mirror of
https://git.freebsd.org/ports.git
synced 2025-06-29 16:40:31 -04:00
0de11ff4ff
Add a periodic script that will warn of impending certifiate expiration. PR: 257464 Approved by: dries (maintainer, ports) Sponsored by: Axcient
41 lines
929 B
Bash
41 lines
929 B
Bash
#!/bin/sh
|
|
|
|
# Check zrepl SSL certificates for impending expiration each week
|
|
#
|
|
# Add the following lines to /etc/periodic.conf:
|
|
#
|
|
# weekly_zrepl_enable (bool): Set to "NO" by default
|
|
# weekly_zrepl_warntime (int): Set to one month's worth of seconds by default
|
|
|
|
# If there is a global system configuration file, suck it in.
|
|
#
|
|
if [ -r /etc/defaults/periodic.conf ]
|
|
then
|
|
. /etc/defaults/periodic.conf
|
|
source_periodic_confs
|
|
fi
|
|
|
|
# 30 days in seconds
|
|
: ${weekly_zrepl_warntime="2592000"}
|
|
|
|
rc=0
|
|
case "$weekly_zrepl_enable" in
|
|
[Yy][Ee][Ss])
|
|
echo
|
|
echo "Check Zrepl certificates for upcoming expiration:"
|
|
|
|
for cert in `/usr/bin/find %%ETCDIR%% -maxdepth 1 -name *.crt`; do
|
|
/usr/bin/openssl x509 --in "${cert}" \
|
|
-checkend "${weekly_zrepl_warntime}"
|
|
|
|
if [ $? -gt 0 ]; then
|
|
echo "${cert} will expire soon"
|
|
/usr/bin/openssl x509 --in "${cert}" -noout -enddate
|
|
rc=3
|
|
fi
|
|
done
|
|
;;
|
|
*) rc=0;;
|
|
esac
|
|
|
|
exit $rc
|