Search Exchange
Search All Sites
Nagios Live Webinars
Let our experts show you how Nagios can help your organization.Login
Directory Tree
check_cert_signing_algorithm_secure
1.0.0
2016-01-07
- Nagios XI
GPL
6033
File | Description |
---|---|
CWSI_check_cert_signing_algorithm_secure.php | CWSI_check_cert_signing_algorithm_secure.php |
This check connects to a specified host:port with OpenSSL to determine the signing algorithm used on the server certificate. If the signing algorithm is on your specified list of "untrusted" algorithms the check will return WARNING/CRITICAL, otherwise it will return OK.
Requires OpenSSL on the system.
Tested on NagiosXI but cannot see why it would not support any other versions.
Commands/Services you might use:
define command {
command_name CWSI_check_cert_signing_algorithm_secure
command_line /usr/local/uptime/nagios/resources/scripts/CWSI_check_cert_signing_algorithm_secure.php -H $HOSTADDRESS$ -p $ARG1$ -u $ARG2$ -f $ARG3$
}
define service {
name CWSI_check_cert_signing_algorithm_secure_service
service_description CWSI_check_cert_signing_algorithm_secure_service
check_command CWSI_check_cert_signing_algorithm_secure!443!md5WithRSAEncryption,sha1WithRSAEncryption!WARNING!!!!!
}
Full help output from the check -
CWSI_check_cert_signing_algorithm_secure.php - v1.0.0
This plugin checks that the SSL certificate presented by a host is signed with a secure algorithm
Usage: CWSI_check_cert_signing_algorithm_secure.php -h | -H -p -u -f
NOTE: -H, -p, -u, -f are all required
Options:
-h
Print this help and usage message
-H
Host to query for certificate
-p
Port on the host to query
-u
Comma separated list of untrusted signature algorithms that should cause a failure of this check, eg. md5WithRSAEncryption,sha1WithRSAEncryption
-f
The code to be returned if an untrusted algorithm is detected, must be WARNING or CRITICAL
This plugin will use the openssl service to get the expiration date for the domain name.
Example:
$./CWSI_check_cert_signing_algorithm_secure.php -H www.google.com -p 443 -u md5WithRSAEncryption,sha1WithRSAEncryption -f CRITICAL
Requires OpenSSL on the system.
Tested on NagiosXI but cannot see why it would not support any other versions.
Commands/Services you might use:
define command {
command_name CWSI_check_cert_signing_algorithm_secure
command_line /usr/local/uptime/nagios/resources/scripts/CWSI_check_cert_signing_algorithm_secure.php -H $HOSTADDRESS$ -p $ARG1$ -u $ARG2$ -f $ARG3$
}
define service {
name CWSI_check_cert_signing_algorithm_secure_service
service_description CWSI_check_cert_signing_algorithm_secure_service
check_command CWSI_check_cert_signing_algorithm_secure!443!md5WithRSAEncryption,sha1WithRSAEncryption!WARNING!!!!!
}
Full help output from the check -
CWSI_check_cert_signing_algorithm_secure.php - v1.0.0
This plugin checks that the SSL certificate presented by a host is signed with a secure algorithm
Usage: CWSI_check_cert_signing_algorithm_secure.php -h | -H
NOTE: -H, -p, -u, -f are all required
Options:
-h
Print this help and usage message
-H
Host to query for certificate
-p
Port on the host to query
-u
Comma separated list of untrusted signature algorithms that should cause a failure of this check, eg. md5WithRSAEncryption,sha1WithRSAEncryption
-f
The code to be returned if an untrusted algorithm is detected, must be WARNING or CRITICAL
This plugin will use the openssl service to get the expiration date for the domain name.
Example:
$./CWSI_check_cert_signing_algorithm_secure.php -H www.google.com -p 443 -u md5WithRSAEncryption,sha1WithRSAEncryption -f CRITICAL
Reviews (0)
Be the first to review this listing!