cacert
/
icinga-zones
8
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
main
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'main'
${ noResults }
icinga-zones/global-templates/commands.conf

313 lines
8.9 KiB
Plaintext
Raw Permalink Blame History

// vim: set ft=icinga2 et sw=2 ts=2 si ai:
/*
* Checks the validity of a custom CA certificate (like a Icinga or Puppet CA).
*/
object CheckCommand "custom_ca_cert" {
command = [ PluginContribDir + "/check_ssl_cert" ]
arguments = {
"-f" = {
value = "$ssl_cert_file$"
description = "Local file path (works with -H localhost only)"
}
"-s" = {
set_if = "$ssl_cert_selfsigned$"
description = "Allow self-signed certificate"
}
"-A" = {
set_if = "$ssl_cert_noauth$"
description = "Ignore authority warnings (expiration only)"
}
"--ignore-maximum-validity" = {
set_if = "$ssl_cert_ignore_maximum_validity$"
description = "Ignore the certificate maximum validity"
}
"--allow-empty-san" = {
set_if = "$ssl_cert_allow_empty_san$"
description = "Allow certificates without Subject Alternative Names (SANs)"
}
"-w" = {
value = "$ssl_cert_warn$"
description = "Minimum number of days a certificate has to be valid"
}
"-c" = {
value = "$ssl_cert_critical$"
description = "Minimum number of days a certificate has to be valid to issue a critical status"
}
}
vars.ssl_cert_selfsigned = true
vars.ssl_cert_noauth = true
vars.ssl_cert_ignore_maximum_validity = true
vars.ssl_cert_allow_empty_san = true
vars.ssl_cert_warn = 456
vars.ssl_cert_critical = 396
}
object CheckCommand "custom_ssl_cert" {
import "ipv4-or-ipv6"
command = [ PluginContribDir + "/check_ssl_cert" ]
arguments = {
"-H" = {
value = "$ssl_cert_address$"
description = "The host's address"
required = true
}
"-p" = {
value = "$ssl_cert_port$"
description = "TCP port number (default: 443)"
}
"-f" = {
value = "$ssl_cert_file$"
description = "Local file path (works with -H localhost only)"
}
"-w" = {
value = "$ssl_cert_warn$"
description = "Minimum number of days a certificate has to be valid"
}
"-c" = {
value = "$ssl_cert_critical$"
description = "Minimum number of days a certificate has to be valid to issue a critical status"
}
"-m" = {
value = "$ssl_cert_cn$"
description = "Pattern to match the CN of the certificate"
}
"--altnames" = {
set_if = "$ssl_cert_altnames$"
description = "Matches the pattern specified in -n with alternate"
}
"-i" = {
value = "$ssl_cert_issuer$"
description = "Pattern to match the issuer of the certificate"
}
"-o" = {
value = "$ssl_cert_org$"
description = "Pattern to match the organization of the certificate"
}
"-e" = {
value = "$ssl_cert_email$"
description = "Pattern to match the email address contained in the certificate"
}
"-N" = {
set_if = "$ssl_cert_match_host$"
description = "Match CN with the host name"
}
"--serial" = {
value = "$ssl_cert_serial$"
description = "Pattern to match the serial number"
}
"-A" = {
set_if = "$ssl_cert_noauth$"
description = "Ignore authority warnings (expiration only)"
}
"-s" = {
set_if = "$ssl_cert_selfsigned$"
description = "Allow self-signed certificate"
}
"--sni" = {
value = "$ssl_cert_sni$"
description = "Sets the TLS SNI (Server Name Indication) extension"
}
"-t" = {
value = "$ssl_cert_timeout$"
description = "Seconds before connection times out (default: 15)"
}
"-P" = {
value = "$ssl_cert_protocol$"
description = "Use the specific protocol {http|smtp|pop3|imap|ftp|xmpp|irc|ldap} (default: http)"
}
"--clientcert" = {
value = "$ssl_cert_clientcert$"
description = "Use client certificate to authenticate"
}
"--clientpass" = {
value = "$ssl_cert_clientpass$"
description = "Set passphrase for client certificate (for PKCS#12)"
}
"--clientkey" = {
value = "$ssl_cert_clientkey$"
description = "Use private key for client certificate to authenticate"
}
"-L" = {
value = "$ssl_cert_ssllabs$"
description = "SSL Labs assestment"
}
"--ignore-ssl-labs-cache" = {
set_if = "$ssl_cert_ssllabs_nocache$"
description = "Forces a new check by SSL Labs"
}
"-r" = {
value = "$ssl_cert_rootssl_cert$"
description = "Root certificate or directory to be used for certificate validation"
}
"--ssl2" = {
set_if = {{
return macro("$ssl_cert_ssl_version$") == "ssl2"
}}
}
"--ssl3" = {
set_if = {{
return macro("$ssl_cert_ssl_version$") == "ssl3"
}}
}
"--tls1" = {
set_if = {{
return macro("$ssl_cert_ssl_version$") == "tls1"
}}
}
"--tls1_1" = {
set_if = {{
return macro("$ssl_cert_ssl_version$") == "tls1_1"
}}
}
"--tls1_2" = {
set_if = {{
return macro("$ssl_cert_ssl_version$") == "tls1_2"
}}
}
"--no_ssl2" = {
set_if = {{
var disable_versions = macro("$ssl_cert_disable_ssl_versions$")
if (typeof(disable_versions) == String) {
disable_versions = [ disable_versions ]
}
return "ssl2" in disable_versions
}}
}
"--no_ssl3" = {
set_if = {{
var disable_versions = macro("$ssl_cert_disable_ssl_versions$")
if (typeof(disable_versions) == String) {
disable_versions = [ disable_versions ]
}
return "ssl3" in disable_versions
}}
}
"--no_tls1" = {
set_if = {{
var disable_versions = macro("$ssl_cert_disable_ssl_versions$")
if (typeof(disable_versions) == String) {
disable_versions = [ disable_versions ]
}
return "tls1" in disable_versions
}}
}
"--no_tls1_1" = {
set_if = {{
var disable_versions = macro("$ssl_cert_disable_ssl_versions$")
if (typeof(disable_versions) == String) {
disable_versions = [ disable_versions ]
}
return "tls1_1" in disable_versions
}}
}
"--no_tls1_2" = {
set_if = {{
var disable_versions = macro("$ssl_cert_disable_ssl_versions$")
if (typeof(disable_versions) == String) {
disable_versions = [ disable_versions ]
}
return "tls1_2" in disable_versions
}}
}
"--ecdsa" = {
set_if = {{
return macro("$ssl_cert_cipher$") == "ecdsa"
}}
description = "Cipher selection: force ECDSA authentication"
}
"--rsa" = {
set_if = {{
return macro("$ssl_cert_cipher$") == "rsa"
}}
description = "Cipher selection: force RSA authentication"
}
"--ignore-sig-alg" = {
set_if = "$ssl_cert_ignore_signature$"
description = "Do not check if the certificate was signed with SHA1 od MD5"
}
"--ignore-exp" = {
set_if = "$ssl_cert_ignore_expiration$"
description = "Ignore expiration date"
}
"--ignore-ocsp" = {
set_if = "$ssl_cert_ignore_ocsp$"
description = "Do not check revocation with OCSP"
}
"--ignore-sct" = {
set_if = "$ssl_cert_ignore_sct$"
description = "Do not check for signed certificate timestamps"
}
}
vars.ssl_cert_address = "$check_address$"
vars.ssl_cert_port = 443
}
/*
* Local command to check whether the current kernel is the latest installed
* kernel.
*/
object CheckCommand "kernel_status" {
command = [ LocalPluginDir + "/check_kernel_status" ]
}
/*
* Checks a local PostgreSQL database. You need to grant the given user
* (normally nagios, which is what Icinga is running as) privileges to connect
* the specified database (or 'template1') and optionally execute the specified
* query.
*/
object CheckCommand "pgsql_socket" {
command = [ PluginDir + "/check_pgsql" ]
arguments = {
"-d" = {
value = "$pgsql_database$"
description = "Database to check (default: template1)"
}
"-l" = {
value = "$pgsql_username$"
description = "Login name of user"
}
"-o" = {
value = "$pgsql_options$"
description = "Connection parameters (keyword = value), see below"
}
"-w" = {
value = "$pgsql_warning$"
description = "Response time to result in warning status (seconds)"
}
"-c" = {
value = "$pgsql_critical$"
description = "Response time to result in critical status (seconds)"
}
"-t" = {
value = "$pgsql_timeout$"
description = "Seconds before connection times out (default: 10)"
}
"-q" = {
value = "$pgsql_query$"
description = "SQL query to run. Only first column in first row will be read"
}
"-W" = {
value = "$pgsql_query_warning$"
description = "SQL query value to result in warning status (double)"
}
"-C" = {
value = "$pgsql_query_critical$"
description = "SQL query value to result in critical status (double)"
}
}
vars.pgsql_username = "nagios"
}
object CheckCommand "custom_systemd" {
command = [ PluginContribDir + "/check_systemd" ]
}
Reference in New Issue View Git Blame Copy Permalink