LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 05-09-2014, 07:19 AM   #1
Iyyappan
Member
 
Registered: Dec 2008
Location: Chennai, India
Distribution: CentOS 5, SLES 11
Posts: 245

Rep: Reputation: 4
Domain Expiry Script


Hi,

I m using the script from this site http://www.cyberciti.biz/tips/domain-check-script.html to monitor domain expiry. Have modified it to monitor other domain sites.. But sites with three names, I am unable to get an o/p. Sites like email.domain.com is not working..

I m getting unknown as o/p

Domain Registrar Status Expires Days Left
----------------------------------- ---------------------------------------- -------------------- ----------- ---------
email.xxxx.com Unknown Unknown Unknown Unknown

Let me know how to modify the script to monitor email.xxxxx.com
 
Old 05-09-2014, 08:24 AM   #2
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7
Posts: 3,162

Rep: Reputation: 1361Reputation: 1361Reputation: 1361Reputation: 1361Reputation: 1361Reputation: 1361Reputation: 1361Reputation: 1361Reputation: 1361Reputation: 1361
email.xxxxx.com is simply a sub-domain of xxxxx.com it will not have its own registration or expiry.

It is therefore pointless to check for email.xxxxx.com
 
Old 05-09-2014, 08:27 AM   #3
Iyyappan
Member
 
Registered: Dec 2008
Location: Chennai, India
Distribution: CentOS 5, SLES 11
Posts: 245

Original Poster
Rep: Reputation: 4
ok s i cross checked both email.xxxx.com and xxxx.com and both are same....thanks
 
Old 05-09-2014, 08:54 AM   #4
Iyyappan
Member
 
Registered: Dec 2008
Location: Chennai, India
Distribution: CentOS 5, SLES 11
Posts: 245

Original Poster
Rep: Reputation: 4
I have many subdomain sites..... Certificate expiry of subdomain ( abc.werty.com ) is different than domain ( werty.com ) as certificates were procured at different dates.


o/p of script is uknown where ever there is subdomain.
 
Old 05-09-2014, 09:18 AM   #5
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7
Posts: 3,162

Rep: Reputation: 1361Reputation: 1361Reputation: 1361Reputation: 1361Reputation: 1361Reputation: 1361Reputation: 1361Reputation: 1361Reputation: 1361Reputation: 1361
Are you now asking about SSL certificate expiry for abc.werty.com rather than domain registration expiry?
 
Old 05-19-2014, 12:47 AM   #6
Iyyappan
Member
 
Registered: Dec 2008
Location: Chennai, India
Distribution: CentOS 5, SLES 11
Posts: 245

Original Poster
Rep: Reputation: 4
Yes I am asking about SSL certificate expiry for abc.werty.com. ssl expiry script is working only for sites which has one name like google.com, yahoo.com.. If site name is like abc.werty.com, it gives dates left as -2456793. We have many sites like abc.werty.com, for which we need to monitor ssl expiry ..

Last edited by Iyyappan; 05-19-2014 at 01:00 AM.
 
Old 05-19-2014, 01:15 AM   #7
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7
Posts: 3,162

Rep: Reputation: 1361Reputation: 1361Reputation: 1361Reputation: 1361Reputation: 1361Reputation: 1361Reputation: 1361Reputation: 1361Reputation: 1361Reputation: 1361
This will give the certificate expiry date, feel free to write a whole script around it.

Code:
#!/bin/bash

DOMAIN=abc.werty.com

EXPIRES=$(echo | openssl s_client -connect ${DOMAIN}:443 2>/dev/null | openssl x509 -noout -dates | grep notAfter | awk -F= {'print $2'})

echo "SSL Cert Expires: ${EXPIRE"
 
Old 05-19-2014, 01:33 AM   #8
Iyyappan
Member
 
Registered: Dec 2008
Location: Chennai, India
Distribution: CentOS 5, SLES 11
Posts: 245

Original Poster
Rep: Reputation: 4
I tried urs for google.com domain. I get the below output

SSL Cert Expires: Aug 5 00:00:00 2014 GMT


I used the below script.. This works for sites like gmail.com, yahoo.com, google.com....

####sh test.sh -d google.com

Domain Registrar Status Expires Days Left
----------------------------------- ----------------- -------- ----------- ---------
MARKMONITOR INC.
google.com MARKMONITOR INC. Valid 14-sep-2020 2310

But it does not work for domains like abc.werty.com.... for example below one

sh test.sh -d email.google.com

Domain Registrar Status Expires Days Left
----------------------------------- ----------------- -------- ----------- ---------

email.google.com Unknown Unknown Unknown Unknown


PATH=/bin:/usr/bin:/usr/local/bin:/usr/local/ssl/bin:/usr/sfw/bin ; export PATH

# Who to page when an expired domain is detected (cmdline: -e)
ADMIN="sysadmin@mydomain.com"

# Number of days in the warning threshhold (cmdline: -x)
WARNDAYS=30

# If QUIET is set to TRUE, don't print anything on the console (cmdline: -q)
QUIET="FALSE"

# Don't send emails by default (cmdline: -a)
ALARM="FALSE"

# Whois server to use (cmdline: -s)
WHOIS_SERVER="whois.internic.org"

# Location of system binaries
AWK="/bin/awk"
WHOIS="/usr/bin/whois"
DATE="/bin/date"

# Place to stash temporary files
WHOIS_TMP="/var/tmp/whois.$$"

#############################################################################
# Purpose: Convert a date from MONTH-DAY-YEAR to Julian format
# Acknowledgements: Code was adapted from examples in the book
# "Shell Scripting Recipes: A Problem-Solution Approach"
# ( ISBN 1590594711 )
# Arguments:
# $1 -> Month (e.g., 06)
# $2 -> Day (e.g., 08)
# $3 -> Year (e.g., 2006)
#############################################################################
date2julian()
{
if [ "${1} != "" ] && [ "${2} != "" ] && [ "${3}" != "" ]
then
## Since leap years add aday at the end of February,
## calculations are done from 1 March 0000 (a fictional year)
d2j_tmpmonth=$((12 * ${3} + ${1} - 3))
## If it is not yet March, the year is changed to the previous year
d2j_tmpyear=$(( ${d2j_tmpmonth} / 12))

## The number of days from 1 March 0000 is calculated
## and the number of days from 1 Jan. 4713BC is added
echo $(( (734 * ${d2j_tmpmonth} + 15) / 24 - 2 * ${d2j_tmpyear} + ${d2j_tmpyear}/4
- ${d2j_tmpyear}/100 + ${d2j_tmpyear}/400 + $2 + 1721119 ))
else
echo 0
fi
}

#############################################################################
# Purpose: Convert a string month into an integer representation
# Arguments:
# $1 -> Month name (e.g., Sep)
#############################################################################
getmonth()
{
LOWER=`tolower $1`

case ${LOWER} in
jan) echo 1 ;;
feb) echo 2 ;;
mar) echo 3 ;;
apr) echo 4 ;;
may) echo 5 ;;
jun) echo 6 ;;
jul) echo 7 ;;
aug) echo 8 ;;
sep) echo 9 ;;
oct) echo 10 ;;
nov) echo 11 ;;
dec) echo 12 ;;
*) echo 0 ;;
esac
}

#############################################################################
# Purpose: Calculate the number of seconds between two dates
# Arguments:
# $1 -> Date #1
# $2 -> Date #2
date_diff()
{
if [ "${1}" != "" ] && [ "${2}" != "" ]
then
echo $(expr ${2} - ${1})
else
echo 0
fi
}

##################################################################
# Purpose: Converts a string to lower case
# Arguments:
# $1 -> String to convert to lower case
##################################################################
tolower()
{
LOWER=`echo ${1} | tr [A-Z] [a-z]`
echo $LOWER
}

##################################################################
# Purpose: Access whois data to grab the registrar and expiration date
# Arguments:
# $1 -> Domain to check
##################################################################
check_domain_status()
{
# Save the domain since set will trip up the ordering
DOMAIN=${1}

# Invoke whois to find the domain registrar and expiration date
${WHOIS} -h ${WHOIS_SERVER} "=${1}" > ${WHOIS_TMP}

# Parse out the expiration date and registrar -- uses the last registrar it finds
REGISTRAR=`cat ${WHOIS_TMP} | ${AWK} -F: '/Registrar/ && $2 != "" { REGISTRAR=substr($2,2,17) } END { print REGISTRAR }'`
echo $REGISTRAR
# If the Registrar is NULL, then we didn't get any data
if [ "${REGISTRAR}" = "" ]
then
prints "$DOMAIN" "Unknown" "Unknown" "Unknown" "Unknown"
return

fi

# The whois Expiration data should resemble teh following: "Expiration Date: 09-may-2008"
DOMAINDATE=`cat ${WHOIS_TMP} | ${AWK} '/Expiration/ { print $NF }'`

# Whois data should be in the following format: "13-feb-2006"
IFS="-"
set -- ${DOMAINDATE}
MONTH=$(getmonth ${2})
IFS=""

# Convert the date to seconds, and get the diff between NOW and the expiration date
DOMAINJULIAN=$(date2julian ${MONTH} ${1#0} ${3})
DOMAINDIFF=$(date_diff ${NOWJULIAN} ${DOMAINJULIAN})

if [ ${DOMAINDIFF} -lt 0 ]
then
if [ "${ALARM}" = "TRUE" ]
then
echo "The domain ${DOMAIN} has expired!" \
| ${MAIL} -s "Domain ${DOMAIN} has expired!" ${ADMIN}
fi

prints ${DOMAIN} "Expired" "${DOMAINDATE}" "${DOMAINDIFF}" ${REGISTRAR}

elif [ ${DOMAINDIFF} -lt ${WARNDAYS} ]
then
if [ "${ALARM}" = "TRUE" ]
then
echo "The domain ${DOMAIN} will expire on ${DOMAINDATE}" \
| ${MAIL} -s "Domain ${DOMAIN} will expire in ${WARNDAYS}-days or less" ${ADMIN}
fi
prints ${DOMAIN} "Expiring" "${DOMAINDATE}" "${DOMAINDIFF}" "${REGISTRAR}"
else
prints ${DOMAIN} "Valid" "${DOMAINDATE}" "${DOMAINDIFF}" "${REGISTRAR}"
fi
}

####################################################
# Purpose: Print a heading with the relevant columns
# Arguments:
# None
####################################################

print_heading()
{
if [ "${QUIET}" != "TRUE" ]
then
printf "\n%-35s %-17s %-8s %-11s %-5s\n" "Domain" "Registrar" "Status" "Expires" "Days Left"
echo "----------------------------------- ----------------- -------- ----------- ---------"
fi
}

#####################################################################
# Purpose: Print a line with the expiraton interval
# Arguments:
# $1 -> Domain
# $2 -> Status of domain (e.g., expired or valid)
# $3 -> Date when domain will expire
# $4 -> Days left until the domain will expire
# $5 -> Domain registrar
#####################################################################
prints()
{
if [ "${QUIET}" != "TRUE" ]
then
MIN_DATE=$(echo $3 | ${AWK} '{ print $1, $2, $4 }')
printf "%-35s %-17s %-8s %-11s %-5s\n" "$1" "$5" "$2" "$MIN_DATE" "$4"
fi
}

##########################################
# Purpose: Describe how the script works
# Arguments:
# None
##########################################
usage()
{
echo "Usage: $0 [ -e email ] [ -x expir_days ] [ -q ] [ -a ] [ -h ]"
echo " {[ -d domain_namee ]} || { -f domainfile}"
echo ""
echo " -a : Send a warning message through email "
echo " -d domain : Domain to analyze (interactive mode)"
echo " -e email address : Email address to send expiration notices"
echo " -f domain file : File with a list of domains"
echo " -h : Print this screen"
echo " -s whois server : Whois sever to query for information"
echo " -q : Don't print anything on the console"
echo " -x days : Domain expiration interval (eg. if domain_date < days)"
echo ""
}

### Evaluate the options passed on the command line
while getopts ae:f:hd:s:qx: option
do
case "${option}"
in
a) ALARM="TRUE";;
e) ADMIN=${OPTARG};;
d) DOMAIN=${OPTARG};;
f) SERVERFILE=$OPTARG;;
s) WHOIS_SERVER=$OPTARG;;
q) QUIET="TRUE";;
x) WARNDAYS=$OPTARG;;
\?) usage
exit 1;;
esac
done

### Check to see if the whois binary exists
if [ ! -f ${WHOIS} ]
then
echo "ERROR: The whois binary does not exist in ${WHOIS} ."
echo " FIX: Please modify the \$WHOIS variable in the program header."
exit 1
fi

### Check to make sure a date utility is available
if [ ! -f ${DATE} ]
then
echo "ERROR: The date binary does not exist in ${DATE} ."
echo " FIX: Please modify the \$DATE variable in the program header."
exit 1
fi

### Baseline the dates so we have something to compare to
MONTH=$(${DATE} "+%m")
DAY=$(${DATE} "+%d")
YEAR=$(${DATE} "+%Y")
NOWJULIAN=$(date2julian ${MONTH#0} ${DAY#0} ${YEAR})

### Touch the files prior to using them
touch ${WHOIS_TMP}

### If a HOST and PORT were passed on the cmdline, use those values
if [ "${DOMAIN}" != "" ]
then
print_heading
check_domain_status "${DOMAIN}"
### If a file and a "-a" are passed on the command line, check all
### of the domains in the file to see if they are about to expire
elif [ -f "${SERVERFILE}" ]
then
print_heading
while read DOMAIN
do
check_domain_status "${DOMAIN}"

done < ${SERVERFILE}

### There was an error, so print a detailed usage message and exit
else
usage
exit 1
fi

# Add an extra newline
echo

### Remove the temporary files
rm -f ${WHOIS_TMP}

### Exit with a success indicator
exit 0
 
Old 05-19-2014, 01:41 AM   #9
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7
Posts: 3,162

Rep: Reputation: 1361Reputation: 1361Reputation: 1361Reputation: 1361Reputation: 1361Reputation: 1361Reputation: 1361Reputation: 1361Reputation: 1361Reputation: 1361
Quote:
Originally Posted by Iyyappan View Post
I tried urs for google.com domain. I get the below output

SSL Cert Expires: Aug 5 00:00:00 2014 GMT
Which is the date that shows up when I check the cert in my browser, what's your point?
 
Old 06-04-2014, 05:58 AM   #10
Iyyappan
Member
 
Registered: Dec 2008
Location: Chennai, India
Distribution: CentOS 5, SLES 11
Posts: 245

Original Poster
Rep: Reputation: 4
Can u help me finding ssl expiry as well...

openssl s_client -connect hostnameort > cert
openssl x509 -in cert -noout -enddate

Above one is working fine, but I have many mutual authentication websites..... I have imported .pfx certificates in browsers to access those sites...


Can u help to pass the .pfx certificates in openssl s_client command to get ssl expiry details..

I converted .pfx to .pem and tried but I am receiving ssl handshake error, but same is working fine in browser.. think I am passing the certs wrongly

openssl s_client -CAfile /tmp/ac-abc.pem -host abc-ws.site.com -port 443

CONNECTED(00000003)
depth=2 /DC=com/DC=site/OU=applications/OU=entrust/CN=SITECA1
verify error:num=19:self signed certificate in certificate chain
verify return:0
29880:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1086:SSL alert number 40
29880:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:
 
Old 06-04-2014, 06:06 AM   #11
Iyyappan
Member
 
Registered: Dec 2008
Location: Chennai, India
Distribution: CentOS 5, SLES 11
Posts: 245

Original Poster
Rep: Reputation: 4
Below one worked but I did not get the ssl expiry dates in it ..

openssl s_client -cert /tmp/ac-abc.pem -connect abc-ws.site.com:443

This gives details of Certificate chain, Server certificate, Acceptable client certificate CA names..
 
Old 06-04-2014, 06:30 AM   #12
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 7.7 (?), Centos 8.1
Posts: 17,847

Rep: Reputation: 2584Reputation: 2584Reputation: 2584Reputation: 2584Reputation: 2584Reputation: 2584Reputation: 2584Reputation: 2584Reputation: 2584Reputation: 2584Reputation: 2584
Lots of good examples here http://www.madboa.com/geek/openssl/#cs-smtp
 
Old 06-05-2014, 01:06 AM   #13
Iyyappan
Member
 
Registered: Dec 2008
Location: Chennai, India
Distribution: CentOS 5, SLES 11
Posts: 245

Original Poster
Rep: Reputation: 4
can u help to fix this script..

#!/bin/bash
rm /tmp/check.txt
MAILTO="me@gmail.com"
for i in abc.site.com def.site.com
do
openssl s_client -connect $i:443 2> /dev/null| openssl x509 -enddate -noout|sed 's/notAfter\=//' >> /tmp/check.txt
d0=`cat /tmp/check.txt`
while IFS=: read line
do
d1=$(($(($(date --date="$d0" "+%s") - $(date "+%s"))) / 86400))
done < $d0
if [ "$d1" -lt "90" ]; then
echo "Warning: SSL Certificate for $i expires on $d0 has $d1 days until expiry." | /usr/bin/mutt -F /root/.rmuttrc -e 'set content_type="text/html"' $MAILTO -s "SSL Expiry Status"
else
echo "Certificate for $i is valid till $d0"
fi
done

Ouput of /tmp/check.txt
Sep 9 12:00:00 2014 GMT
Apr 8 15:53:21 2023 GMT


Ouput of script is

usr/local/sysadm/sslcheck.sh: line 4: Sep 9 12:00:00 2014 GMT: No such file or directory
/usr/local/sysadm/sslcheck.sh: line 12: [: : integer expression expected
Certificate for abc.site.com is valid till Sep 9 12:00:00 2014 GMT
/usr/local/sysadm/sslcheck.sh: line 4: Sep 9 12:00:00 2014 GMT
Apr 8 15:53:21 2023 GMT: No such file or directory
/usr/local/sysadm/sslcheck.sh: line 12: [: : integer expression expected
Certificate for def.site.com is valid till Sep 9 12:00:00 2014 GMT
Apr 8 15:53:21 2023 GMT
 
Old 06-05-2014, 01:26 AM   #14
Iyyappan
Member
 
Registered: Dec 2008
Location: Chennai, India
Distribution: CentOS 5, SLES 11
Posts: 245

Original Poster
Rep: Reputation: 4
modified a bit

#!/bin/bash
rm /tmp/check.txt
MAILTO="me@gmail.com"
for i in abc.site.com def.site.com
do
openssl s_client -connect $i:443 2> /dev/null| openssl x509 -enddate -noout|sed 's/notAfter\=//' > /tmp/check.txt
d0=`cat /tmp/check.txt`
while IFS=: read line
do
d1=$(($(($(date --date="$d0" "+%s") - $(date "+%s"))) / 86400))
done < $d0
if [ "$d1" -lt "90" ]; then
echo "Warning: SSL Certificate for $i expires on $d0 has $d1 days until expiry." | /usr/bin/mutt -F /root/.rmuttrc -e 'set content_type="text/html"' $MAILTO -s "SSL Expiry Status"
else
echo "Certificate for $i is valid till $d0"
fi
done

OUPUT

/usr/local/sysadm/sslcheck.sh: line 4: Sep 9 12:00:00 2014 GMT: No such file or directory
/usr/local/sysadm/sslcheck.sh: line 12: [: : integer expression expected
Certificate for abc.site.com is valid till Sep 9 12:00:00 2014 GMT
/usr/local/sysadm/sslcheck.sh: line 4: Apr 8 15:53:21 2023 GMT: No such file or directory
/usr/local/sysadm/sslcheck.sh: line 12: [: : integer expression expected
Certificate for def.site.com is valid till Apr 8 15:53:21 2023 GMT


Where am I doing mistake...
 
Old 06-05-2014, 06:21 AM   #15
Iyyappan
Member
 
Registered: Dec 2008
Location: Chennai, India
Distribution: CentOS 5, SLES 11
Posts: 245

Original Poster
Rep: Reputation: 4
I did a blunder mistake... fixed the script..its working fine...


#!/bin/bash
rm /tmp/check.txt
MAILTO="email@gmail.com"

for i in `cat /usr/local/sysadm/domains.txt`
do
openssl s_client -connect $i:443 2> /dev/null| openssl x509 -enddate -noout|sed 's/notAfter\=//' > /tmp/check.txt
d0="/tmp/check.txt"

while IFS=" :" read -r line

do

d1=$(($(($(date --date="$line" "+%s") - $(date "+%s"))) / 86400))
done < "$d0"
if [ "$d1" -lt "90" ]; then
echo "Warning: SSL Certificate for $i expires on $d0 has $d1 days until expiry." | /usr/bin/mutt -F /root/.rmuttrc -e 'set content_type="text/html"' $MAILTO -s "SSL Expiry Status"
else
echo "Certificate for $i is valid till $line. Days present $d1"
fi
done
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Shell Script to extract User account expiry details getraj.12 Programming 3 04-29-2013 11:46 AM
User expiry Script. gsiva Linux - General 13 11-21-2012 09:10 AM
LDAP Account Password Expiry Script Doknik Linux - Newbie 1 08-04-2011 04:36 AM
How to monitor certificate expiry date using a linux script jefn Programming 6 04-27-2009 04:37 AM
Shell script for password expiry alert bhandu Linux - General 1 06-13-2007 04:19 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 04:23 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration