Module: check_mk
Branch: master
Commit: 28eb7e4ae1e0c5b76f11d8a4d5f75dc35dc45079
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=28eb7e4ae1e0c5…
Author: Mathias Kettner <mk(a)mathias-kettner.de>
Date: Sun Oct 25 13:55:02 2015 +0100
#2668 FIX jar_signature: Handle case correctly where certificate is already expired
---
.werks/2668 | 9 ++++++++
ChangeLog | 1 +
checks/jar_signature | 53 ++++++++++++++++++++++++++++++++++------------
modules/check_mk_base.py | 5 ++---
4 files changed, 52 insertions(+), 16 deletions(-)
diff --git a/.werks/2668 b/.werks/2668
new file mode 100644
index 0000000..4c85ed7
--- /dev/null
+++ b/.werks/2668
@@ -0,0 +1,9 @@
+Title: jar_signature: Handle case correctly where certificate is already expired
+Level: 1
+Component: checks
+Compatible: compat
+Version: 1.2.7i4
+Date: 1445777668
+Class: fix
+
+
diff --git a/ChangeLog b/ChangeLog
index 52df68d..9a5b7c0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -21,6 +21,7 @@
* 1296 FIX: aix_memory: Check can now handle systems without swap partition
* 2690 FIX: ps: Fixed processing of old inventory_processes rules in discovery
function...
* 2236 FIX: cups_queues: Correct not working discovery after werk #2504...
+ * 2668 FIX: jar_signature: Handle case correctly where certificate is already
expired
Multisite:
* 2684 Added icons for downloading agent data / walks of hosts...
diff --git a/checks/jar_signature b/checks/jar_signature
index cbe0440..58d04a3 100644
--- a/checks/jar_signature
+++ b/checks/jar_signature
@@ -24,7 +24,25 @@
# to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor,
# Boston, MA 02110-1301 USA.
-import datetime
+# Example output from agent
+# <<<jar_signature>>>
+# [[[bluecove-1.2.3-signed.jar]]]
+# sm 308 Fri May 11 01:42:04 CEST 2007
javax/microedition/io/StreamConnectionNotifier.class
+#
+# X.509, CN=MicroEmulator Team
+# [certificate expired on 2/10/12 6:19 PM]
+#
+#
+# s = signature was verified
+# m = entry is listed in manifest
+# k = at least one certificate was found in keystore
+# i = at least one certificate was found in identity scope
+#
+# jar verified.
+#
+# Warning:
+# This jar contains entries whose signer certificate has expired.
+
def inventory_jar_signature(info):
inventory = []
@@ -34,7 +52,7 @@ def inventory_jar_signature(info):
inventory.append((f, {}))
return inventory
-def check_jar_signature(item, params, info):
+def check_jar_signature(item, _no_params, info):
in_block = False
details = []
in_cert = False
@@ -60,24 +78,33 @@ def check_jar_signature(item, params, info):
# [certificate is valid from 3/26/12 11:26 AM to 3/26/17 11:36 AM]
# [certificate will expire on 7/4/13 4:13 PM]
+ # [certificate expired on 2/10/12 6:19 PM]
if "will expire on " in cert_valid:
- to = cert_valid.split("will expire on ", 1)[1][:-1]
+ expiry_date_text = cert_valid.split("will expire on ", 1)[1][:-1]
+ elif "expired on" in cert_valid:
+ expiry_date_text = cert_valid.split("expired on ", 1)[1][:-1]
else:
- to = cert_valid.split("to ", 1)[1][:-1]
- to_dt = datetime.datetime(*time.strptime(to, '%m/%d/%y %I:%M %p')[:6])
+ expiry_date_text = cert_valid.split("to ", 1)[1][:-1]
+ expiry_date = time.mktime(time.strptime(expiry_date_text, '%m/%d/%y %I:%M
%p'))
+ expired_since = time.time() - expiry_date
- warn, crit = 60, 30
+ warn, crit = 60 * 86400, 30 * 86400
state = 0
- status_txt = ""
- if to_dt < datetime.datetime.now() + datetime.timedelta(days = crit):
+ if expired_since >= 0:
state = 2
- status_txt = " (less than %d days)" % crit
- elif to_dt < datetime.datetime.now() + datetime.timedelta(days = warn):
- state = 1
- status_txt = " (less than %d days)" % warn
+ status_text = "Certificate expired on %s (%s ago) " %
(expiry_date_text, get_age_human_readable(expired_since))
+ else:
+ status_text = "Certificate will expire on %s (in %s)" %
(expiry_date_text, get_age_human_readable(-expired_since))
+ if -expired_since <= crit:
+ state = 2
+ status_txt = "(less than %s)" % (get_age_human_readable(crit))
+ elif -expired_since <= warn:
+ state = 1
+ status_txt = "(less than %s)" % (get_age_human_readable(warn))
+
+ return state, status_text
- return state, "Certificate expires on %s%s (%s)" % (to, status_txt,
cert_dn)
check_info['jar_signature'] = {
"service_description" : "Jar-Signature %s",
diff --git a/modules/check_mk_base.py b/modules/check_mk_base.py
index 9cc0afe..cb61385 100644
--- a/modules/check_mk_base.py
+++ b/modules/check_mk_base.py
@@ -51,6 +51,7 @@ import signal
import math
import tempfile
import traceback
+import subprocess
# PLANNED CLEANUP:
# - central functions for outputting verbose information and bailing
@@ -769,9 +770,7 @@ def get_agent_info(hostname, ipaddress, max_cache_age):
def get_agent_info_program(commandline):
exepath = commandline.split()[0] # for error message, hide options!
- import subprocess
- if opt_verbose:
- sys.stderr.write("Calling external program %s\n" % commandline)
+ vverbose("Calling external program %s\n" % commandline)
try:
p = subprocess.Popen(commandline, shell = True, stdout = subprocess.PIPE, stderr
= subprocess.PIPE)
stdout, stderr = p.communicate()