Monitoring the site certificate with Nagios
- Details
- Category: Nagios
- Published: Thursday, 25 June 2020 16:13
- Written by Super User
- Hits: 1542
If you have a site, there is a need to control the validity of the certificate. I already use Nagios for monitoring, so let them control the certificates.
Maybe there is a plug-in for certificate control somewhere, but I didn't find it. Although, in fact, I did not look for him for a long time. So I decided to write my own plugin that can check how long the certificate will be valid. At the same time added cheking a CAA record.
The usage format is very simple
Usage: check_cert.sh -H hostname [pdwcC]
-H hostname or IP address mandatory parameter
-p port default 443
-d domain name default is a same as HOSTNAME
-w warning value in days default 30
-c critical value in days default 7
-C test CAA record. Value 1 - check CAA record, 0 – do not check it. Default – 0
To connect to Nagios in the directory with plugins configs (it is on my server /etc/nagios-plugins/config) I added the custom.cfg file and wrote on it
# 'check_https_cert' command definition
define command {
command_name check_https_cert
command_line /etc/nagios-plugins/scripts/check_cert.sh -H '$HOSTADDRESS$' -C '$ARG1$' -d '$ARG2$' -w '$ARG3$' -c '$ARG4$'
}
The plugin script file put in a freshly created directory /etc/nagios-plugins/scripts/
If you put it somewhere else, the path in the custom.cfg file will need to be changed.
And then in the configs Nagios created a description of the service
/etc/nagios4/conf.d/services.cfg
define service {
hostgroup_name https-certs
service_description https-certs
check_command check_https_cert!1
use generic-service
notification_interval 0 ; set > 0 if you want to be renotified
}
Of course, you can change the call settings to suit your needs.
Next you need to create a description of the server group
/etc/nagios4/conf.d/hostgroups.cfg
define hostgroup {
hostgroup_name https-certs
alias https-certs
members server1, server2
}
I use these files and directories in Nagios4 on my Ubuntu Server 20.04. You may have these files named differently, or they may not exist at all. Then see where you describe the services and host groups in Nagios.