabbix_export>
|
||||
<version>4.2</version>
|
||||
<date>2019-07-04T10:45:43Z</date>
|
||||
<groups>
|
||||
<group>
|
||||
<name>HermanekTomas</name>
|
||||
</group>
|
||||
</groups>
|
||||
<templates>
|
||||
<template>
|
||||
<template>SSL Certificates</template>
|
||||
<name>SSL Certificates</name>
|
||||
<description/>
|
||||
<groups>
|
||||
<group>
|
||||
<name>HermanekTomas</name>
|
||||
</group>
|
||||
</groups>
|
||||
<applications>
|
||||
<application>
|
||||
<name>SSL Certificate</name>
|
||||
</application>
|
||||
<application>
|
||||
<name>SSL Grade</name>
|
||||
</application>
|
||||
<application>
|
||||
<name>SSL Service</name>
|
||||
</application>
|
||||
</applications>
|
||||
<items>
|
||||
<item>
|
||||
<name>HTTPS Service is running</name>
|
||||
<type>3</type>
|
||||
<snmp_community/>
|
||||
<snmp_oid/>
|
||||
<key>net.tcp.service[https]</key>
|
||||
<delay>1m</delay>
|
||||
<history>7d</history>
|
||||
<trends>90d</trends>
|
||||
<status>0</status>
|
||||
<value_type>3</value_type>
|
||||
<allowed_hosts/>
|
||||
<units/>
|
||||
<snmpv3_contextname/>
|
||||
<snmpv3_securityname/>
|
||||
<snmpv3_securitylevel>0</snmpv3_securitylevel>
|
||||
<snmpv3_authprotocol>0</snmpv3_authprotocol>
|
||||
<snmpv3_authpassphrase/>
|
||||
<snmpv3_privprotocol>0</snmpv3_privprotocol>
|
||||
<snmpv3_privpassphrase/>
|
||||
<params/>
|
||||
<ipmi_sensor/>
|
||||
<authtype>0</authtype>
|
||||
<username/>
|
||||
<password/>
|
||||
<publickey/>
|
||||
<privatekey/>
|
||||
<port/>
|
||||
<description/>
|
||||
<inventory_link>0</inventory_link>
|
||||
<applications>
|
||||
<application>
|
||||
<name>SSL Service</name>
|
||||
</application>
|
||||
</applications>
|
||||
<valuemap>
|
||||
<name>Service state</name>
|
||||
</valuemap>
|
||||
<logtimefmt/>
|
||||
<preprocessing/>
|
||||
<jmx_endpoint/>
|
||||
<timeout>3s</timeout>
|
||||
<url/>
|
||||
<query_fields/>
|
||||
<posts/>
|
||||
<status_codes>200</status_codes>
|
||||
<follow_redirects>1</follow_redirects>
|
||||
<post_type>0</post_type>
|
||||
<http_proxy/>
|
||||
<headers/>
|
||||
<retrieve_mode>0</retrieve_mode>
|
||||
<request_method>0</request_method>
|
||||
<output_format>0</output_format>
|
||||
<allow_traps>0</allow_traps>
|
||||
<ssl_cert_file/>
|
||||
<ssl_key_file/>
|
||||
<ssl_key_password/>
|
||||
<verify_peer>0</verify_peer>
|
||||
<verify_host>0</verify_host>
|
||||
<master_item/>
|
||||
</item>
|
||||
<item>
|
||||
<name>SSL Certificate Grade</name>
|
||||
<type>2</type>
|
||||
<snmp_community/>
|
||||
<snmp_oid/>
|
||||
<key>ssllabs.certificate.grade</key>
|
||||
<delay>0</delay>
|
||||
<history>90d</history>
|
||||
<trends>0</trends>
|
||||
<status>0</status>
|
||||
<value_type>4</value_type>
|
||||
<allowed_hosts/>
|
||||
<units/>
|
||||
<snmpv3_contextname/>
|
||||
<snmpv3_securityname/>
|
||||
<snmpv3_securitylevel>0</snmpv3_securitylevel>
|
||||
<snmpv3_authprotocol>0</snmpv3_authprotocol>
|
||||
<snmpv3_authpassphrase/>
|
||||
<snmpv3_privprotocol>0</snmpv3_privprotocol>
|
||||
<snmpv3_privpassphrase/>
|
||||
<params/>
|
||||
<ipmi_sensor/>
|
||||
<authtype>0</authtype>
|
||||
<username/>
|
||||
<password/>
|
||||
<publickey/>
|
||||
<privatekey/>
|
||||
<port/>
|
||||
<description/>
|
||||
<inventory_link>0</inventory_link>
|
||||
<applications>
|
||||
<application>
|
||||
<name>SSL Grade</name>
|
||||
</application>
|
||||
</applications>
|
||||
<valuemap/>
|
||||
<logtimefmt/>
|
||||
<preprocessing/>
|
||||
<jmx_endpoint/>
|
||||
<timeout>3s</timeout>
|
||||
<url/>
|
||||
<query_fields/>
|
||||
<posts/>
|
||||
<status_codes>200</status_codes>
|
||||
<follow_redirects>1</follow_redirects>
|
||||
<post_type>0</post_type>
|
||||
<http_proxy/>
|
||||
<headers/>
|
||||
<retrieve_mode>0</retrieve_mode>
|
||||
<request_method>0</request_method>
|
||||
<output_format>0</output_format>
|
||||
<allow_traps>0</allow_traps>
|
||||
<ssl_cert_file/>
|
||||
<ssl_key_file/>
|
||||
<ssl_key_password/>
|
||||
<verify_peer>0</verify_peer>
|
||||
<verify_host>0</verify_host>
|
||||
<master_item/>
|
||||
</item>
|
||||
<item>
|
||||
<name>SSL Certificate Grade background script</name>
|
||||
<type>10</type>
|
||||
<snmp_community/>
|
||||
<snmp_oid/>
|
||||
<key>ssllabs_checker_at.sh[{HOST.HOST}]</key>
|
||||
<delay>1h</delay>
|
||||
<history>0d</history>
|
||||
<trends>0</trends>
|
||||
<status>0</status>
|
||||
<value_type>4</value_type>
|
||||
<allowed_hosts/>
|
||||
<units/>
|
||||
<snmpv3_contextname/>
|
||||
<snmpv3_securityname/>
|
||||
<snmpv3_securitylevel>0</snmpv3_securitylevel>
|
||||
<snmpv3_authprotocol>0</snmpv3_authprotocol>
|
||||
<snmpv3_authpassphrase/>
|
||||
<snmpv3_privprotocol>0</snmpv3_privprotocol>
|
||||
<snmpv3_privpassphrase/>
|
||||
<params/>
|
||||
<ipmi_sensor/>
|
||||
<authtype>0</authtype>
|
||||
<username/>
|
||||
<password/>
|
||||
<publickey/>
|
||||
<privatekey/>
|
||||
<port/>
|
||||
<description>This is how often is Certificate Graded</description>
|
||||
<inventory_link>0</inventory_link>
|
||||
<applications>
|
||||
<application>
|
||||
<name>SSL Grade</name>
|
||||
</application>
|
||||
</applications>
|
||||
<valuemap/>
|
||||
<logtimefmt/>
|
||||
<preprocessing/>
|
||||
<jmx_endpoint/>
|
||||
<timeout>3s</timeout>
|
||||
<url/>
|
||||
<query_fields/>
|
||||
<posts/>
|
||||
<status_codes>200</status_codes>
|
||||
<follow_redirects>1</follow_redirects>
|
||||
<post_type>0</post_type>
|
||||
<http_proxy/>
|
||||
<headers/>
|
||||
<retrieve_mode>0</retrieve_mode>
|
||||
<request_method>0</request_method>
|
||||
<output_format>0</output_format>
|
||||
<allow_traps>0</allow_traps>
|
||||
<ssl_cert_file/>
|
||||
<ssl_key_file/>
|
||||
<ssl_key_password/>
|
||||
<verify_peer>0</verify_peer>
|
||||
<verify_host>0</verify_host>
|
||||
<master_item/>
|
||||
</item>
|
||||
<item>
|
||||
<name>SSL certificate validity</name>
|
||||
<type>10</type>
|
||||
<snmp_community/>
|
||||
<snmp_oid/>
|
||||
<key>zext_ssl_expiry.sh[{HOST.HOST},{$SSL_PORT},{HOST.HOST}]</key>
|
||||
<delay>1h</delay>
|
||||
<history>7d</history>
|
||||
<trends>90d</trends>
|
||||
<status>0</status>
|
||||
<value_type>0</value_type>
|
||||
<allowed_hosts/>
|
||||
<units>days</units>
|
||||
<snmpv3_contextname/>
|
||||
<snmpv3_securityname/>
|
||||
<snmpv3_securitylevel>0</snmpv3_securitylevel>
|
||||
<snmpv3_authprotocol>0</snmpv3_authprotocol>
|
||||
<snmpv3_authpassphrase/>
|
||||
<snmpv3_privprotocol>0</snmpv3_privprotocol>
|
||||
<snmpv3_privpassphrase/>
|
||||
<params/>
|
||||
<ipmi_sensor/>
|
||||
<authtype>0</authtype>
|
||||
<username/>
|
||||
<password/>
|
||||
<publickey/>
|
||||
<privatekey/>
|
||||
<port/>
|
||||
<description/>
|
||||
<inventory_link>0</inventory_link>
|
||||
<applications>
|
||||
<application>
|
||||
<name>SSL Certificate</name>
|
||||
</application>
|
||||
</applications>
|
||||
<valuemap/>
|
||||
<logtimefmt/>
|
||||
<preprocessing/>
|
||||
<jmx_endpoint/>
|
||||
<timeout>3s</timeout>
|
||||
<url/>
|
||||
<query_fields/>
|
||||
<posts/>
|
||||
<status_codes>200</status_codes>
|
||||
<follow_redirects>1</follow_redirects>
|
||||
<post_type>0</post_type>
|
||||
<http_proxy/>
|
||||
<headers/>
|
||||
<retrieve_mode>0</retrieve_mode>
|
||||
<request_method>0</request_method>
|
||||
<output_format>0</output_format>
|
||||
<allow_traps>0</allow_traps>
|
||||
<ssl_cert_file/>
|
||||
<ssl_key_file/>
|
||||
<ssl_key_password/>
|
||||
<verify_peer>0</verify_peer>
|
||||
<verify_host>0</verify_host>
|
||||
<master_item/>
|
||||
</item>
|
||||
<item>
|
||||
<name>SSL certificate issuer</name>
|
||||
<type>10</type>
|
||||
<snmp_community/>
|
||||
<snmp_oid/>
|
||||
<key>zext_ssl_issuer.sh[{HOST.HOST},{$SSL_PORT},{HOST.HOST}]</key>
|
||||
<delay>24h</delay>
|
||||
<history>90d</history>
|
||||
<trends>0</trends>
|
||||
<status>0</status>
|
||||
<value_type>4</value_type>
|
||||
<allowed_hosts/>
|
||||
<units/>
|
||||
<snmpv3_contextname/>
|
||||
<snmpv3_securityname/>
|
||||
<snmpv3_securitylevel>0</snmpv3_securitylevel>
|
||||
<snmpv3_authprotocol>0</snmpv3_authprotocol>
|
||||
<snmpv3_authpassphrase/>
|
||||
<snmpv3_privprotocol>0</snmpv3_privprotocol>
|
||||
<snmpv3_privpassphrase/>
|
||||
<params/>
|
||||
<ipmi_sensor/>
|
||||
<authtype>0</authtype>
|
||||
<username/>
|
||||
<password/>
|
||||
<publickey/>
|
||||
<privatekey/>
|
||||
<port/>
|
||||
<description/>
|
||||
<inventory_link>0</inventory_link>
|
||||
<applications>
|
||||
<application>
|
||||
<name>SSL Certificate</name>
|
||||
</application>
|
||||
</applications>
|
||||
<valuemap/>
|
||||
<logtimefmt/>
|
||||
<preprocessing>
|
||||
<step>
|
||||
<type>3</type>
|
||||
<params>issuer= </params>
|
||||
<error_handler>0</error_handler>
|
||||
<error_handler_params/>
|
||||
</step>
|
||||
</preprocessing>
|
||||
<jmx_endpoint/>
|
||||
<timeout>3s</timeout>
|
||||
<url/>
|
||||
<query_fields/>
|
||||
<posts/>
|
||||
<status_codes>200</status_codes>
|
||||
<follow_redirects>1</follow_redirects>
|
||||
<post_type>0</post_type>
|
||||
<http_proxy/>
|
||||
<headers/>
|
||||
<retrieve_mode>0</retrieve_mode>
|
||||
<request_method>0</request_method>
|
||||
<output_format>0</output_format>
|
||||
<allow_traps>0</allow_traps>
|
||||
<ssl_cert_file/>
|
||||
<ssl_key_file/>
|
||||
<ssl_key_password/>
|
||||
<verify_peer>0</verify_peer>
|
||||
<verify_host>0</verify_host>
|
||||
<master_item/>
|
||||
</item>
|
||||
</items>
|
||||
<discovery_rules/>
|
||||
<httptests/>
|
||||
<macros>
|
||||
<macro>
|
||||
<macro>{$SSL_EXPIRY_AVG}</macro>
|
||||
<value>15</value>
|
||||
</macro>
|
||||
<macro>
|
||||
<macro>{$SSL_EXPIRY_HIGH}</macro>
|
||||
<value>7</value>
|
||||
</macro>
|
||||
<macro>
|
||||
<macro>{$SSL_EXPIRY_INFO}</macro>
|
||||
<value>60</value>
|
||||
</macro>
|
||||
<macro>
|
||||
<macro>{$SSL_EXPIRY_NOTCLASSIFIED}</macro>
|
||||
<value>90</value>
|
||||
</macro>
|
||||
<macro>
|
||||
<macro>{$SSL_EXPIRY_WARN}</macro>
|
||||
<value>30</value>
|
||||
</macro>
|
||||
<macro>
|
||||
<macro>{$SSL_PORT}</macro>
|
||||
<value>443</value>
|
||||
</macro>
|
||||
</macros>
|
||||
<templates/>
|
||||
<screens/>
|
||||
<tags/>
|
||||
</template>
|
||||
</templates>
|
||||
<triggers>
|
||||
<trigger>
|
||||
<expression>{SSL Certificates:ssllabs.certificate.grade.str(A)}=1</expression>
|
||||
<recovery_mode>0</recovery_mode>
|
||||
<recovery_expression/>
|
||||
<name>Certificate {HOST.HOST} grade is A</name>
|
||||
<correlation_mode>0</correlation_mode>
|
||||
<correlation_tag/>
|
||||
<url/>
|
||||
<status>1</status>
|
||||
<priority>1</priority>
|
||||
<description/>
|
||||
<type>0</type>
|
||||
<manual_close>0</manual_close>
|
||||
<dependencies/>
|
||||
<tags/>
|
||||
</trigger>
|
||||
<trigger>
|
||||
<expression>{SSL Certificates:ssllabs.certificate.grade.str(A+)}=1</expression>
|
||||
<recovery_mode>0</recovery_mode>
|
||||
<recovery_expression/>
|
||||
<name>Certificate {HOST.HOST} grade is A+</name>
|
||||
<correlation_mode>0</correlation_mode>
|
||||
<correlation_tag/>
|
||||
<url/>
|
||||
<status>1</status>
|
||||
<priority>1</priority>
|
||||
<description/>
|
||||
<type>0</type>
|
||||
<manual_close>0</manual_close>
|
||||
<dependencies/>
|
||||
<tags/>
|
||||
</trigger>
|
||||
<trigger>
|
||||
<expression>{SSL Certificates:ssllabs.certificate.grade.str(B)}=1</expression>
|
||||
<recovery_mode>0</recovery_mode>
|
||||
<recovery_expression/>
|
||||
<name>Certificate {HOST.HOST} grade is B</name>
|
||||
<correlation_mode>0</correlation_mode>
|
||||
<correlation_tag/>
|
||||
<url/>
|
||||
<status>0</status>
|
||||
<priority>2</priority>
|
||||
<description/>
|
||||
<type>0</type>
|
||||
<manual_close>0</manual_close>
|
||||
<dependencies/>
|
||||
<tags/>
|
||||
</trigger>
|
||||
<trigger>
|
||||
<expression>{SSL Certificates:ssllabs.certificate.grade.str(C)}=1</expression>
|
||||
<recovery_mode>0</recovery_mode>
|
||||
<recovery_expression/>
|
||||
<name>Certificate {HOST.HOST} grade is C</name>
|
||||
<correlation_mode>0</correlation_mode>
|
||||
<correlation_tag/>
|
||||
<url/>
|
||||
<status>0</status>
|
||||
<priority>2</priority>
|
||||
<description/>
|
||||
<type>0</type>
|
||||
<manual_close>0</manual_close>
|
||||
<dependencies/>
|
||||
<tags/>
|
||||
</trigger>
|
||||
<trigger>
|
||||
<expression>{SSL Certificates:ssllabs.certificate.grade.str(D)}=1</expression>
|
||||
<recovery_mode>0</recovery_mode>
|
||||
<recovery_expression/>
|
||||
<name>Certificate {HOST.HOST} grade is D</name>
|
||||
<correlation_mode>0</correlation_mode>
|
||||
<correlation_tag/>
|
||||
<url/>
|
||||
<status>0</status>
|
||||
<priority>3</priority>
|
||||
<description/>
|
||||
<type>0</type>
|
||||
<manual_close>0</manual_close>
|
||||
<dependencies/>
|
||||
<tags/>
|
||||
</trigger>
|
||||
<trigger>
|
||||
<expression>{SSL Certificates:ssllabs.certificate.grade.str(F)}=1</expression>
|
||||
<recovery_mode>0</recovery_mode>
|
||||
<recovery_expression/>
|
||||
<name>Certificate {HOST.HOST} grade is F</name>
|
||||
<correlation_mode>0</correlation_mode>
|
||||
<correlation_tag/>
|
||||
<url/>
|
||||
<status>0</status>
|
||||
<priority>4</priority>
|
||||
<description/>
|
||||
<type>0</type>
|
||||
<manual_close>0</manual_close>
|
||||
<dependencies/>
|
||||
<tags/>
|
||||
</trigger>
|
||||
<trigger>
|
||||
<expression>{SSL Certificates:zext_ssl_issuer.sh[{HOST.HOST},{$SSL_PORT},{HOST.HOST}].change()}>0</expression>
|
||||
<recovery_mode>0</recovery_mode>
|
||||
<recovery_expression/>
|
||||
<name>Change in SSL Certificate Issuer</name>
|
||||
<correlation_mode>0</correlation_mode>
|
||||
<correlation_tag/>
|
||||
<url>https://{$SSL_HOST}:{$SSL_PORT}</url>
|
||||
<status>0</status>
|
||||
<priority>1</priority>
|
||||
<description/>
|
||||
<type>0</type>
|
||||
<manual_close>1</manual_close>
|
||||
<dependencies/>
|
||||
<tags/>
|
||||
</trigger>
|
||||
<trigger>
|
||||
<expression>{SSL Certificates:net.tcp.service[https].max(5m)}<1</expression>
|
||||
<recovery_mode>0</recovery_mode>
|
||||
<recovery_expression/>
|
||||
<name>HTTPS Service is Down</name>
|
||||
<correlation_mode>0</correlation_mode>
|
||||
<correlation_tag/>
|
||||
<url/>
|
||||
<status>0</status>
|
||||
<priority>2</priority>
|
||||
<description/>
|
||||
<type>0</type>
|
||||
<manual_close>0</manual_close>
|
||||
<dependencies/>
|
||||
<tags/>
|
||||
</trigger>
|
||||
<trigger>
|
||||
<expression>{SSL Certificates:zext_ssl_expiry.sh[{HOST.HOST},{$SSL_PORT},{HOST.HOST}].last(0)}<0</expression>
|
||||
<recovery_mode>0</recovery_mode>
|
||||
<recovery_expression/>
|
||||
<name>SSL certificate on {HOST.HOST} expired</name>
|
||||
<correlation_mode>0</correlation_mode>
|
||||
<correlation_tag/>
|
||||
<url/>
|
||||
<status>0</status>
|
||||
<priority>5</priority>
|
||||
<description/>
|
||||
<type>0</type>
|
||||
<manual_close>0</manual_close>
|
||||
<dependencies/>
|
||||
<tags/>
|
||||
</trigger>
|
||||
<trigger>
|
||||
<expression>{SSL Certificates:zext_ssl_expiry.sh[{HOST.HOST},{$SSL_PORT},{HOST.HOST}].last(5)}<{$SSL_EXPIRY_AVG}</expression>
|
||||
<recovery_mode>0</recovery_mode>
|
||||
<recovery_expression/>
|
||||
<name>SSL certificate on {HOST.HOST} expires in less than {$SSL_EXPIRY_AVG} days ({ITEM.VALUE} days remaining)</name>
|
||||
<correlation_mode>0</correlation_mode>
|
||||
<correlation_tag/>
|
||||
<url/>
|
||||
<status>0</status>
|
||||
<priority>3</priority>
|
||||
<description/>
|
||||
<type>0</type>
|
||||
<manual_close>0</manual_close>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<name>SSL certificate on {HOST.HOST} expires in less than {$SSL_EXPIRY_HIGH} days ({ITEM.VALUE} days remaining)</name>
|
||||
<expression>{SSL Certificates:zext_ssl_expiry.sh[{HOST.HOST},{$SSL_PORT},{HOST.HOST}].last(5)}<{$SSL_EXPIRY_HIGH}</expression>
|
||||
<recovery_expression/>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
<tags/>
|
||||
</trigger>
|
||||
<trigger>
|
||||
<expression>{SSL Certificates:zext_ssl_expiry.sh[{HOST.HOST},{$SSL_PORT},{HOST.HOST}].last(5)}<{$SSL_EXPIRY_HIGH}</expression>
|
||||
<recovery_mode>0</recovery_mode>
|
||||
<recovery_expression/>
|
||||
<name>SSL certificate on {HOST.HOST} expires in less than {$SSL_EXPIRY_HIGH} days ({ITEM.VALUE} days remaining)</name>
|
||||
<correlation_mode>0</correlation_mode>
|
||||
<correlation_tag/>
|
||||
<url/>
|
||||
<status>0</status>
|
||||
<priority>4</priority>
|
||||
<description/>
|
||||
<type>0</type>
|
||||
<manual_close>0</manual_close>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<name>SSL certificate on {HOST.HOST} expired</name>
|
||||
<expression>{SSL Certificates:zext_ssl_expiry.sh[{HOST.HOST},{$SSL_PORT},{HOST.HOST}].last(0)}<0</expression>
|
||||
<recovery_expression/>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
<tags/>
|
||||
</trigger>
|
||||
<trigger>
|
||||
<expression>{SSL Certificates:zext_ssl_expiry.sh[{HOST.HOST},{$SSL_PORT},{HOST.HOST}].last(5)}<{$SSL_EXPIRY_INFO}</expression>
|
||||
<recovery_mode>0</recovery_mode>
|
||||
<recovery_expression/>
|
||||
<name>SSL certificate on {HOST.HOST} expires in less than {$SSL_EXPIRY_INFO} days ({ITEM.VALUE} days remaining)</name>
|
||||
<correlation_mode>0</correlation_mode>
|
||||
<correlation_tag/>
|
||||
<url/>
|
||||
<status>0</status>
|
||||
<priority>1</priority>
|
||||
<description/>
|
||||
<type>0</type>
|
||||
<manual_close>0</manual_close>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<name>SSL certificate on {HOST.HOST} expires in less than {$SSL_EXPIRY_WARN} days ({ITEM.VALUE} days remaining)</name>
|
||||
<expression>{SSL Certificates:zext_ssl_expiry.sh[{HOST.HOST},{$SSL_PORT},{HOST.HOST}].last(5)}<{$SSL_EXPIRY_WARN}</expression>
|
||||
<recovery_expression/>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
<tags/>
|
||||
</trigger>
|
||||
<trigger>
|
||||
<expression>{SSL Certificates:zext_ssl_expiry.sh[{HOST.HOST},{$SSL_PORT},{HOST.HOST}].last(5)}<{$SSL_EXPIRY_NOTCLASSIFIED}</expression>
|
||||
<recovery_mode>0</recovery_mode>
|
||||
<recovery_expression/>
|
||||
<name>SSL certificate on {HOST.HOST} expires in less than {$SSL_EXPIRY_NOTCLASSIFIED} days ({ITEM.VALUE} days remaining)</name>
|
||||
<correlation_mode>0</correlation_mode>
|
||||
<correlation_tag/>
|
||||
<url/>
|
||||
<status>0</status>
|
||||
<priority>0</priority>
|
||||
<description/>
|
||||
<type>0</type>
|
||||
<manual_close>0</manual_close>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<name>SSL certificate on {HOST.HOST} expires in less than {$SSL_EXPIRY_INFO} days ({ITEM.VALUE} days remaining)</name>
|
||||
<expression>{SSL Certificates:zext_ssl_expiry.sh[{HOST.HOST},{$SSL_PORT},{HOST.HOST}].last(5)}<{$SSL_EXPIRY_INFO}</expression>
|
||||
<recovery_expression/>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
<tags/>
|
||||
</trigger>
|
||||
<trigger>
|
||||
<expression>{SSL Certificates:zext_ssl_expiry.sh[{HOST.HOST},{$SSL_PORT},{HOST.HOST}].last(5)}<{$SSL_EXPIRY_WARN}</expression>
|
||||
<recovery_mode>0</recovery_mode>
|
||||
<recovery_expression/>
|
||||
<name>SSL certificate on {HOST.HOST} expires in less than {$SSL_EXPIRY_WARN} days ({ITEM.VALUE} days remaining)</name>
|
||||
<correlation_mode>0</correlation_mode>
|
||||
<correlation_tag/>
|
||||
<url/>
|
||||
<status>0</status>
|
||||
<priority>2</priority>
|
||||
<description/>
|
||||
<type>0</type>
|
||||
<manual_close>0</manual_close>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<name>SSL certificate on {HOST.HOST} expires in less than {$SSL_EXPIRY_AVG} days ({ITEM.VALUE} days remaining)</name>
|
||||
<expression>{SSL Certificates:zext_ssl_expiry.sh[{HOST.HOST},{$SSL_PORT},{HOST.HOST}].last(5)}<{$SSL_EXPIRY_AVG}</expression>
|
||||
<recovery_expression/>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
<tags/>
|
||||
</trigger>
|
||||
</triggers>
|
||||
<graphs>
|
||||
<graph>
|
||||
<name>SSL Certificate valid days</name>
|
||||
<width>900</width>
|
||||
<height>200</height>
|
||||
<yaxismin>0.0000</yaxismin>
|
||||
<yaxismax>100.0000</yaxismax>
|
||||
<show_work_period>1</show_work_period>
|
||||
<show_triggers>1</show_triggers>
|
||||
<type>0</type>
|
||||
<show_legend>1</show_legend>
|
||||
<show_3d>0</show_3d>
|
||||
<percent_left>0.0000</percent_left>
|
||||
<percent_right>0.0000</percent_right>
|
||||
<ymin_type_1>0</ymin_type_1>
|
||||
<ymax_type_1>0</ymax_type_1>
|
||||
<ymin_item_1>0</ymin_item_1>
|
||||
<ymax_item_1>0</ymax_item_1>
|
||||
<graph_items>
|
||||
<graph_item>
|
||||
<sortorder>0</sortorder>
|
||||
<drawtype>0</drawtype>
|
||||
<color>BB00BB</color>
|
||||
<yaxisside>0</yaxisside>
|
||||
<calc_fnc>2</calc_fnc>
|
||||
<type>0</type>
|
||||
<item>
|
||||
<host>SSL Certificates</host>
|
||||
<key>zext_ssl_expiry.sh[{HOST.HOST},{$SSL_PORT},{HOST.HOST}]</key>
|
||||
</item>
|
||||
</graph_item>
|
||||
</graph_items>
|
||||
</graph>
|
||||
</graphs>
|
||||
<value_maps>
|
||||
<value_map>
|
||||
<name>Service state</name>
|
||||
<mappings>
|
||||
<mapping>
|
||||
<value>0</value>
|
||||
<newvalue>Down</newvalue>
|
||||
</mapping>
|
||||
<mapping>
|
||||
<value>1</value>
|
||||
<newvalue>Up</newvalue>
|
||||
</mapping>
|
||||
</mappings>
|
||||
</value_map>
|
||||
</value_maps>
|
||||
</zabbix_export>
|
||||
BIN
ssllabs-scan
Normal file
BIN
ssllabs-scan
Normal file
Binary file not shown.
33
ssllabs_checker.sh
Normal file
33
ssllabs_checker.sh
Normal file
@@ -0,0 +1,33 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Configuration
|
||||
HOST=$1
|
||||
ZABBIX_SENDER="/usr/bin/zabbix_sender"
|
||||
ZABBIX_CONFIG="/etc/zabbix/zabbix_agentd.conf"
|
||||
#ZABBIX_CONFIG=""
|
||||
ZABBIX_SERVER="127.0.0.1"
|
||||
ZABBIX_PORT="10051"
|
||||
ZABBIX_KEY="ssllabs.certificate.grade"
|
||||
|
||||
SSLLAB_SCAN="/usr/lib/zabbix/externalscripts/ssllabs-scan"
|
||||
|
||||
#with cache
|
||||
#SSLLAB_OPTIONS="-usecache -quiet -grade -maxage 1"
|
||||
#without cache
|
||||
SSLLAB_OPTIONS="-quiet -grade"
|
||||
|
||||
# Do the job
|
||||
set -o errexit
|
||||
ZABBIX_SENDER_CMD=$ZABBIX_SENDER
|
||||
if [ -z $ZABBIX_CONFIG ]
|
||||
then
|
||||
ZABBIX_SENDER_CMD="$ZABBIX_SENDER_CMD -z $ZABBIX_SERVER -p $ZABBIX_PORT "
|
||||
else
|
||||
ZABBIX_SENDER_CMD="$ZABBIX_SENDER_CMD -c $ZABBIX_CONFIG "
|
||||
fi
|
||||
|
||||
VALUE=$($SSLLAB_SCAN $SSLLAB_OPTIONS $HOST | awk 'BEGIN { FS=":" } /1/ { print $2 }'| sed -e 's/^"//' -e 's/"$//')
|
||||
|
||||
ZABBIX_SENDER_CMD="$ZABBIX_SENDER_CMD -s $HOST -k $ZABBIX_KEY -o $VALUE"
|
||||
|
||||
$ZABBIX_SENDER_CMD 1>/dev/null
|
||||
4
ssllabs_checker_at.sh
Normal file
4
ssllabs_checker_at.sh
Normal file
@@ -0,0 +1,4 @@
|
||||
#!/bin/bash
|
||||
EXTERNALSCRIPTS=/usr/lib/zabbix/externalscripts
|
||||
echo "$EXTERNALSCRIPTS/ssllabs_checker.sh $1" | at now
|
||||
|
||||
23
zext_ssl_expiry.sh
Normal file
23
zext_ssl_expiry.sh
Normal file
@@ -0,0 +1,23 @@
|
||||
#! /bin/sh
|
||||
SERVER=$1
|
||||
TIMEOUT=5
|
||||
RETVAL=0
|
||||
SNI=$3
|
||||
TIMESTAMP=`echo | date`
|
||||
if [ -z "$2" ]
|
||||
then
|
||||
PORT=443;
|
||||
else
|
||||
PORT=$2;
|
||||
fi
|
||||
EXPIRE_DATE=`timeout $TIMEOUT openssl s_client -connect $SERVER:$PORT -servername $SNI 2>/dev/null | openssl x509 -noout -dates 2>/dev/null | grep notAfter | cut -d'=' -f2`
|
||||
EXPIRE_SECS=`date -d "${EXPIRE_DATE}" +%s`
|
||||
EXPIRE_TIME=$(( ${EXPIRE_SECS} - `date +%s` ))
|
||||
if test $EXPIRE_TIME -lt 0
|
||||
then
|
||||
RETVAL=0
|
||||
else
|
||||
RETVAL=$(( ${EXPIRE_TIME} / 24 / 3600 ))
|
||||
fi
|
||||
|
||||
echo ${RETVAL}
|
||||
9
zext_ssl_issuer.sh
Normal file
9
zext_ssl_issuer.sh
Normal file
@@ -0,0 +1,9 @@
|
||||
#! /bin/sh
|
||||
SERVER=$1
|
||||
TIMEOUT=5
|
||||
#RETVAL=0
|
||||
#TIMESTAMP=`echo | date`
|
||||
PORT=$2
|
||||
SNI=$3
|
||||
ISSUER=`timeout $TIMEOUT openssl s_client -connect ${SERVER}:${PORT} -servername $SNI 2>/dev/null | openssl x509 -noout -issuer 2>/dev/null | grep issuer`
|
||||
echo ${ISSUER}
|
||||
Reference in New Issue
Block a user