#! /bin/bash # DESCRIPTION: # checking openvpn server certificates expiration # and # preparing stats for monitoring # # DEPENDENCIES: # - privileged rights # - openssl # # PARAMETERS: # 1: "qn" - execution without pauses # 2: openvpn server config file path # # FUNCTIONS: # ####################################### # Print message and add to log. # Globals: # logs # Arguments: # 1: message to print and logging ####################################### addtologs() { echo "$(date +'%Y.%m.%d-%H:%M:%S') $1" | tee -a "${logs}" } ####################################### # Waiting for press [ENTER]. # Globals: # None # Arguments: # None ####################################### execpause() { read -r -p "Press [ENTER] to continue... " } ####################################### # Exit procedure. # Globals: # show # Arguments: # None ####################################### execquite() { addtologs "execution time is $(($(date +%s)-time)) seconds, exit" if [ "${show}" != "qn" ]; then execpause fi exit } ####################################### # Error exit procedure # Globals: # None # Arguments: # 1: message to print and logging ####################################### execerror() { addtologs "error: $1" execquite } ####################################### # Parsing config file and creating global vars. # Globals: # None # Arguments: # None ####################################### getconfig() { cacrpath=$(grep ^ca "${conf}" | cut -d' ' -f2) certpath=$(grep ^cert "${conf}" | cut -d' ' -f2) statfile="$(dirname "$(grep ^log /etc/openvpn/server/server.conf | cut -d' ' -f2)")/$(basename -s .sh "$0").log" } ####################################### # Checking user rights. # Globals: # None # Arguments: # None # return: # 0 - if privileged rights, 1 - if not privileged rights ####################################### checkroot() { if [ "${EUID}" -ne 0 ]; then return 1 # false else return 0 # true fi } ####################################### # Print certificate expiration date in epoch # Globals: # None # Arguments: # 1: certificate path ####################################### checkcert() { printf '%s\n' "$(date -d "$(openssl x509 -text -noout -in "${1}" | grep 'Not After' | cut -d':' -f2-)" +%s)" } # # VARIABLES: # show=$1 conf=$2 logs=/dev/null if [ -z "${conf}" ] || [ "${conf}" == "-" ]; then conf=/etc/openvpn/server/server.conf fi time=$(date +%s) cd "$(dirname "$(realpath "$0")")" || execerror if [ ! -e "${conf}" ]; then execerror "${conf} not found" else getconfig fi if ! command -v openssl &> /dev/null; then execerror "Not found dependencies" fi # # MAIN: # if checkroot; then cacrtime=$(checkcert "${cacrpath}") certtime=$(checkcert "${certpath}") cacrremain=$(( cacrtime - time )) certremain=$(( certtime - time)) addtologs "${cacrpath} remains only ${cacrremain} seconds" addtologs "${certpath} remains only ${certremain} seconds" printf '%s\n' "ca=${cacrremain}" > "${statfile}" printf '%s\n' "cert=${certremain}" >> "${statfile}" addtologs "stats wrote to ${statfile}" execquite else execerror "Restart this as root!" fi