Renamed cert_expiration -> certexp

so that the cert can still be parsed even it doesn't validate

colors.py

@@ -0,0 +1,26 @@
+class Colors:
+    """ ANSI color codes """
+    BLACK = "\033[0;30m"
+    RED = "\033[0;31m"
+    GREEN = "\033[0;32m"
+    BROWN = "\033[0;33m"
+    BLUE = "\033[0;34m"
+    PURPLE = "\033[0;35m"
+    CYAN = "\033[0;36m"
+    LIGHT_GRAY = "\033[0;37m"
+    DARK_GRAY = "\033[1;30m"
+    LIGHT_RED = "\033[1;31m"
+    LIGHT_GREEN = "\033[1;32m"
+    YELLOW = "\033[1;33m"
+    LIGHT_BLUE = "\033[1;34m"
+    LIGHT_PURPLE = "\033[1;35m"
+    LIGHT_CYAN = "\033[1;36m"
+    LIGHT_WHITE = "\033[1;37m"
+    BOLD = "\033[1m"
+    FAINT = "\033[2m"
+    ITALIC = "\033[3m"
+    UNDERLINE = "\033[4m"
+    BLINK = "\033[5m"
+    NEGATIVE = "\033[7m"
+    CROSSED = "\033[9m"
+    END = "\033[0m"

hosts.yaml

@@ -4,16 +4,22 @@ hosts:
     hostname: webassets.confederationcollege.ca
     actions:
       - ping
-      - httpcheck
+      - httpcheck:
+          endpoint: https://webassets.confederationcollege.ca
+      - certexp:
+          endpoint: webassets.confederationcollege.ca
+          expiration_warning_days: 30
   secureassets:
     hostname: secureassets.confederationcollege.ca
     actions:
       - ping
   cognos-test:
     hostname: cc-cognotest-01.confederationc.on.ca
-    port: 9300
     actions:
       - ping
+      - certexp:
+          endpoint: cc-cognotest-01.confederationc.on.ca:9300
+          expiration_warning_days: 30
   Solarwinds Service Desk:
     hostname: itsupport.confederationcollege.ca
     actions:
@@ -44,4 +50,9 @@ hosts:
     server: cc-apps-01
     actions:
       - ping
-
+  Gitlab:
+    hostname: cc-gitlab.confederationcollege.ca
+    actions:
+      - certexp:
+          endpoint: cc-gitlab.confederationcollege.ca
+          expiration_warning_days: 30

monimon.py

@@ -0,0 +1,49 @@
+#!/usr/bin/env python
+import yaml
+import pprint
+import json
+import sys
+sys.path.append('plugins')
+import pkgutil
+import importlib
+from colors import Colors
+plugins = {}
+for finder, name, ispkg in pkgutil.iter_modules(path=['plugins']):
+    plugins[name] = importlib.import_module(name)
+row_format = "{:<30} {:<10} {:<6}"
+
+def translate_status(status):
+    if status:
+        return f"{Colors.GREEN}Success{Colors.END}"
+    else:
+        return f"{Colors.RED}Failure{Colors.END}"
+
+
+with open('hosts.yaml', 'r') as file:
+    hosts = yaml.safe_load(file)
+
+for host, details in hosts['hosts'].items():
+    for action in details['actions']:
+        # Start building the arguments dict that will get passed to the plugin.
+        # By default, the only item is the hostname.
+        arguments = {'hostname': details['hostname']}
+
+        # Check if the action has any parameters defined in the YAML file, by
+        # checking if it's a string or a dict
+        if type(action) is str:
+            action_name = action
+        # If it's a dict, add each parameter to the arguments dict
+        elif type(action) is dict:
+            action_name = list(action)[0]
+            for argument, value in action[action_name].items():
+                arguments[argument] = value
+
+        #print(arguments)
+        result = getattr(plugins[action_name], action_name)(arguments)
+        #print(f"{host}\t{action_name}\t{result[0]}\t{result[1]}")
+        if type(result) is list:
+            print(row_format.format(f"{Colors.BOLD}{host}{Colors.END}", action_name, translate_status(result[0])))
+            print(f"{Colors.YELLOW}{result[1]}{Colors.END}")
+        else:
+            print(row_format.format(host, action_name, translate_status(result)))
+

monitor.py

@@ -1,20 +0,0 @@
-#!/usr/bin/env python
-import yaml
-import pprint
-import json
-import sys
-sys.path.append('plugins')
-import pkgutil
-import importlib
-plugins = {}
-for finder, name, ispkg in pkgutil.iter_modules(path=['plugins']):
-    plugins[name] = importlib.import_module(name)
-row_format = "{:<30}{:<10}{:<6}{:<20}"
-
-with open('hosts.yaml', 'r') as file:
-    hosts = yaml.safe_load(file)
-
-for host, details in hosts['hosts'].items():
-    for action in details['actions']:
-        result = getattr(plugins[action], action)(details['hostname'])
-        print(row_format.format(host, action, result[0], result[1]))

plugin.py

@@ -0,0 +1,8 @@
+from enum import Enum
+class Plugin:
+    class Status(Enum):
+        SUCCESS = "Succ"
+    i = 12345
+
+    def f(self):
+        return 'hello world'

plugins/certexp.py

@@ -0,0 +1,30 @@
+import ssl
+import OpenSSL
+from datetime import datetime,timedelta
+from socket import gaierror
+
+def certexp(args):
+    hostname = args['endpoint'].split(":")[0]
+    
+    try:
+        port = args['endpoint'].split(":")[1]
+    except IndexError:
+        port = 443
+
+    try:
+        cert = ssl.get_server_certificate((hostname, port))
+    except gaierror:
+        return [False, "Failed to connect to server."]
+
+    x509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, cert)
+    expiration_date = datetime.strptime(f"{x509.get_notAfter().decode("UTF-8")[0:-1]}UTC", "%Y%m%d%H%M%S%Z") 
+
+    if (expiration_date - timedelta(days = args['expiration_warning_days'])) < datetime.now():
+        status = False
+    else:
+        status = True
+          
+
+    return [status, f"Expiration: {expiration_date}"]
+
+

plugins/httpcheck.py

@@ -1,8 +1,9 @@
 import requests
 
-def httpcheck(host):
+# TODO: Check return status code
+def httpcheck(arguments):
     try:
-        r = requests.head(f"https://{host}")
+        r = requests.head(f"{arguments['endpoint']}")
-        return [True, r.status_code]
+        return [True, f"Status code: {r.status_code}"]
     except requests.ConnectionError:
-        return [False, r.status_code]
+        return [False, f"Status code: {r.status_code}"]

plugins/ping.py

@@ -1,13 +1,14 @@
 import os
 import subprocess
-
+import plugin
-def ping(host):
+x = plugin.Plugin()
-    response = subprocess.run(["ping","-c","1",host], 
+def ping(arguments):
+    response = subprocess.run(["ping","-c","1",arguments['hostname']], 
                               stdout = subprocess.DEVNULL, stderr = subprocess.PIPE)
     if response.returncode == 0:
-        return [True, ""]
+        return True
     elif response.stderr:
-        return [False, response.stderr]
+        return [False, response.stderr.decode("UTF-8")]
     else:
-        return [False, ""]
+        return False
     

plugins/ssl_expiration.py

@@ -0,0 +1,22 @@
+import ssl
+import socket
+
+def ssl_expiration(url):
+    context = ssl.create_default_context()
+
+    #context = ssl.SSLContext(ssl.PROTOCOL_TLS)
+
+    #context.check_hostname = False
+    #context.verify_mode = ssl.CERT_NONE
+    #context.options &= ~ssl.OP_NO_TLSv1
+    #context.options &= ~ssl.OP_NO_SSLv3
+    port = 443 if not "port" in details else details['port']
+    with context.wrap_socket(socket.socket(socket.AF_INET),
+                             server_hostname=details['hostname']) as conn:
+        conn.connect((details['hostname'], port))
+        cert = conn.getpeercert()
+        print()
+        print(host)
+        print(cert['serialNumber'])
+        print(cert['subject'][4][0][1])
+        print(cert['notAfter'])

requirements.txt

@@ -0,0 +1 @@
+PyYAML==6.0.2