Obtain a certificate expiration script:
/ etc / ZABBIX / scripts / Check-CERT-The expire. SH : # ! / bin / the bash Host = $ . 1 Port = $ 2 END_DATE = `/ usr / bin / Host -host OpenSSL the s_client -servername $ $ $ Host -port -showcerts Port </ dev / null 2 > / dev / null | Sed -n ' / the CERTIFICATE the BEGIN /, / the END the CERT / P ' | / usr / bin / X509 OpenSSL -text 2 > / dev / null | Sed -n ' S / * Not the After: * P // ' ` # OpenSSL SSL certificate verification and validation. # -servername $ host due to the presence of a plurality of host certificate using SNI characteristic inspection # </ dev / null directional input standard, to prevent the interactive program Hang. / Dev / from the null read, 0 is read out directly. # Sed used with the -n and p, to display only the matching portion. // , // range to match. OpenSSL X509 # - text decode certificate information, including the validity of the certificate. IF [-n " $ END_DATE " ] the then end_date_seconds = ` DATE ' +% S ' - DATE " $ END_DATE " ` now_seconds = ` DATE ' + S% ' ` echo "($end_date_seconds-$now_seconds)/24/3600" | bc fi
Automatic discovery domain script:
# / Usr / bin / the env Python! # Coding: UTF. 8- Import OS Import SYS Import JSON # This function is mainly to construct a dictionary specific format for ZABBIX DEF ssl_cert_discovery (): web_list = [] web_dict = { " Data " : None} with Open ( " / etc / ZABBIX / scripts / ssl_cert_list " , " R & lt " ) AS F: for the sslcert in F: dict = {} dict [ " {} #DOMAINNAME"]=sslcert.strip().split()[0] dict["{#PORT}"]=sslcert.strip().split()[1] web_list.append(dict) web_dict["data"]=web_list jsonStr = json.dumps(web_dict,indent=4) return jsonStr if __name__ == "__main__": print ssl_cert_discovery()
List of domain names:
/etc/zabbix/scripts/ssl_cert_list:
www.baidu.com 443
www.qq.com 443
zabbix configuration:
/etc/zabbix/zabbix_agentd.conf.d/userparameter_sslcert.conf:
UserParameter=sslcert_discovery,/usr/bin/python /etc/zabbix/scripts/sshcert_discovery.py
UserParameter=sslcert.info[*],/bin/bash /etc/zabbix/scripts/check-cert-expire.sh $1 $2
Add template zabbix in:
https://files.cnblogs.com/files/imcati/Template_ssl_cert_info.xml