openvpn: earlier alert for CA expiration
All checks were successful
Ansible Lint |Total|New|Outstanding|Fixed|Trend
|:-:|:-:|:-:|:-:|:-:
|2690|4|2686|3|:-1:
Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/7//ansiblelint">Evolix » ansible-roles » unstable #7</a>
gitea/ansible-roles/pipeline/head This commit looks good
All checks were successful
Ansible Lint |Total|New|Outstanding|Fixed|Trend
|:-:|:-:|:-:|:-:|:-:
|2690|4|2686|3|:-1:
Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/7//ansiblelint">Evolix » ansible-roles » unstable #7</a>
gitea/ansible-roles/pipeline/head This commit looks good
This commit is contained in:
parent
282dcb28f4
commit
0a4a220bdf
|
@ -20,6 +20,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
|
||||||
* apt: add ftp.evolix.org as recognized system source
|
* apt: add ftp.evolix.org as recognized system source
|
||||||
* lxc-php, php: Update sury PGP key
|
* lxc-php, php: Update sury PGP key
|
||||||
* redis: create sysfs config file if missing
|
* redis: create sysfs config file if missing
|
||||||
|
* openvpn: earlier alert for CA expiration
|
||||||
|
|
||||||
### Fixed
|
### Fixed
|
||||||
|
|
||||||
|
|
|
@ -35,6 +35,7 @@ fi
|
||||||
# Dates in seconds
|
# Dates in seconds
|
||||||
_15_days="1296000"
|
_15_days="1296000"
|
||||||
_30_days="2592000"
|
_30_days="2592000"
|
||||||
|
_60_days="5184000"
|
||||||
current_date=$($date_cmd +"%s")
|
current_date=$($date_cmd +"%s")
|
||||||
|
|
||||||
# Trying to define the OpenVPN conf file location - default to /etc/openvpn/server.conf
|
# Trying to define the OpenVPN conf file location - default to /etc/openvpn/server.conf
|
||||||
|
@ -90,15 +91,15 @@ test_ca_expiration() {
|
||||||
if [ $current_date -ge $1 ]; then
|
if [ $current_date -ge $1 ]; then
|
||||||
CA_ECHO="CRITICAL - The server CA has expired on $formated_ca_expiration_date"
|
CA_ECHO="CRITICAL - The server CA has expired on $formated_ca_expiration_date"
|
||||||
CA_STATE=$STATE_CRITICAL
|
CA_STATE=$STATE_CRITICAL
|
||||||
# Expiration in 15 days or less - CA file
|
|
||||||
elif [ $((current_date+_15_days)) -ge $1 ]; then
|
|
||||||
CA_ECHO="CRITICAL - The server CA expires in 15 days or less : $formated_ca_expiration_date"
|
|
||||||
CA_STATE=$STATE_CRITICAL
|
|
||||||
# Expiration in 30 days or less - CA file
|
# Expiration in 30 days or less - CA file
|
||||||
elif [ $((current_date+_30_days)) -ge $1 ]; then
|
elif [ $((current_date+_30_days)) -ge $1 ]; then
|
||||||
CA_ECHO="WARNING - The server CA expires in 30 days or less : $formated_ca_expiration_date"
|
CA_ECHO="CRITICAL - The server CA expires in 30 days or less : $formated_ca_expiration_date"
|
||||||
|
CA_STATE=$STATE_CRITICAL
|
||||||
|
# Expiration in 60 days or less - CA file
|
||||||
|
elif [ $((current_date+_60_days)) -ge $1 ]; then
|
||||||
|
CA_ECHO="WARNING - The server CA expires in 60 days or less : $formated_ca_expiration_date"
|
||||||
CA_STATE=$STATE_WARNING
|
CA_STATE=$STATE_WARNING
|
||||||
# Expiration in more than 30 days - CA file
|
# Expiration in more than 60 days - CA file
|
||||||
else
|
else
|
||||||
CA_ECHO="OK - The server CA expires on $formated_ca_expiration_date"
|
CA_ECHO="OK - The server CA expires on $formated_ca_expiration_date"
|
||||||
CA_STATE=$STATE_OK
|
CA_STATE=$STATE_OK
|
||||||
|
@ -193,8 +194,8 @@ main() {
|
||||||
echo $RESTART_ECHO
|
echo $RESTART_ECHO
|
||||||
exit $CERT_STATE
|
exit $CERT_STATE
|
||||||
else
|
else
|
||||||
echo $CERT_ECHO
|
|
||||||
echo $CA_ECHO
|
echo $CA_ECHO
|
||||||
|
echo $CERT_ECHO
|
||||||
echo $RESTART_ECHO
|
echo $RESTART_ECHO
|
||||||
exit $CERT_STATE
|
exit $CERT_STATE
|
||||||
fi
|
fi
|
||||||
|
|
Loading…
Reference in a new issue