[check_cert] ajout des certifs fichiers

2013-04-05 10:28:02 +02:00 · 2013-04-05 10:28:02 +02:00 · 64cb8ab2e7
commit 64cb8ab2e7
parent 96ed50c79f
2 changed files with 30 additions and 10 deletions
--- a/Metadata/groups.xml
+++ b/Metadata/groups.xml
@ -29,6 +29,7 @@
    <Group name="debian-mirror"/>
    <Group name="webmasters"/>
    <Group name="ntp-server"/>
+    <Group name="https_cert" />
  </Group>

  <Group name="daath"
@ -77,7 +78,6 @@
    <Group name="munin-server"/>
    <Group name="vlan-wifi" />

-    <Bundle name="check_cert" />
    <Group name="https_cert" />
  </Group>

@ -194,6 +194,7 @@
    <Group name="radius-server" />
    <Group name="vlan-wifi" />
    <Group name="non-vlan-adherent" />
+    <Bundle name="check_cert" /><!-- Certif radius -->
  </Group>

  <Group name="mdr"
@ -211,8 +212,8 @@
  <Group name="xmpp"
         profile="true">
    <Group name="ejabberd-services"/>
-    <Group name="ejabberd-server"/>
    <Group name="crans-domu-squeeze"/>
+    <Bundle name="check_cert" /><!-- For jabber's key -->
  </Group>

  <Group name="niomniom"
@ -282,7 +283,6 @@
    <Group name="news-search"/>
    <Group name="crans-domu-squeeze"/>

-    <Bundle name="check_cert" />
    <Group name="https_cert" />
  </Group>

@ -290,7 +290,6 @@
         profile="true">
    <Group name="crans-domu-squeeze"/>
    <Group name="intranet2-server"/>
-    <Bundle name="check_cert" />
    <Group name="https_cert" />
  </Group>

@ -337,7 +336,6 @@
    <Group name="http-server"/>
 <!--    <Group name="nginx" comment="Proxy web pour SOGo"/>-->
    <Group name="crans-domu-squeeze"/>
-    <Bundle name="check_cert" />
    <Group name="https_cert" />
  </Group>

@ -440,7 +438,6 @@
     comment="profile minimal pour lenny">
    <Group name="crans-common"/>
    <Group name="lenny"/>
-    <Group name="nss-ldapd"/>
    <Group name="openntpd"/>
  </Group>

@ -448,7 +445,6 @@
     comment="profile minimal pour squeeze">
    <Group name="crans-common"/>
    <Group name="squeeze"/>
-    <Group name="nss-ldapd"/>
    <Group name="ntp"/>
  </Group>

@ -692,6 +688,10 @@
    <Bundle name="check_cert" />
  </Group>

+  <Group name="https_cert">
+    <Bundle name="check_cert" />
+  </Group>
+
  <Group name="intranet-server"
     comment="le serveur HTTPS (port 443) gérant intranet.crans.org">
    <Group name="intranet-server-backend"/>
@ -906,6 +906,7 @@
  <Group name="vpn"
     comment="Un des deux points d'un tunnel sécurisée">
    <Group name="vpn-backend"/>
+    <Bundle name="check_cert" /><!-- Check vpn cert -->
  </Group>

  <!-- *** Mumudvb *** -->
--- a/Python/etc/cron.d/check_cert
+++ b/Python/etc/cron.d/check_cert
@ -6,13 +6,21 @@ info["perms"] = 0644

 header("Check SSL certificates")

-def check_cert(host='localhost', port=443, user="www-data"):
-    print "42 7 * * * %(user)s /usr/scripts/utils/check_cert.py %(host)s %(port)s" %\
-        { 'host': host,
+def check_cert(host='localhost', port=443, user="www-data", filename=None):
+    params={
+          'host': host,
          'port': port,
          'user': user,
+          'filename': filename,
        }
+    if filename:
+        print "43 7 * * * %(user)s /usr/scripts/utils/check_cert.py --filename %(filename)s" %\
+            params
+    else:
+        print "42 7 * * * %(user)s /usr/scripts/utils/check_cert.py %(host)s %(port)s" %\
+            params

+# Host specific
 if has('https-server') or has('https_cert'):
    check_cert('localhost', 443, 'www-data')

@ -21,3 +29,14 @@ if has('bcfg2-server'):

 if has('asterisk'):
    check_cert('localhost', 5061)
+
+# file specific
+if has('eap'):
+    check_cert(filename='/etc/freeradius/certs/wifi.crt', user='freerad')
+
+if has('vpn'):
+    check_cert(filename='/etc/ssl/certs/vpn.pem', user='root')
+
+if has('xmpp'):
+    check_cert(filename='/etc/ssl/certs/jabber_server.pem', user='jabber')
+