From 1f73719477ce15cdc097fd0089c01aaa6e7758f3 Mon Sep 17 00:00:00 2001 From: Christoph Egger Date: Sat, 22 Nov 2014 20:47:24 +0100 Subject: [PATCH] Add support for configuration files --- tls-check | 40 +++++++++++++++++++++++++++++++--------- tls-check.conf | 6 ++++++ 2 files changed, 37 insertions(+), 9 deletions(-) create mode 100644 tls-check.conf diff --git a/tls-check b/tls-check index 2c3199e..92b1b83 100644 --- a/tls-check +++ b/tls-check @@ -6,6 +6,7 @@ from ssl import SSLContext, PROTOCOL_TLSv1_2, CERT_REQUIRED, cert_time_to_second from socket import socket, AF_INET6 from datetime import datetime, timedelta from smtplib import SMTP +import yaml VERBOSE=False @@ -59,32 +60,53 @@ class Verifier: def main(): global VERBOSE parser = OptionParser() + parser.add_option("--config", action="store", type="string", dest="config", + help="configuration file to use") parser.add_option("-n", "--name", - action="append", type="string", dest="hosts", + action="append", type="string", dest="names", help="hostname:port to check for expired certificates") parser.add_option("-w", "--warning-days", - action="store", type=int, dest="warn", default=15, + action="store", type=int, dest="warn", help="minimum remaining validity in days before a warning is issued") parser.add_option("-c", "--critical-days", - action="store", type=int, dest="crit", default=5, + action="store", type=int, dest="crit", help="minimum remaining validity in days before a warning is issued") parser.add_option("-v", action="store_true", dest="verbose", default=False) parser.add_option("-q", action="store_false", dest="verbose") parser.add_option("--ca", action="store", type="string", dest="ca", - default="/etc/ssl/certs/ca-certificates.crt", help="ca certificate bundle") opts, _args = parser.parse_args() - VERBOSE = opts.verbose - if not opts.hosts: + if opts.config: + configuration = yaml.load(open(opts.config)) + else: + configuration = dict() + + if opts.names: + configuration['names'] = opts.names + if opts.warn: + configuration['warn_days'] = opts.warn + if opts.warn: + configuration['crit_days'] = opts.crit + if opts.ca: + configuration['cacertificates'] = opts.ca + if opts.verbose: + configuration['verbose'] = opts.verbose + + if 'verbose' in configuration: + VERBOSE = configuration['verbose'] + + if not 'names' in configuration: parser.error("needs at least one host") - verifier = Verifier(opts.ca, timedelta(opts.warn), timedelta(opts.crit)) - + verifier = Verifier(configuration['cacertificates'] if 'cacertificates' in configuration else '/etc/ssl/certs/ca-certificates.crt', + timedelta(configuration['warn_days'] if 'warn_days' in configuration else 15), + timedelta(configuration['crit_days'] if 'crit_days' in configuration else 5)) + try: - hosts = [ (i[0], i[1], int(i[2])) for i in [ j.split(':', 2) for j in opts.hosts ] ] + hosts = [ (i[0], i[1], int(i[2])) for i in [ j.split(':', 2) for j in configuration['names'] ] ] except (ValueError, IndexError): parser.error("names need to be in PROTO:DNSNAME:PORT format") diff --git a/tls-check.conf b/tls-check.conf new file mode 100644 index 0000000..37b674a --- /dev/null +++ b/tls-check.conf @@ -0,0 +1,6 @@ +cacertificates: /etc/ssl/certs/ca-certificates.crt +warn_days: 15 +crit_days: 5 +verbose: False +names: + - ssl:git.siccegge.de:443 -- 2.39.5