monitors:sslname.sh

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
monitors:sslname.sh [2015/11/10 04:47] – [Installation] jccleavermonitors:sslname.sh [2019/08/28 08:24] (current) – [Description] antivirusnoeron
Line 7: Line 7:
 ^ Last Update | 2015-11-09 | ^ Last Update | 2015-11-09 |
  
-===== Description ===== +Antivirus-Norton Internet Security is a security software product from Symantec. Packed with features to protect your PC from all kinds of online threats and the main programs in this award-winning software are antivirus, anti-spyware, firewall and antispam protection. Download Norton antivirus from . 
- +[[http://antivirus-norton.com|norton.com/setup]] 
-Originating thread here: http://www.xymon.com/archive/2010/06/msg00148.html +Author:John Smith0, a creative person who puts his skills in Technical writing by making everything easier for readers to understand the complexity of any tech related issue.  Many popular e-magazines have released his articles. He has also been writing to people’s query related to technology like office.com/setupMcAfee, Norton and many more. 
- +[[https://d-mcafee.com/|mcafee.com/activate]] | [[https://iamcafee.com/|mcafee.com/activate]] | [[https://bitstamp.help-desk-number.com/bitstamp-login/| bitstamp login]]
-A small script that checks "sslcert" tests and tries to verify that the common name ("CN="in the resulting ssl certificate matches the URL that we tried to reach (eg, https://secure.example.com/) It reports the status under a new test name, "sslname", or can optionally send a 'modify' message to alter the original "sslcert" testWildcard certificates are taken into account, since we're matching using extended grep.+
  
 ===== Installation ===== ===== Installation =====
Line 90: Line 89:
    # TODO: We should loop over all common names and try to figure out what the relevant URLs are below    # TODO: We should loop over all common names and try to figure out what the relevant URLs are below
    #   For now, we sort and take the first one.    #   For now, we sort and take the first one.
-    COMMONNAME="`echo \"$SSLDATA\" | grep CN= | perl -pe 's/^.*CN=([\w\.\-\*]+).*$/\1/' | sort | uniq | head -n 1`"+    COMMONNAME="`echo \"$SSLDATA\" | grep -v issuer: | grep CN= | perl -pe 's/^.*CN=([\w\.\-\*]+).*$/\1/' | sort | uniq | head -n 1`"
     if [ -z "$COMMONNAME" ] ; then     if [ -z "$COMMONNAME" ] ; then
  echo "Couldn't find a 'common name' for $THISHOST..." >&2  echo "Couldn't find a 'common name' for $THISHOST..." >&2
Line 146: Line 145:
 ===== Known Bugs and Issues ===== ===== Known Bugs and Issues =====
  
-This is targeted mainly at %%https://%% tests; YMMV with "sslcert" results from other types of tests (imaps, smtps, pop3s, etc).+sslcert tests that are a result of multiple SSL_enabled services tested by xymonnet should be tested individually against the URLs (or server name) in question and the worst state flagged. 
 + 
 +Wildcards are handled via regex, however this will lead to a false negative if your wildcard is for a more root-ward subdomain. Eg, *.example.net will be seen as an acceptable common name for https://server.dc.example.net/ when it really isn't. 
 + 
 +This was targeted mainly at %%https://%% tests; "sslcert" results from other types of tests (imaps, smtps, pop3s, etc) are tested against the server name only. YMMV.
  
 ===== To Do ===== ===== To Do =====
Line 155: Line 158:
  
 ===== Changelog ===== ===== Changelog =====
 +
 +  * **2015-11-10**
 +    * Minor bug fixes and clean-up
  
   * **2012-04-27**   * **2012-04-27**
  • monitors/sslname.sh.1447130841.txt.gz
  • Last modified: 2015/11/10 04:47
  • by jccleaver