Search Exchange
Search All Sites
Nagios Live Webinars
Let our experts show you how Nagios can help your organization.Login
Directory Tree
Check_client_cert_CAs_sent
1.0.0
2016-01-07
- Nagios XI
5942
File | Description |
---|---|
CWSI_check_client_cert_CAs_sent.php | CWSI_check_client_cert_CAs_sent.php |
Meet The New Nagios Core Services Platform
Built on over 25 years of monitoring experience, the Nagios Core Services Platform provides insightful monitoring dashboards, time-saving monitoring wizards, and unmatched ease of use. Use it for free indefinitely.
Monitoring Made Magically Better
- Nagios Core on Overdrive
- Powerful Monitoring Dashboards
- Time-Saving Configuration Wizards
- Open Source Powered Monitoring On Steroids
- And So Much More!
Help output from the check -
CWSI_check_client_cert_CAs_sent.php - v1.0.0
This plugin checks that the host sends a list of acceptable client certificate CAs and
optionally that the accepted list supplied by the host matches a list specified to this command
Usage: CWSI_check_client_cert_CAs_sent.php -h | -H -p -n [[-f ] | [-l [-m ]]]
Options:
-h
Print this help and usage message
-H
Host to query (REQUIRED)
-p
Port on the host to query (REQUIRED)
-n
The code to be returned if connection is successful but host does not accept any client certs,
must be OK, WARNING or CRITICAL (REQUIRED)
-f
The code to be returned if the host provides a list of accepted certs
-l
Comma separated list expected client certificate CAs the host is expected to return, if the list
matches OK will be returned, otherwise the return code will be as specified with -m
-m
The code to be returned if the host provides a list of accepted certs that does not match the list
specified with -l, must be WARNING or CRITICAL. Defaults to WARNING if not specified
This plugin will use OpenSSL to get the client certificate information from the host
Examples:
$./CWSI_check_client_cert_CAs_sent.php -H www.google.com -p 443 -n WARNING
Returns WARNING if this host is not listing any acceptable client certificate CAs, OK if it is returning some
$./CWSI_check_client_cert_CAs_sent.php -H www.google.com -p 443 -n OK -f WARNING
Returns OK if this host is not listing any acceptable client certificate CAs, WARNING if it is returning any
$./CWSI_check_client_cert_CAs_sent.php -H www.google.com -p 443 -n WARNING -l 'CN=CA1O=Google,CN=CA2O=Google' -m WARNING
Returns WARNING if the host returns no acceptable client certificates, OK if the hosts list
matches the supplied list or WARNING if the hosts list does not match the supplied list
-----------------------------------------------
Some Command/Service definitions you might use -
define command {
command_name CWSI_check_client_cert_CAs_sent
command_line /usr/local/nagios/resources/scripts/CWSI_check_client_cert_CAs_sent.php -H $HOSTADDRESS$ -p $ARG1$ -n $ARG2$
}
define service {
name CWSI_check_client_cert_CAs_sent_service
service_description CWSI_check_client_cert_CAs_sent_service
check_command CWSI_check_client_cert_CAs_sent!443!WARNING!!!!!!
register 0
}
OR
define command {
command_name CWSI_check_client_cert_CAs_sent
command_line /usr/local/nagios/resources/scripts/CWSI_check_client_cert_CAs_sent.php -H $HOSTADDRESS$ -p $ARG1$ -n $ARG2$ -l "$ARG3$" -m $ARG4$
}
define service {
name CWSI_check_client_cert_CAs_sent_service
service_description CWSI_check_client_cert_CAs_sent_service
check_command CWSI_check_client_cert_CAs_sent!443!WARNING!CN=CA1O=Google,CN=CA2O=Google!WARNING!!!!
register 0
}
Watch out for the "" on $ARG3$ as many CA DNs will have spaces so these are required.
-----------------------------------------------
Tested with NagiosXI but no reason it will not work with other versions.
Requires OpenSSL.
CWSI_check_client_cert_CAs_sent.php - v1.0.0
This plugin checks that the host sends a list of acceptable client certificate CAs and
optionally that the accepted list supplied by the host matches a list specified to this command
Usage: CWSI_check_client_cert_CAs_sent.php -h | -H
Options:
-h
Print this help and usage message
-H
Host to query (REQUIRED)
-p
Port on the host to query (REQUIRED)
-n
The code to be returned if connection is successful but host does not accept any client certs,
must be OK, WARNING or CRITICAL (REQUIRED)
-f
The code to be returned if the host provides a list of accepted certs
-l
Comma separated list expected client certificate CAs the host is expected to return, if the list
matches OK will be returned, otherwise the return code will be as specified with -m
-m
The code to be returned if the host provides a list of accepted certs that does not match the list
specified with -l, must be WARNING or CRITICAL. Defaults to WARNING if not specified
This plugin will use OpenSSL to get the client certificate information from the host
Examples:
$./CWSI_check_client_cert_CAs_sent.php -H www.google.com -p 443 -n WARNING
Returns WARNING if this host is not listing any acceptable client certificate CAs, OK if it is returning some
$./CWSI_check_client_cert_CAs_sent.php -H www.google.com -p 443 -n OK -f WARNING
Returns OK if this host is not listing any acceptable client certificate CAs, WARNING if it is returning any
$./CWSI_check_client_cert_CAs_sent.php -H www.google.com -p 443 -n WARNING -l 'CN=CA1O=Google,CN=CA2O=Google' -m WARNING
Returns WARNING if the host returns no acceptable client certificates, OK if the hosts list
matches the supplied list or WARNING if the hosts list does not match the supplied list
-----------------------------------------------
Some Command/Service definitions you might use -
define command {
command_name CWSI_check_client_cert_CAs_sent
command_line /usr/local/nagios/resources/scripts/CWSI_check_client_cert_CAs_sent.php -H $HOSTADDRESS$ -p $ARG1$ -n $ARG2$
}
define service {
name CWSI_check_client_cert_CAs_sent_service
service_description CWSI_check_client_cert_CAs_sent_service
check_command CWSI_check_client_cert_CAs_sent!443!WARNING!!!!!!
register 0
}
OR
define command {
command_name CWSI_check_client_cert_CAs_sent
command_line /usr/local/nagios/resources/scripts/CWSI_check_client_cert_CAs_sent.php -H $HOSTADDRESS$ -p $ARG1$ -n $ARG2$ -l "$ARG3$" -m $ARG4$
}
define service {
name CWSI_check_client_cert_CAs_sent_service
service_description CWSI_check_client_cert_CAs_sent_service
check_command CWSI_check_client_cert_CAs_sent!443!WARNING!CN=CA1O=Google,CN=CA2O=Google!WARNING!!!!
register 0
}
Watch out for the "" on $ARG3$ as many CA DNs will have spaces so these are required.
-----------------------------------------------
Tested with NagiosXI but no reason it will not work with other versions.
Requires OpenSSL.
Reviews (0)
Be the first to review this listing!