Entries tagged sles

Install ssl-cert-check plugin under SLES11 with Nagios 3.0.6

Posted on 26. Juli 2012 Comments

The guys at prefetch.net already wrote a script for checking if a SSL certificate is still valid: http://prefetch.net/code/ssl-cert-check

The only challenge now is to implement the script into the monitoring tool Nagios, in this case we used a SuSE Linux Enterprise Server 11 and Nagios version 3.0.6.

Nagios 1

To get the little boxes in Nagios green, yellow and red(=Nagios‘ return values) and to receive e-mails in case of an expiration you have to change these 2 parameters in the ssl-cert-check file:

NAGIOS=TRUE
ALARM=TRUE

To match the given form of Nagios plugins we renamed the file to check_ssl-cert and then moved it to /usr/lib/nagios/plugins, where the rest of the plugins are.

For Nagios to recognize the plugin it has to be defined in /etc/nagios/objects/commands.cfg (NOT /etc/nagios/commands.cfg):

define command {
command_name check_ssl-cert
command_line /usr/lib/nagios/plugins/check_ssl-cert -s $HOSTADDRESS$ -p 443 -e $ARG1$
}

The port is usually the same for the same service. If it’s not port 443 for every server, you can also define the port as the second parameter in the next step. Of course, instead of -p 443 it has to be -p $ARG2$.

You now have to add the configuration of the plugin in /etc/nagios/conf.d/services.cfg. In this case, the hostgroup „all“ is selected, but if you have different hostgroups, the admin who has to get the e-mail might be different. The parameters go after the exclamation mark, comments begin with the semicolon.

define service {
hostgroup_name all
service_description ssl-certs
check_command check_ssl-cert!mail@example.org
use generic-service
notification_interval 0 ; set > 0 if you want to be renotified
}

 

If an ssl-cert is expired, it looks like this:
Nagios 2
Credits go to the Alex and the other guys at the CentOS mailing list: