pavel.muhortov/utils
pavel.muhortov/utils
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

add ovpn-cert-expiration.sh

Browse Source
This commit is contained in:
Pavel Muhortov 2023-04-29 09:35:43 +03:00
parent f9f845d6c2
commit 349e6eec75
2 changed files with 187 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
README.md
View File

@ -7,6 +7,7 @@ Small tools needed to solve immediate tasks independently or as part of a projec
* [`confutil`.py](https://git.hmp.today/pavel.muhortov/utils#confutil-py)
* [`sendmail`.py](https://git.hmp.today/pavel.muhortov/utils#sendmail-py)
* [`simplewc`.py](https://git.hmp.today/pavel.muhortov/utils#simplewc-py)
* [`ovpn-cert-expiration`.sh](https://git.hmp.today/pavel.muhortov/utils#ovpn-cert-expiration-sh)
* [`ovpn-client-management`.sh](https://git.hmp.today/pavel.muhortov/utils#ovpn-client-management-sh)
* [`ovpn-connect-handling`.sh](https://git.hmp.today/pavel.muhortov/utils#ovpn-connect-handling-sh)
* [`wg-client-management`.sh](https://git.hmp.today/pavel.muhortov/utils#wg-client-management-sh)
@ -223,6 +224,41 @@ chmod u+x ./simplewc.py
____
## `ovpn-cert-expiration`.sh
**Description:**
> Checking openvpn server certificates expiration and preparing stats for monitoring.
**Dependencies:**
>
> * privileged rights
> * [openssl](https://www.openssl.org/) (tested version 1.1.1k on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/))
| POSITION | PARAMETERS | DESCRIPTION | DEFAULT |
|-----------|--------------|------------------------|---------------|
| 1 |**[qn]**|execution without pauses||
| 2 |**[/path/to/conf]**|openvpn server config file path|/etc/openvpn/server/server.conf|
Example usage:
```bash
# download
sudo wget https://git.hmp.today/pavel.muhortov/utils/raw/branch/master/ovpn-cert-expiration.sh -O /etc/openvpn/server/ovpn-cert-expiration.sh
sudo chmod +x /etc/openvpn/server/ovpn-cert-expiration.sh
```
```bash
# sudo crontab -e
0 * * * * bash /etc/openvpn/server/ovpn-cert-expiration.sh qn
```
```bash
# check stats
watch cat /var/log/openvpn/ovpn-cert-expiration.log
```
____
## `ovpn-client-management`.sh
**Description:**
@ -230,6 +266,7 @@ ____
**Dependencies:**
>
> * privileged rights
> * chpasswd
> * [openvpn](https://openvpn.net/) (tested version 2.5.1 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/))
> * [easy-rsa](https://github.com/OpenVPN/easy-rsa) (tested version 3.0.8 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/))
@ -329,6 +366,7 @@ ____
**Dependencies:**
>
> * privileged rights
> * [wireguard](https://www.wireguard.com/) (tested version 1.0.2 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/))
> * [qrencode](https://github.com/fukuchi/libqrencode) (tested version 4.1.1 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/))
> * [grepcidr](https://github.com/ryantig/grepcidr) (tested version 2.0 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/))

149
ovpn-cert-expiration.sh Normal file
View File

@ -0,0 +1,149 @@
#! /bin/bash
# DESCRIPTION:
# checking openvpn server certificates expiration
# and
# preparing stats for monitoring
#
# DEPENDENCIES:
# - privileged rights
# - openssl
#
# PARAMETERS:
# 1: "qn" - execution without pauses
# 2: openvpn server config file path
#
# FUNCTIONS:
#
#######################################
# Print message and add to log.
# Globals:
# logs
# Arguments:
# 1: message to print and logging
#######################################
addtologs() {
echo "$(date +'%Y.%m.%d-%H:%M:%S') $1" | tee -a "${logs}"
}
#######################################
# Waiting for press [ENTER].
# Globals:
# None
# Arguments:
# None
#######################################
execpause() {
read -r -p "Press [ENTER] to continue... "
}
#######################################
# Exit procedure.
# Globals:
# show
# Arguments:
# None
#######################################
execquite() {
addtologs "execution time is $(($(date +%s)-time)) seconds, exit"
if [ "${show}" != "qn" ]; then
execpause
fi
exit
}
#######################################
# Error exit procedure
# Globals:
# None
# Arguments:
# 1: message to print and logging
#######################################
execerror() {
addtologs "error: $1"
execquite
}
#######################################
# Parsing config file and creating global vars.
# Globals:
# None
# Arguments:
# None
#######################################
getconfig() {
cacrpath=$(grep ^ca "${conf}" | cut -d' ' -f2)
certpath=$(grep ^cert "${conf}" | cut -d' ' -f2)
statfile="$(dirname "$(grep ^log /etc/openvpn/server/server.conf | cut -d' ' -f2)")/$(basename -s .sh "$0").log"
}
#######################################
# Checking user rights.
# Globals:
# None
# Arguments:
# None
# return:
# 0 - if privileged rights, 1 - if not privileged rights
#######################################
checkroot() {
if [ "${EUID}" -ne 0 ]; then
return 1 # false
else
return 0 # true
fi
}
#######################################
# Print certificate expiration date in epoch
# Globals:
# None
# Arguments:
# 1: certificate path
#######################################
checkcert() {
printf '%s\n' "$(date -d "$(openssl x509 -text -noout -in "${1}" | grep 'Not After' | cut -d':' -f2-)" +%s)"
}
#
# VARIABLES:
#
show=$1
conf=$2
logs=/dev/null
if [ -z "${conf}" ] || [ "${conf}" == "-" ]; then
conf=/etc/openvpn/server/server.conf
fi
time=$(date +%s)
cd "$(dirname "$(realpath "$0")")" || execerror
if [ ! -e "${conf}" ]; then
execerror "${conf} not found"
else
getconfig
fi
if ! command -v openssl &> /dev/null; then
execerror "Not found dependencies"
fi
#
# MAIN:
#
if checkroot; then
cacrtime=$(checkcert "${cacrpath}")
certtime=$(checkcert "${certpath}")
cacrremain=$(( cacrtime - time ))
certremain=$(( certtime - time))
addtologs "${cacrpath} remains only ${cacrremain} seconds"
addtologs "${certpath} remains only ${certremain} seconds"
printf '%s\n' "ca=${cacrremain}" > "${statfile}"
printf '%s\n' "cert=${certremain}" >> "${statfile}"
addtologs "stats wrote to ${statfile}"
execquite
else
execerror "Restart this as root!"
fi