Ошибка в Zabbix при мониторинге сертификатов

Ошибка в Zabbix при мониторинге сертификатов

Есть такой давно известный скрипт zext_ssl_cert.sh. Он используется в шаблоне Template SSL Cert Check and Domain expired. Когда запрашивается кол-во дней до окончания сертификата, то zabbix отдаёт ошибку:

Value of type "string" is not suitable for value type "Numeric (float)". Value "sed: couldn't write 64 items to stdout: Broken pipe
221"

Ответ я нашёл здесь — https://www.zabbix.com/forum/zabbix-help/45210-ssl-certificate-check-is-not-suitable-for-value-type.

Проблема к скрипте. Привожу вариант валидного варианта скрипта, который так же есть по ссылке:

#! /bin/sh
#------------------------------------------------------------
# zext_ssl_cert.sh
# Script checks for number of days until certificate expires or the issuing authority
# depending on switch passed on command line.
#
#Based on script from aperto.fr (http://aperto.fr/cms/en/blog/15-blog-en/15-ssl-certificate-expiration-monitoring-with-zabbix.html)
#with additions by racooper@tamu.edu
#Hivlaher additions for FreeBSD. Made the changes needed for the
#date command so it works with FreeBSD date:)
#Also added a sed command to cut the " GMT" on the $end_date so
#it doesnt give an ignore error. So if your timezone is not GMT
#you may have to condider the Time difference :)
#
# 2016-06-06 Fix broken pipe error by Santyaga
#------------------------------------------------------------

DEBUG=0
if [ $DEBUG -gt 0 ]
then
exec 2>>/tmp/my.log
set -x
fi

f=$1
host=$2
port=$3
sni=$4
proto=$5

if [ -z "$sni" ]
then
servername=$host
else
servername=$sni
fi

if [ -n "$proto" ]
then
starttls="-starttls $proto"
fi

case $f in
-d)
fix_broken_pipe=`openssl s_client -servername $servername -connect $host:$port -showcerts $starttls </dev/null 2>/dev/null |
sed -n '/BEGIN CERTIFICATE/,/END CERT/p'`

end_date=`echo "$fix_broken_pipe" | openssl x509 -enddate -noout 2>/dev/null |
sed -n 's/notAfter=//p' |
sed 's/ GMT//g'`

if [ -n "$end_date" ]
then
end_date_seconds=`date '+%s' --date "$end_date"`
# end_date_seconds=`date -j -f "%b %d %T %Y" "$end_date" "+%s"`
# echo $end_date
now_seconds=`date '+%s'`
# echo $now_seconds
echo "($end_date_seconds-$now_seconds)/24/3600" | bc
fi
;;

-i)
fix_broken_pipe=`openssl s_client -servername $servername -connect $host:$port -showcerts $starttls </dev/null 2>/dev/null |
sed -n '/BEGIN CERTIFICATE/,/END CERT/p'`

issue_dn=`echo "$fix_broken_pipe" | openssl x509 -issuer -noout 2>/dev/null |
sed -n 's/issuer=//p'`

if [ -n "$issue_dn" ]
then
issuer=`echo $issue_dn | sed -n 's/.*CN=*//p'`
echo $issuer
fi
;;
*)
echo "usage: $0 [-i|-d] hostname port sni"
echo " -i Show Issuer"
echo " -d Show valid days remaining"
;;
esac

 

 

Добавить комментарий