rpms / crypto-utils

Clone
Source Code
GIT

Blame SOURCES/certwatch.cron

c7-beta
  1.   c7-beta
  2.   SOURCES
  3.   certwatch.cron
Blob History Raw
4418f4 
#!/bin/bash
4418f4 
#
4418f4 
# Issue warning e-mails if SSL certificates expire, using
4418f4 
# certwatch(1).  Set NOCERTWATCH=yes in /etc/sysconfig/httpd
4418f4 
# to disable.  Pass additional options to certwatch in the
4418f4 
# CERTWATCH_OPTS variable; see the man page for details.
4418f4 
#
4418f4
4418f4 
# For certificates in pem files
4418f4 
watch_files_certs()
4418f4 
{
4418f4 
	test -x /etc/httpd/modules/mod_ssl.so || return 0
4418f4 
	test -r /etc/httpd/conf/httpd.conf    || return 0
4418f4
4418f4 
    set -o pipefail # pick up exit code of httpd not sort
4418f4
4418f4 
    certs=`${httpd} ${OPTIONS} -t -DDUMP_CERTS 2>/dev/null | /bin/sort -u`
4418f4 
    RETVAL=$?
4418f4 
    test $RETVAL -eq 0 || return
4418f4
4418f4 
    for c in $certs; do
4418f4 
      # Check whether a warning message is needed, then issue one if so.
4418f4 
      /usr/bin/certwatch $CERTWATCH_OPTS -q "$c" &&
4418f4 
        /usr/bin/certwatch $CERTWATCH_OPTS "$c" | /usr/sbin/sendmail -oem -oi -t 2>/dev/null
4418f4 
    done
4418f4 
}
4418f4
4418f4 
# For certificates in the database
4418f4 
watch_database_certs()
4418f4 
{
4418f4 
    test -x /usr/bin/certutil || return 0
4418f4 
    test -x /etc/httpd/modules/libmodnss.so || return 0
4418f4 
    test -r /etc/httpd/conf.d/nss.conf || return 0
4418f4
4418f4 
    # find path to mod_nss' database
4418f4 
    database=`/usr/bin/gawk '/^NSSCertificateDatabase/ { print $2 }' /etc/httpd/conf.d/nss.conf`
4418f4
4418f4 
    # find the database prefix if any from the mod_nss config file
4418f4 
    dbprefix=`/usr/bin/gawk '/^NSSDBPrefix/ { print $2 }' /etc/httpd/conf.d/nss.conf`
4418f4
4418f4 
    set -o pipefail # pick up exit code of certutil not gawk
4418f4 
    nicknames=`certutil -L -d $database | /usr/bin/gawk '{ print $1 }'`
4418f4 
    RETVAL=$?
4418f4 
    test $RETVAL -eq 0 || return 0
4418f4
4418f4 
    for n in $nicknames; do
4418f4 
        # Check whether a warning message is needed, then issue one if so.
4418f4 
        /usr/bin/certwatch $CERTWATCH_OPTS -q -d "$database" -c "$dbprefix" -k "$dbprefix" "$n" &&
4418f4 
          /usr/bin/certwatch $CERTWATCH_OPTS -d "$database" -c "$dbprefix" -k "$dbprefix" "$n" | /usr/sbin/sendmail -oem -oi -t 2>/dev/null
4418f4 
    done
4418f4 
}
4418f4
4418f4 
[ -r /etc/sysconfig/httpd ] && . /etc/sysconfig/httpd
4418f4
4418f4 
# Use configured httpd binary
4418f4 
httpd=${HTTPD-/usr/sbin/httpd}
4418f4
4418f4 
# Sanity checks
4418f4 
test -z "${NOCERTWATCH}" || exit 0
4418f4 
test -x ${httpd} || exit 0
4418f4 
test -x /usr/bin/certwatch || exit 0
4418f4 
test -x /usr/sbin/sendmail || exit 0
4418f4 
test -x /bin/sort || exit 0
4418f4
4418f4 
watch_files_certs
4418f4 
watch_database_certs

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation