[check_cert] vérification des dates des certifs

En faisant une connexion directe tcp. Du coup, ça ne marche pas pour tous les services utilisants SSL: * freeradius (key pour le wifi) utilise de l'UDP donc est hors jeu. * xmpp : le protocole du serveur n'a pas l'air reconnu Il faudrait aussi regrouper tout ça sous un groupe commun.
2013-02-14 03:06:36 +01:00 · 2013-02-14 03:06:36 +01:00 · 1f5131aeb7
commit 1f5131aeb7
parent 6c53b69fdc
3 changed files with 43 additions and 0 deletions
--- a/Bundler/check_cert.xml
+++ b/Bundler/check_cert.xml
@ -0,0 +1,4 @@
+<Bundle name="check_eux">
+  <Package name="python-m2crypto" />
+  <Python name="/etc/cron.d/check_cert" />
+</Bundle>
--- a/Metadata/groups.xml
+++ b/Metadata/groups.xml
@ -235,11 +235,14 @@
    <Group name="crans-squeeze-domu"/>
    <Group name="http-server"/>
    <Group name="home-permanent"/>
+    <Bundle name="check_cert" />
+    <Group name="https_cert" />
  </Group>

  <Group name="asterisk"
         profile="true">
    <Group name="crans-squeeze-domu"/>
+    <Bundle name="check_cert" />
  </Group>

  <Group name="canard"
@ -280,12 +283,17 @@
    <Group name="http-server"/>
    <Group name="news-search"/>
    <Group name="crans-squeeze-domu"/>
+
+    <Bundle name="check_cert" />
+    <Group name="https_cert" />
  </Group>

  <Group name="o2"
         profile="true">
    <Group name="crans-squeeze-domu"/>
    <Group name="nginx" comment="Pour l'intranet"/>
+    <Bundle name="check_cert" />
+    <Group name="https_cert" />
  </Group>

  <Group name="munin"
@ -354,6 +362,8 @@
        profile="true">
    <Group name="nginx" comment="Proxy web pour SOGo"/>
    <Group name="crans-squeeze-domu"/>
+    <Bundle name="check_cert" />
+    <Group name="https_cert" />
  </Group>

  <Group name="dhcp"
@ -438,6 +448,10 @@
    <Bundle name="molly-guard"/>
    <Bundle name="vlock"/>
    <Bundle name="nagios"/>
+
+    <Bundle name="check_cert" />
+    <Group name="https_cert" />
+
    <Bundle name="python-netifaces"/>
    <Bundle name="sshfingerprint"/>
  </Group>
@ -697,6 +711,7 @@
  <Group name="https-server"
     comment="un serveur HTTPS (port 443) de l'association">
    <Group name="https-server-backend"/>
+    <Bundle name="check_cert" />
  </Group>

  <Group name="intranet-server"
@ -1134,6 +1149,7 @@

  <Group name="bcfg2-server">
    <Bundle name="bcfg2"/>
+    <Bundle name="check_cert" />
  </Group>

  <Group name="apt-mirror"
--- a/Python/etc/cron.d/check_cert
+++ b/Python/etc/cron.d/check_cert
@ -0,0 +1,23 @@
+# -*- coding: utf-8; mode: python -*-
+
+info["owner"] = "root"
+info["group"] = "root"
+info["perms"] = 0644
+
+header("Check SSL certificates")
+
+def check_cert(host='localhost', port=443, user="www-data"):
+    print "42 7 * * * %(user)s /usr/scripts/utils/check_cert.py %(host)s %(port)s" %\
+        { 'host': host,
+          'port': port,
+          'user': user,
+        }
+
+if has('https-server') or has('https_cert'):
+    check_cert('localhost', 443, 'www-data')
+
+if has('bcfg2-server'):
+    check_cert('localhost', 6789)
+
+if has('asterisk'):
+    check_cert('localhost', 5061)