1. Forum
  2. FidoNet
  3. ALT.OS.LINUX.MAGEIA

  • Have you checked your security certs lately?

    From Bit Twister@2:250/1 to All on Tue Dec 1 12:38:52 2020
    Have you checked your security certs lately?

    /etc/cron.monthly/_monthly:
    /local/cron/monthly/ch_4_expired_certs:
    /etc/pki/tls/certs/httpd.pem expires 20201215 Warning. /etc/pki/tls/certs/postfix.pem expires 20201215 Warning.
    Mageia release 7 (Official) for x86_64

    Above is from wb.home.test /local/cron/monthly/ch_4_expired_certs

    Hmmm, I see I will need to modify my script to tell me how to generate
    new certs.

    For anyone wanting the script:
    -------8<-------8<-------8<---cut below this line----8<-------8<-------8< #!/bin/bash #********************************************************************
    #*
    #* ch_4_expired_certs - Check for expired certificates or
    #* certificates that will expire next month
    #* or certs that were not readable by openssl
    #*
    #* Usually called from cron monthly.
    #*
    #* This is free software released to public domain.
    #* Do with it whatever you want.
    #*
    #********************************************************************

    _exe=$0
    set -u # Show usage of unset variables as an error to help catch typos.

    _after=""
    declare -i _after_yyyymmdd=0
    _cert=""
    _fault_count=0
    _msg=""
    declare -i _next_mm=$(date --date="today + 1 month" +%Y%m%d)
    declare -i _today=$(date --date="today" +%Y%m%d)

    while read -r _cert ; do
    _after=$(openssl x509 -in $_cert -noout -enddate 2> /dev/null)
    if [ $? -eq 0 ] ; then
    set -- $(IFS='= ' ; echo $_after)
    _after_yyyymmdd=$(date --date="${3}-${2}-${5}" +%Y%m%d)

    _msg=""
    if [ $_after_yyyymmdd -lt $_next_mm ] ; then
    _msg="expires $_after_yyyymmdd Warning."
    fi

    if [ $_after_yyyymmdd -lt $_today ] ; then
    _msg="expired $_after_yyyymmdd Error."
    fi

    if [ -n "${_msg:-""}" ] ; then
    echo "$_cert $_msg"
    _fault_flag=1
    fi
    else
    echo "Error reading $_cert"
    _fault_flag=1
    fi # end if [ $? -eq 0 ]
    done < <(locate \.pem \
    | grep -vE "/private/|/doc/|key\.|dh.pem|objsign-ca-bundle.pem")

    if [ $_fault_flag -ne 0 ] ; then
    cat /etc/release
    echo "
    Above is from $(hostname) $_exe
    "
    exit 1
    fi

    #************ end /local/bin/ch_4_expired_certs ********************

    --- MBSE BBS v1.0.7.17 (GNU/Linux-x86_64)
    * Origin: A noiseless patient Spider (2:250/1@fidonet)