Openssl CA expiration check script
Test enviroment
docker run -it ubuntu:20.04 bash -lapt update && apt install openssl
Edit script
vim ca_check.sh
#!/bin/bash
if [ $# -eq 0 ]; then
echo "No arguments supplied"
exit
fi
ca=$1
if [ ! -f "$ca" ]; then
echo "File $ca not exists."
exit
fi
if openssl x509 -in $ca -noout -fingerprint -inform pem >/dev/null 2>&1; then
format="pem"
elif openssl x509 -in $ca -noout -fingerprint -inform der 2>&1 >/dev/null 2>&1; then
format="der"
elif openssl x509 -in $ca -noout -fingerprint -inform cer 2>&1 >/dev/null 2>&1; then
format="cer"
else
echo "$ca is unknown type."
exit
fi
#echo "format=$format"
if openssl x509 -checkend 259200 -noout -in $ca -inform $format; then
echo "Certificate is good for another day!"
else
echo "Certificate has expired or will do so within 30 days!(or is invalid/not found)"
fiTest
$sh ./ca_check xxxxx.crt
Certificate is good for another day!
$sh ./ca_check ooooo.pem
Certificate has expired or will do so within 30 days!(or is invalid/not found)用 snmpd 來管理 CA 是否過期
用 docker 做個 snmpd server 測試用
vim /tmp/snmpd.conf
syslocation Taiwan
syscontact XXXXXXXXXXX@gmail.com
rouser yuyan priv
rwuser wyuyan
createUser yuyan MD5 987654321 DES 123456789
createUser wyuyan MD5 987654321 DES 123456789
agentAddress udp:0.0.0.0:161
master agentx
agentxsocket tcp:localhost:1610
extend .1.3.6.1.4.1.2021.51 ps /bin/ps
extend .1.3.6.1.4.1.2021.52 ca_check /bin/sh /tmp/ca_check.sh啟動 docker
docker run --rm -it --name snmpd -p161:161/udp -v /tmp/snmpd.conf:/etc/snmp/snmpd.conf polinux/snmpd -c /etc/snmp/snmpd.conf -Le
Test command example
- yuyan : 是唯讀使用者並且有 private 權限
- wyuyan : 是讀寫使用者並沒有 private 權限
- test command like following
$snmpwalk -v3 -u yuyan -l authPriv -a MD5 -A "987654321" -x DES -X 123456789 192.168.7.20
$snmpwalk -v3 -u wyuyan -l authNoPriv -a MD5 -A "987654321" -x DES -X 123456789 192.168.7.20 .1.3.6.1.4.1.2021.51
$snmpwalk -v3 -u yuyan -l authPriv -a MD5 -A "987654321" -x DES -X 123456789 192.168.7.20 .1.3.6.1.4.1.2021OpenWrt pre-build net-snmpd
OpenWrt 有提供 net-snmpd 的模組使用,
agent/extend: 要有這個 conf 才能使用 extend 關鍵字,extend 可用於執行 shell script 或是一般 command。--with-openssl=internal: 要打開這個 option snmpdV3 才能使用git diff Makefile
diff --git a/net/net-snmp/Makefile b/net/net-snmp/Makefile
index 3446d151..02c65e7e 100644
--- a/net/net-snmp/Makefile
+++ b/net/net-snmp/Makefile
@@ -137,6 +137,7 @@ SNMP_MIB_MODULES_INCLUDED = \
ucd-snmp/vmstat \
util_funcs \
utilities/execute \
+ agent/extend \
SNMP_MIB_MODULES_EXCLUDED = \
agent_mibs \
@@ -180,7 +181,7 @@ CONFIGURE_ARGS += \
--with-mib-modules="$(SNMP_MIB_MODULES_INCLUDED)" \
--with-out-transports="$(SNMP_TRANSPORTS_EXCLUDED)" \
--with-transports="$(SNMP_TRANSPORTS_INCLUDED)" \
- --without-openssl \
+ --with-openssl=internal \
--without-libwrap \
--without-rpm \
--without-zlib \
