mccarthyp-snet/show_ssl_expire

## show_ssl_expire
#!/bin/bash

# Test for OpenSSL - if not installed stop here.
if ! [[ -x $(which openssl) ]]; then
  printf "\nOpenSSL not found or not executable.\nPlease install OpenSSL before proceeding.\n\n"
  exit 1
fi

### user adjustable variables ###
# 30 days is default on warnings - overidden on command line with '-d':
days_to_warn=30

### Clear/list/set defaults for variables ###
epoch_day=86400
epoch_warning=$((days_to_warn * epoch_day))
expire="0"
files=$(find /opt/splunk/etc/auth -type f -not -name "*.py" -not -name "README" | sort)

#FUNCTIONS

print_line() {
  echo "--------------------------------------------------------------------------------"
}

check_expiry() {
  expire="0"
  # use epoch times for calcs/compares
  today_epoch="$(date +%s)"

  expire_date=$(openssl x509 -in "$file" -noout -dates 2>/dev/null |
    awk -F= '/^notAfter/ { print $2; exit }')

  if [[ -n $expire_date ]]; then # -> found date-process it:
    expire_epoch=$(date +%s -d "$expire_date")
    timeleft=$((expire_epoch - today_epoch))
    if [[ $timeleft -le $epoch_warning ]]; then # WARN
      expire="1"
    fi
    if [[ $today_epoch -ge $expire_epoch ]]; then # EXPIRE
      expire="2"
    fi
  else
    expire="3"
    expire_date="N/A                     "
  fi
}

output_site() {
  check_expiry
  if [[ $expire == "1" ]]; then
    printf "\e[33m" # YELLOW OUTPUT - warning
  elif [[ $expire == "2" ]]; then
    printf "\e[31m" # RED OUTPUT - expired
  elif [[ $expire == "3" ]]; then
    printf "\e[0m" # NO COLOR - NOT FOUND
  else
    printf "\e[32m" # GREEN OUTPUT
  fi
  printf "%s\e[0m\n" "$file"
  printf "%s\n" "$expire_date"
  if [[ -n "${splunk_conf_files}" ]]; then
    printf "%s\n" "$splunk_conf_files"
  fi
  print_line
}

# MAIN

printf "Warning is %s days.\n" "$days_to_warn"
print_line

for file in $files; do
  filename=$(basename -- "$file")
  splunk_conf_files=$(find /opt/splunk/etc -type f -name "*.conf" -exec grep "$filename" {} +)
  output_site
done

[[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1
	#!/bin/bash

	# Test for OpenSSL - if not installed stop here.
	if ! [[ -x $(which openssl) ]]; then
	printf "\nOpenSSL not found or not executable.\nPlease install OpenSSL before proceeding.\n\n"
	exit 1
	fi

	### user adjustable variables ###
	# 30 days is default on warnings - overidden on command line with '-d':
	days_to_warn=30

	### Clear/list/set defaults for variables ###
	epoch_day=86400
	epoch_warning=$((days_to_warn * epoch_day))
	expire="0"
	files=$(find /opt/splunk/etc/auth -type f -not -name "*.py" -not -name "README" \| sort)

	#FUNCTIONS

	print_line() {
	echo "--------------------------------------------------------------------------------"
	}

	check_expiry() {
	expire="0"
	# use epoch times for calcs/compares
	today_epoch="$(date +%s)"

	expire_date=$(openssl x509 -in "$file" -noout -dates 2>/dev/null \|
	awk -F= '/^notAfter/ { print $2; exit }')

	if [[ -n $expire_date ]]; then # -> found date-process it:
	expire_epoch=$(date +%s -d "$expire_date")
	timeleft=$((expire_epoch - today_epoch))
	if [[ $timeleft -le $epoch_warning ]]; then # WARN
	expire="1"
	fi
	if [[ $today_epoch -ge $expire_epoch ]]; then # EXPIRE
	expire="2"
	fi
	else
	expire="3"
	expire_date="N/A "
	fi
	}

	output_site() {
	check_expiry
	if [[ $expire == "1" ]]; then
	printf "\e[33m" # YELLOW OUTPUT - warning
	elif [[ $expire == "2" ]]; then
	printf "\e[31m" # RED OUTPUT - expired
	elif [[ $expire == "3" ]]; then
	printf "\e[0m" # NO COLOR - NOT FOUND
	else
	printf "\e[32m" # GREEN OUTPUT
	fi
	printf "%s\e[0m\n" "$file"
	printf "%s\n" "$expire_date"
	if [[ -n "${splunk_conf_files}" ]]; then
	printf "%s\n" "$splunk_conf_files"
	fi
	print_line
	}

	# MAIN

	printf "Warning is %s days.\n" "$days_to_warn"
	print_line

	for file in $files; do
	filename=$(basename -- "$file")
	splunk_conf_files=$(find /opt/splunk/etc -type f -name "*.conf" -exec grep "$filename" {} +)
	output_site
	done

	[[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 \|\| return 1