监控SSL证书过期
check_cert.sh
#! /bin/sh
host=$1
port=$2
end_date=`openssl s_client -host $host -port $port -showcerts </dev/null 2>/dev/null |
sed -n '/BEGIN CERTIFICATE/,/END CERT/p' |
openssl x509 -text 2>/dev/null |
sed -n 's/ *Not After : *//p'`
# openssl 检验和验证SSL证书。
# </dev/null 定向标准输入,防止交互式程序Hang。从/dev/null 读时,直接读出0 。
# sed -n 和p 一起使用,仅显示匹配到的部分。 //,// 区间匹配。
# openssl x509 -text 解码证书信息,包含证书的有效期。
if [ -n "$end_date" ]
then
end_date_seconds=`date '+%s' --date "$end_date"`
# date指令format字符串时间。
now_seconds=`date '+%s'`
echo "($end_date_seconds-$now_seconds)/24/3600" | bc
fi
使用:
./check_cert.sh IP PORT
一个采集服务器所接交换机端口信息的脚本(支持CISCO和H3C的交换机)
#!/bin/sh
function cisco(){
net=$1
tcpdump -nn -v -i $net -s 1500 -c 1 'ether[20:2] == 0x2000' > /tmp/tmp_get_port &
sleep 60
killall -9 tcpdump && return
switch=`egrep "Device-ID|Device-ID" /tmp/tmp_get_port|sed "s/'//g"|awk '{print $NF}'`
port=`egrep "Port-ID|Port-ID" /tmp/tmp_get_port|sed "s/'//g"|awk '{print $NF}'`
vlan=`grep "VLAN ID" /tmp/tmp_get_port|awk '{print $NF}'`
echo $switch > /tmp/tmp_get_port
echo $port >> /tmp/tmp_get_port
echo $vlan>> /tmp/tmp_get_port
}
function h3c(){
net=$1
tcpdump -i $net ether proto 0x88cc -A -s0 -t -c 1 -v > /tmp/tmp_get_port &
sleep 60
killall -9 tcpdump && cisco $net && return
switch=`grep "System Name TLV" /tmp/tmp_get_port|sed -n '1p' |awk '{print $NF}'`
port=`grep "Subtype Interface Name" /tmp/tmp_get_port|sed -n '1p' |awk '{print $NF}'`
vlan=`grep "port vlan id" /tmp/tmp_get_port|sed -n '1p' |awk '{print $NF}'`
echo $switch > /tmp/tmp_get_port
echo $port >> /tmp/tmp_get_port
echo $vlan>> /tmp/tmp_get_port
}
echo ""> /tmp/tmp_net_list
netlist=`ifconfig|egrep -i "eth|em|p2p"|awk '{print $1}'|grep -v ":"`
for net in `echo $netlist`;do
h3c $net
switch=`sed -n '1p' /tmp/tmp_get_port`
port=`sed -n '2p' /tmp/tmp_get_port`
vlan=`sed -n '3p' /tmp/tmp_get_port`
echo $net" "$switch" "$port" "$vlan >> /tmp/tmp_net_list
done
