crans/crans_bcfg2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[check_cert] vérification des dates des certifs

Browse source 
En faisant une connexion directe tcp. Du coup, ça ne marche pas
pour tous les services utilisants SSL:
 * freeradius (key pour le wifi) utilise de l'UDP donc est hors jeu.
 * xmpp : le protocole du serveur n'a pas l'air reconnu

Il faudrait aussi regrouper tout ça sous un groupe commun.
This commit is contained in:
Daniel STAN 2013-02-14 03:06:36 +01:00
parent 6c53b69fdc
commit 1f5131aeb7
3 changed files with 43 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Bundler/check_cert.xml Normal file
View file

@ -0,0 +1,4 @@
<Bundle name="check_eux">
<Package name="python-m2crypto" />
<Python name="/etc/cron.d/check_cert" />
</Bundle>

16
Metadata/groups.xml
View file

@ -235,11 +235,14 @@
<Group name="crans-squeeze-domu"/> <Group name="crans-squeeze-domu"/>
<Group name="http-server"/> <Group name="http-server"/>
<Group name="home-permanent"/> <Group name="home-permanent"/>
<Bundle name="check_cert" />
<Group name="https_cert" />
</Group> </Group>
<Group name="asterisk" <Group name="asterisk"
profile="true"> profile="true">
<Group name="crans-squeeze-domu"/> <Group name="crans-squeeze-domu"/>
<Bundle name="check_cert" />
</Group> </Group>
<Group name="canard" <Group name="canard"
@ -280,12 +283,17 @@
<Group name="http-server"/> <Group name="http-server"/>
<Group name="news-search"/> <Group name="news-search"/>
<Group name="crans-squeeze-domu"/> <Group name="crans-squeeze-domu"/>
<Bundle name="check_cert" />
<Group name="https_cert" />
</Group> </Group>
<Group name="o2" <Group name="o2"
profile="true"> profile="true">
<Group name="crans-squeeze-domu"/> <Group name="crans-squeeze-domu"/>
<Group name="nginx" comment="Pour l'intranet"/> <Group name="nginx" comment="Pour l'intranet"/>
<Bundle name="check_cert" />
<Group name="https_cert" />
</Group> </Group>
<Group name="munin" <Group name="munin"
@ -354,6 +362,8 @@
profile="true"> profile="true">
<Group name="nginx" comment="Proxy web pour SOGo"/> <Group name="nginx" comment="Proxy web pour SOGo"/>
<Group name="crans-squeeze-domu"/> <Group name="crans-squeeze-domu"/>
<Bundle name="check_cert" />
<Group name="https_cert" />
</Group> </Group>
<Group name="dhcp" <Group name="dhcp"
@ -438,6 +448,10 @@
<Bundle name="molly-guard"/> <Bundle name="molly-guard"/>
<Bundle name="vlock"/> <Bundle name="vlock"/>
<Bundle name="nagios"/> <Bundle name="nagios"/>
<Bundle name="check_cert" />
<Group name="https_cert" />
<Bundle name="python-netifaces"/> <Bundle name="python-netifaces"/>
<Bundle name="sshfingerprint"/> <Bundle name="sshfingerprint"/>
</Group> </Group>
@ -697,6 +711,7 @@
<Group name="https-server" <Group name="https-server"
comment="un serveur HTTPS (port 443) de l'association"> comment="un serveur HTTPS (port 443) de l'association">
<Group name="https-server-backend"/> <Group name="https-server-backend"/>
<Bundle name="check_cert" />
</Group> </Group>
<Group name="intranet-server" <Group name="intranet-server"
@ -1134,6 +1149,7 @@
<Group name="bcfg2-server"> <Group name="bcfg2-server">
<Bundle name="bcfg2"/> <Bundle name="bcfg2"/>
<Bundle name="check_cert" />
</Group> </Group>
<Group name="apt-mirror" <Group name="apt-mirror"

23
Python/etc/cron.d/check_cert Normal file
View file

@ -0,0 +1,23 @@
# -*- coding: utf-8; mode: python -*-
info["owner"] = "root"
info["group"] = "root"
info["perms"] = 0644
header("Check SSL certificates")
def check_cert(host='localhost', port=443, user="www-data"):
print "42 7 * * * %(user)s /usr/scripts/utils/check_cert.py %(host)s %(port)s" %\
{ 'host': host,
'port': port,
'user': user,
}
if has('https-server') or has('https_cert'):
check_cert('localhost', 443, 'www-data')
if has('bcfg2-server'):
check_cert('localhost', 6789)
if has('asterisk'):
check_cert('localhost', 5061)