21f7ffbbf7
On ne tracke pas les certifs de tous les serveurs postfix, mais juste des principaux (ie ceux qui ont vraiment un certif)
45 lines
1.1 KiB
Python
45 lines
1.1 KiB
Python
# -*- coding: utf-8; mode: python -*-
|
|
|
|
info["owner"] = "root"
|
|
info["group"] = "root"
|
|
info["perms"] = 0644
|
|
|
|
header("Check SSL certificates")
|
|
|
|
def check_cert(host='localhost', port=443, user="www-data", filename=None):
|
|
params={
|
|
'host': host,
|
|
'port': port,
|
|
'user': user,
|
|
'filename': filename,
|
|
}
|
|
if filename:
|
|
print "43 7 * * * %(user)s /usr/scripts/utils/check_cert.py --filename %(filename)s" %\
|
|
params
|
|
else:
|
|
print "42 7 * * * %(user)s /usr/scripts/utils/check_cert.py %(host)s %(port)s" %\
|
|
params
|
|
|
|
# Host specific
|
|
if has('https-server') or has('https_cert'):
|
|
check_cert('localhost', 443, 'www-data')
|
|
|
|
if has('bcfg2-server'):
|
|
check_cert(metadata.hostname, 6789)
|
|
|
|
if has('asterisk'):
|
|
check_cert('localhost', 5061)
|
|
|
|
# file specific
|
|
if has('eap'):
|
|
check_cert(filename='/etc/freeradius/certs/wifi.crt', user='freerad')
|
|
|
|
if has('vpn'):
|
|
check_cert(filename='/etc/ssl/certs/vpn.pem', user='root')
|
|
|
|
if has('xmpp'):
|
|
check_cert(filename='/etc/ssl/certs/jabber_server.pem', user='jabber')
|
|
|
|
if has('mail-mx'):
|
|
check_cert('localhost', 465)
|
|
|