check_cert_signing_algorithm_secure

Submit review Recommend Print Contact Owner Visit

Rating

0 votes

Favoured:

Current Version

1.0.0

Last Release Date

2016-01-07

Compatible With

Nagios XI

Owner

CWSI

Website

www.cwsi.ie

License

GPL

Hits

6088

Files:

File	Description
CWSI_check_cert_signing_algorithm_secure.php	CWSI_check_cert_signing_algorithm_secure.php

Meet The New Nagios Core Services Platform

Built on over 25 years of monitoring experience, the Nagios Core Services Platform provides insightful monitoring dashboards, time-saving monitoring wizards, and unmatched ease of use. Use it for free indefinitely.

Download Now

Monitoring Made Magically Better

Nagios Core on Overdrive
Powerful Monitoring Dashboards
Time-Saving Configuration Wizards
Open Source Powered Monitoring On Steroids
And So Much More!

This check connects to a specified host:port with OpenSSL to determine if the signing algorithm used on the server certificate is secure.

This check connects to a specified host:port with OpenSSL to determine the signing algorithm used on the server certificate. If the signing algorithm is on your specified list of "untrusted" algorithms the check will return WARNING/CRITICAL, otherwise it will return OK.

Requires OpenSSL on the system.

Tested on NagiosXI but cannot see why it would not support any other versions.

Commands/Services you might use:
define command {
command_name CWSI_check_cert_signing_algorithm_secure
command_line /usr/local/uptime/nagios/resources/scripts/CWSI_check_cert_signing_algorithm_secure.php -H $HOSTADDRESS$ -p $ARG1$ -u $ARG2$ -f $ARG3$
}

define service {
name CWSI_check_cert_signing_algorithm_secure_service
service_description CWSI_check_cert_signing_algorithm_secure_service
check_command CWSI_check_cert_signing_algorithm_secure!443!md5WithRSAEncryption,sha1WithRSAEncryption!WARNING!!!!!
}

Full help output from the check -
CWSI_check_cert_signing_algorithm_secure.php - v1.0.0

This plugin checks that the SSL certificate presented by a host is signed with a secure algorithm

Usage: CWSI_check_cert_signing_algorithm_secure.php -h | -H -p -u -f
NOTE: -H, -p, -u, -f are all required

Options:
-h
Print this help and usage message
-H
Host to query for certificate
-p
Port on the host to query
-u
Comma separated list of untrusted signature algorithms that should cause a failure of this check, eg. md5WithRSAEncryption,sha1WithRSAEncryption
-f
The code to be returned if an untrusted algorithm is detected, must be WARNING or CRITICAL

This plugin will use the openssl service to get the expiration date for the domain name.
Example:
$./CWSI_check_cert_signing_algorithm_secure.php -H www.google.com -p 443 -u md5WithRSAEncryption,sha1WithRSAEncryption -f CRITICAL

Reviews (0)

Be the first to review this listing!

Nagios, the Nagios logo, and Nagios graphics are the servicemarks, trademarks, or registered trademarks owned by Nagios Enterprises. All other servicemarks and trademarks are the property of their respective owner. The files and information on this site are the property of their respective owner(s). Nagios Enterprises makes no claims or warranties as to the fitness of any file or information on this website, for any purpose whatsoever. In fact, we officially disclaim all liability. We do, however, think these community contributions are pretty damn cool. Website Copyright © 2009-2024 Nagios Enterprises, LLC. All rights reserved.