utils/ovpn-cert-expiration.sh

150 lines
3.1 KiB
Bash

#! /bin/bash
# DESCRIPTION:
# checking openvpn server certificates expiration
# and
# preparing stats for monitoring
#
# DEPENDENCIES:
# - privileged rights
# - openssl
#
# PARAMETERS:
# 1: "qn" - execution without pauses
# 2: openvpn server config file path
#
# FUNCTIONS:
#
#######################################
# Print message and add to log.
# Globals:
# logs
# Arguments:
# 1: message to print and logging
#######################################
addtologs() {
echo "$(date +'%Y.%m.%d-%H:%M:%S') $1" | tee -a "${logs}"
}
#######################################
# Waiting for press [ENTER].
# Globals:
# None
# Arguments:
# None
#######################################
execpause() {
read -r -p "Press [ENTER] to continue... "
}
#######################################
# Exit procedure.
# Globals:
# show
# Arguments:
# None
#######################################
execquite() {
addtologs "execution time is $(($(date +%s)-time)) seconds, exit"
if [ "${show}" != "qn" ]; then
execpause
fi
exit
}
#######################################
# Error exit procedure
# Globals:
# None
# Arguments:
# 1: message to print and logging
#######################################
execerror() {
addtologs "error: $1"
execquite
}
#######################################
# Parsing config file and creating global vars.
# Globals:
# None
# Arguments:
# None
#######################################
getconfig() {
cacrpath=$(grep ^ca "${conf}" | cut -d' ' -f2)
certpath=$(grep ^cert "${conf}" | cut -d' ' -f2)
statfile="$(dirname "$(grep ^log /etc/openvpn/server/server.conf | cut -d' ' -f2)")/$(basename -s .sh "$0").log"
}
#######################################
# Checking user rights.
# Globals:
# None
# Arguments:
# None
# return:
# 0 - if privileged rights, 1 - if not privileged rights
#######################################
checkroot() {
if [ "${EUID}" -ne 0 ]; then
return 1 # false
else
return 0 # true
fi
}
#######################################
# Print certificate expiration date in epoch
# Globals:
# None
# Arguments:
# 1: certificate path
#######################################
checkcert() {
printf '%s\n' "$(date -d "$(openssl x509 -text -noout -in "${1}" | grep 'Not After' | cut -d':' -f2-)" +%s)"
}
#
# VARIABLES:
#
show=$1
conf=$2
logs=/dev/null
if [ -z "${conf}" ] || [ "${conf}" == "-" ]; then
conf=/etc/openvpn/server/server.conf
fi
time=$(date +%s)
cd "$(dirname "$(realpath "$0")")" || execerror
if [ ! -e "${conf}" ]; then
execerror "${conf} not found"
else
getconfig
fi
if ! command -v openssl &> /dev/null; then
execerror "Not found dependencies"
fi
#
# MAIN:
#
if checkroot; then
cacrtime=$(checkcert "${cacrpath}")
certtime=$(checkcert "${certpath}")
cacrremain=$(( cacrtime - time ))
certremain=$(( certtime - time))
addtologs "${cacrpath} remains only ${cacrremain} seconds"
addtologs "${certpath} remains only ${certremain} seconds"
printf '%s\n' "ca=${cacrremain}" > "${statfile}"
printf '%s\n' "cert=${certremain}" >> "${statfile}"
addtologs "stats wrote to ${statfile}"
execquite
else
execerror "Restart this as root!"
fi