shell/certificate
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: shell:v0.5
Branches Tags
shell:main
shell:v1.0 shell:v0.5
...
compare: shell:main
Branches Tags
shell:main
shell:v1.0 shell:v0.5

8 Commits
v0.5 ... main

Author SHA1 Message Date
Bruno21
54b127e809 bugfix 2025-03-25 07:56:29 +01:00
Bruno21
baeda13edd hosts list 
array in source code or external file
 2024-11-02 12:53:06 +01:00
Bruno21
ca572b13b4 Bugfix 
when sending notification
 2024-11-02 12:52:11 +01:00
Bruno21
71881ab882 Update README.md 2024-11-02 12:50:36 +01:00
Bruno21
9817beaad9 v1.0 2024-11-02 11:20:44 +01:00
Bruno21
63c7790782 Clean code 
and anonymise
 2024-11-02 11:18:27 +01:00
Bruno21
ea50bd8613 Anonymise validity.sh 
-put variables in $HOME/.env
-put list of domains in an validity_domains.txt file
 2024-11-02 11:09:42 +01:00
Bruno21
dc4987b75b Minor bugfix 
-N’affiche pas le rappel des sites down en cas d’url unique
-Corrections cosmétiques
 2024-11-02 07:30:42 +01:00
3 changed files with 145 additions and 76 deletions
Expand all files Collapse all files

46
README.md Normal file
View File

@@ -0,0 +1,46 @@
# certificate
Bash scripts to check whether a site is available or not, and whether the certificate is valid or not.
#### 1) urls_check.sh
Usage: urls_check.sh
1. Check whether the certificate is valid or not, using <u>showcert</u> (pip install showcert) if available, else use <u>openssl.</u>
2. Check if the url is up or down with it's http_code.
Required the <u>urls_list.txt</u> file that contain a list of domains:
```bash
#https://notif.domain.com
#https://ntfy.domain.com
https://paperlessngx.domain.com
https://pastebin.domain.com
# comment line to disable checking this url
```
Required the <u>status.txt</u> file to give information about the http code returned.
```bash
302;Found;https://developer.mozilla.org/fr/docs/Web/HTTP/Status/302
```
#### 2) validity.sh
Usage: ./validity.sh
Check whether the certificate is valid or not, using <u>showcert</u> (pip install showcert) if available, else use <u>openssl.</u>
Required the <u>validity_domains.txt</u> file that contain a list of domains:
```bash
domain1.com
domain2.fr
```
or edit the hosts() array in source code.

93
urls_check.sh
View File

@@ -1,4 +1,9 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# Check SSL certificates and http codes for key domains
#
# Run: ./url_check.sh
VERSION="v1.0"
italic="\033[3m" italic="\033[3m"
underline="\033[4m" underline="\033[4m"
@@ -29,6 +34,7 @@ port=443
nday=15 nday=15
# Choose the notification (pushover or gotify) # Choose the notification (pushover or gotify)
notif="pushover" notif="pushover"
x=0
not_required_domains="$HOME/Documents/Scripts/pihole/sync_pihole_lan.sh" not_required_domains="$HOME/Documents/Scripts/pihole/sync_pihole_lan.sh"
@@ -38,15 +44,24 @@ dotenv () {
# shellcheck disable=SC1091 # shellcheck disable=SC1091
[ -f "$HOME/.env" ] && . "$HOME/.env" || echo -e "${red}\nNo .env file found ! Could'nt get update from Github or send notification.'.${reset}" [ -f "$HOME/.env" ] && . "$HOME/.env" || echo -e "${red}\nNo .env file found ! Could'nt get update from Github or send notification.'.${reset}"
set +a set +a
#
# Gotify: $GOTIFY_SERVER (server url), $GOTIFY_BASH (token)
# Pushover: $USER_KEY$ (user) $BASH_APP (token)
} }
dotenv dotenv
### Variables for self updating
ScriptArgs=( "$@" )
ScriptPath="$(readlink -f "$0")"
ScriptWorkDir="$(dirname "$ScriptPath")"
send_gotify_notification() { send_gotify_notification() {
# Enabled HSTS & created default WebSocket records in the DSM 7.2 reverse proxy window and it solved itself. # Enabled HSTS & created default WebSocket records in the DSM 7.2 reverse proxy window and it solved itself.
now=$(date +"%d-%m-%Y %T") now=$(date +"%d-%m-%Y %T")
gotify_server="https://gotify.maboiteverte.fr" gotify_server="$GOTIFY_SERVER"
gotify_token="$GOTIFY_BASH" gotify_token="$GOTIFY_BASH"
TITLE="$1" TITLE="$1"
MESSAGE="$2" MESSAGE="$2"
@@ -65,6 +80,7 @@ send_gotify_notification() {
send_pushover_notification() { send_pushover_notification() {
echo -e "Sending Pushover notification ..." echo -e "Sending Pushover notification ..."
curl -S -s -o /dev/null -F "token=$BASH_APP" \ curl -S -s -o /dev/null -F "token=$BASH_APP" \
-F "user=$USER_KEY" \ -F "user=$USER_KEY" \
-F "title=$1" \ -F "title=$1" \
@@ -78,11 +94,11 @@ send_pushover_notification() {
} }
status_error() { status_error() {
info_code=$(grep "$1" ./status.txt) info_code=$(grep "$1" "$ScriptWorkDir/status.txt")
status_code=$(echo "$info_code" | awk -F";" '{print $1}') status_code=$(echo "$info_code" | awk -F";" '{print $1}')
status_title=$(echo "$info_code" | awk -F";" '{print $2}') status_title=$(echo "$info_code" | awk -F";" '{print $2}')
status_url=$(echo "$info_code" | awk -F";" '{print $3}') status_url=$(echo "$info_code" | awk -F";" '{print $3}')
printf " %-3s %-25s %-95s \n" $status_code "$status_title" "$status_url" printf "%-3s %-25s %-95s" $status_code "$status_title" "$status_url"
} }
display_help() { display_help() {
@@ -105,19 +121,9 @@ display_help() {
echo -e "https://www.domain2.com" echo -e "https://www.domain2.com"
echo -e "${italic}Add a # to ignore url${reset}" echo -e "${italic}Add a # to ignore url${reset}"
echo echo
# echo some stuff here for the -a or --add-options
exit 1 exit 1
} }
: << 'COMMENTS'
while [[ "$#" -gt 0 ]]; do
case $1 in
-h|--help) display_help; shift ;;
*) echo "Unknown parameter passed: $1" ;;
esac
shift
done
COMMENTS
optspec=":u:h-:" optspec=":u:h-:"
while getopts "$optspec" opt while getopts "$optspec" opt
@@ -130,7 +136,6 @@ do
;; ;;
url=*) url=*)
url=${OPTARG#*=} url=${OPTARG#*=}
#opt=${OPTARG%=$file}
opt="$(printf "%s\n" "${OPTARG}" | cut -d'=' -f1 )" ; url="$(printf "%s\n" "${OPTARG}" | cut -d'=' -f2-)" opt="$(printf "%s\n" "${OPTARG}" | cut -d'=' -f1 )" ; url="$(printf "%s\n" "${OPTARG}" | cut -d'=' -f2-)"
;; ;;
*) *)
@@ -155,22 +160,21 @@ done
shift "$((OPTIND-1))" shift "$((OPTIND-1))"
command -v showcertif >/dev/null 2>&1 || { echo -e "${bold}showcert${reset} is not installed ${italic}(pip install showcert)${reset}. ${bold}openssl${reset} will be used.\n" >&2; } command -v showcert >/dev/null 2>&1 || { echo -e "${bold}showcert${reset} is not installed ${italic}(pip install showcert)${reset}. ${bold}openssl${reset} will be used.\n" >&2; }
regex='(https?|ftp|file)://[-[:alnum:]\+&@#/%?=~_|!:,.;]+' regex='(https?|ftp|file)://[-[:alnum:]\+&@#/%?=~_|!:,.;]+'
if [[ $url =~ $regex ]]; then if [[ $url =~ $regex ]]; then
# L'URL passé en argument est checkée # L'URL passé en argument est checkée
urls+=("$url") urls+=("$url")
x=1
else else
# Chargement de la liste des urls depuis urls_list.txt # Chargement de la liste des urls depuis urls_list.txt
while read -r line while read -r line
do do
[ ${line:0:1} != "#" ] && urls+=("$line") [ ${line:0:1} != "#" ] && urls+=("$line")
done < ./urls_list.txt done < "$ScriptWorkDir/urls_list.txt"
# Ajout des domaines non-requis # Ajout des domaines non-requis
@@ -191,7 +195,6 @@ else
echo "Domain like drive.photos-nas.ovh won't be checked.'" echo "Domain like drive.photos-nas.ovh won't be checked.'"
fi fi
# Tri du tableau d'urls # Tri du tableau d'urls
IFS=$'\n' sorted=($(sort <<<"${urls[*]}")) IFS=$'\n' sorted=($(sort <<<"${urls[*]}"))
@@ -199,10 +202,11 @@ else
fi fi
# On efface la liste des urls down # On efface la liste des urls down
[ -f "./urls_down_list_curl.txt" ] && rm "./urls_down_list_curl.txt" [ -f "$ScriptWorkDir/urls_down_list_curl.txt" ] && rm "$ScriptWorkDir/urls_down_list_curl.txt"
[ -f "./certificats_outdated.txt" ] && rm "./certificats_outdated.txt" [ -f "$ScriptWorkDir/certificats_outdated.txt" ] && rm "$ScriptWorkDir/certificats_outdated.txt"
check_url() { check_url() {
@@ -217,7 +221,7 @@ check_url() {
else else
echo -e "${redbold}$2. $1 is down${reset} ($response)" echo -e "${redbold}$2. $1 is down${reset} ($response)"
echo "$1 is down ($response)" >> urls_down_list_curl.txt echo "$1 is down ($response)" >> $ScriptWorkDir/urls_down_list_curl.txt
# Affichage et description de l'erreur # Affichage et description de l'erreur
status_error "$response" status_error "$response"
@@ -235,7 +239,7 @@ info_certif() {
domain=$(echo "$1" | grep -Eo '^http[s]?://[^/]+' | cut -c 9- ) domain=$(echo "$1" | grep -Eo '^http[s]?://[^/]+' | cut -c 9- )
if command -v showcertif >/dev/null 2>&1; then if command -v showcert >/dev/null 2>&1; then
cert=$(showcert "$domain") cert=$(showcert "$domain")
@@ -281,11 +285,11 @@ info_certif() {
array_names+=("$names") array_names+=("$names")
#echo "Domain: $domain" >> certificats_outdated.txt #echo "Domain: $domain" >> certificats_outdated.txt
echo "Names: $names" >> certificats_outdated.txt echo "Names: $names" >> $ScriptWorkDir/certificats_outdated.txt
echo "Issuer: $issuer" >> certificats_outdated.txt echo "Issuer: $issuer" >> $ScriptWorkDir/certificats_outdated.txt
echo "Date début: $start" >> certificats_outdated.txt echo "Date début: $start" >> $ScriptWorkDir/certificats_outdated.txt
echo "Date fin: $end" >> certificats_outdated.txt echo "Date fin: $end" >> $ScriptWorkDir/certificats_outdated.txt
echo "" >> certificats_outdated.txt echo "" >> $ScriptWorkDir/certificats_outdated.txt
fi fi
fi fi
@@ -313,29 +317,29 @@ done
# Affichage des serveurs qui ne répondent pas # Affichage des serveurs qui ne répondent pas
if [ -f "./urls_down_list_curl.txt" ]; then if [ -f "$ScriptWorkDir/urls_down_list_curl.txt" ]; then
echo -e "\n${redbold}Url down: ${reset}" cp "$ScriptWorkDir/urls_down_list_curl.txt" $ScriptWorkDir/urls_down_list_curl.bak
url_down=$(cat "$ScriptWorkDir/urls_down_list_curl.txt")
cp "./urls_down_list_curl.txt" urls_down_list_curl.bak if [ "$x" -ne 1 ]; then
url_down=$(cat "./urls_down_list_curl.txt") echo -e "\n${redbold}Url down: ${reset}"
echo -e "$url_down\n" echo -e "$url_down"
# On affiche uniquement les erreurs rencontrées # On affiche uniquement les erreurs rencontrées
for val in ${!array_responses[@]} for val in ${!array_responses[@]}
do do
a="${array_responses[$val]}" a="${array_responses[$val]}"
status_error "$a" status_error "$a"
done done
echo "" echo -e "\n"
fi
if [ "$notif" == "gotify" ];then if [ "$notif" == "gotify" ];then
msg_md="$url_down" msg_md="$url_down"
# MESSAGE="**A new version of Pi-hole is available:**\n\n $msg_md\n\n $infos\n\n Please run *pihole -up* on $host to update !"
send_gotify_notification "Several url are down !" "$msg_md" send_gotify_notification "Several url are down !" "$msg_md"
elif [ "$notif" == "pushover" ];then elif [ "$notif" == "pushover" ];then
msg_html="$url_down" msg_html="$url_down"
send_pushover_notification "Several url are down !" "$msg_html" send_pushover_notification "Several url are down !" "$msg_html"
#pushover -a "bash" -m "A new version of Pi-hole is available: <br /> $msg_html <br /> $infos_html <br /> Please run <b>pihole -up</b> on $host to update" -p 2 -f 1
fi fi
else else
@@ -348,21 +352,18 @@ fi
if [ -f "./certificats_outdated.txt" ]; then if [ -f "./certificats_outdated.txt" ]; then
echo -e "\n${redbold}Certificat outdated: ${reset}" echo -e "\n${redbold}Certificat outdated: ${reset}"
certif_outdated=$(cat "./certificats_outdated.txt") certif_outdated=$(cat "$ScriptWorkDir/certificats_outdated.txt")
echo -e "$certif_outdated\n" echo -e "$certif_outdated\n"
if [ "$notif" == "gotify" ];then if [ "$notif" == "gotify" ];then
msg_md="$certif_outdated" msg_md="$certif_outdated"
# MESSAGE="**A new version of Pi-hole is available:**\n\n $msg_md\n\n $infos\n\n Please run *pihole -up* on $host to update !"
send_gotify_notification "Several certificats are outdated !" "$msg_md" send_gotify_notification "Several certificats are outdated !" "$msg_md"
elif [ "$notif" == "pushover" ];then elif [ "$notif" == "pushover" ];then
msg_html="$certif_outdated" msg_html="$certif_outdated"
send_pushover_notification "Several certificats are outdated !" "$msg_html" send_pushover_notification "Several certificats are outdated !" "$msg_html"
#pushover -a "bash" -m "A new version of Pi-hole is available: <br /> $msg_html <br /> $infos_html <br /> Please run <b>pihole -up</b> on $host to update" -p 2 -f 1
fi fi
else else
echo -e "${green}\nNo certificat outdated !${reset}" echo -e "${green}\nNo certificat outdated !${reset}"
fi fi
# curl --write-out "%{json}" https://nextcloud.photos-nas.ovh | jq

76
validity.sh
View File

@@ -3,9 +3,10 @@
# #
# Run: ./validity.sh # Run: ./validity.sh
VERSION="v0.9" VERSION="v1.0"
red="\033[1;31m" redbold="\033[1;31m"
red="\033[10;31m"
greenbold="\033[1;32m" greenbold="\033[1;32m"
green="\033[0;32m" green="\033[0;32m"
yellow="\033[0;33m" yellow="\033[0;33m"
@@ -16,7 +17,6 @@ italic="\033[3m"
underline="\033[4m" underline="\033[4m"
reset="\033[0m" reset="\033[0m"
#echo | openssl s_client -servername maboiteverte.fr -connect maboiteverte.fr:443 2>/dev/null | openssl x509 -noout -issuer -subject -dates
#export PATH="/usr/local/bin:$PATH" #export PATH="/usr/local/bin:$PATH"
# run by cron $PATH=/usr/bin:/bin # run by cron $PATH=/usr/bin:/bin
@@ -30,31 +30,47 @@ if [ $? -eq 1 ]; then
exit 1 exit 1
fi fi
hosts=("maboiteverte.fr" "sur-le-sentier.fr" "photos-nas.ovh" "clicclac.info")
#hosts=("maboiteverte.fr")
port=443
# Days left before notification
nday=15
# Choose the notification
notif="pushover"
dotenv () { dotenv () {
set -a set -a
# shellcheck disable=SC1091 # shellcheck disable=SC1091
[ -f "$HOME/.env" ] && . "$HOME/.env" || echo -e "${red}\nNo .env file found ! No token for gotify.${reset}" [ -f "$HOME/.env" ] && . "$HOME/.env" || echo -e "${red}\nNo .env file found ! No token for gotify.${reset}"
set +a set +a
#
# Gotify: $GOTIFY_SERVER (server url), $GOTIFY_BASH (token)
# Pushover: $USER_KEY$ (user) $BASH_APP (token)
} }
dotenv dotenv
### Variables for self updating
ScriptArgs=( "$@" )
ScriptPath="$(readlink -f "$0")" # /Users/bruno/Documents/Scripts/bashbirds/bashbirds.sh
ScriptWorkDir="$(dirname "$ScriptPath")" # /Users/bruno/Documents/Scripts/bashbirds
### Domains to check ###
#hosts=("domain.com")
hosts=()
#if [ ${#hosts[@]} -eq 0 ]; then
if [ -f "$ScriptWorkDir/validity_domains.txt" ]; then
readarray -t hosts < "$ScriptWorkDir/validity_domains.txt"
else echo -e "${red}No domain to check !${reset}"
fi
#fi
port=443
# Days left before notification
nday=15
# Choose the notification (pushover or gotify)
notif="pushover"
send_gotify_notification() { send_gotify_notification() {
# Enabled HSTS & created default WebSocket records in the DSM 7.2 reverse proxy window and it solved itself. # Enabled HSTS & created default WebSocket records in the DSM 7.2 reverse proxy window and it solved itself.
now=$(date +"%d-%m-%Y %T") now=$(date +"%d-%m-%Y %T")
gotify_server="https://gotify.maboiteverte.fr" gotify_server="$GOTIFY_SERVER"
gotify_token="$GOTIFY_BASH" gotify_token="$GOTIFY_BASH"
TITLE="$1" TITLE="$1"
MESSAGE="**A new version of Pi-hole is available:**\n\n $msg_md\n\n $infos\n\n Please run *pihole -up* on $host to update !" MESSAGE="$2"
PRIORITY=8 PRIORITY=8
URL="$gotify_server/message?token=$gotify_token&?format=markdown" URL="$gotify_server/message?token=$gotify_token&?format=markdown"
@@ -84,9 +100,24 @@ send_pushover_notification() {
for host in "${hosts[@]}"; do for host in "${hosts[@]}"; do
if command -v showcertif >/dev/null 2>&1; then
url="https://$host"
response=$(curl --connect-timeout 10 --max-time 10 --retry 3 --retry-delay 0 --retry-max-time 30 --write-out '%{http_code}' --silent --output /dev/null "$url")
if [ $(grep -w "200\|301\|302\|303\|307" <<< "$response") ];then
if command -v showcert >/dev/null 2>&1; then
cert=$(showcert $host) cert=$(showcert $host)
: << 'COMMENTS2'
error=$(echo "$cert" | grep "Verification error (use -i)")
if [ -n "$error" ]; then
echo -e "${redbold}$error${reset}\n${italic}Trying showcert -i $host${reset}"
cert=$(showcert -i $host)
fi
COMMENTS2
ip=$(echo "$cert" | grep IP | awk -F": " '{print $2}') ip=$(echo "$cert" | grep IP | awk -F": " '{print $2}')
names=$(echo "$cert" | grep Names | awk -F": " '{print $2}') names=$(echo "$cert" | grep Names | awk -F": " '{print $2}')
issuer=$(echo "$cert" | grep Issuer | awk -F": " '{print $2}') issuer=$(echo "$cert" | grep Issuer | awk -F": " '{print $2}')
@@ -94,14 +125,6 @@ for host in "${hosts[@]}"; do
end=$(echo "$cert" | grep notAfter | awk -F": " '{print $2}') end=$(echo "$cert" | grep notAfter | awk -F": " '{print $2}')
left=$(echo "$end" | awk -F" " '{split($3, arr, "[()]"); print arr[2]}') left=$(echo "$end" | awk -F" " '{split($3, arr, "[()]"); print arr[2]}')
# maboiteverte.fr
# IP: 212.227.191.167
# Names: *.maboiteverte.fr maboiteverte.fr
# notBefore: 2024-01-08 00:00:00 (298 days old)
# notAfter: 2025-01-27 23:59:59 (87 days left)
# Issuer: C=US O=DigiCert Inc OU=www.digicert.com CN=Encryption Everywhere DV TLS CA - G2
# Tags: [CHAIN-VERIFIED]
h="$host ($ip)" h="$host ($ip)"
n="Names: $names" n="Names: $names"
i="Issuer: $issuer" i="Issuer: $issuer"
@@ -122,12 +145,7 @@ for host in "${hosts[@]}"; do
timestamp_end=$(date --date="$end" +"%s") timestamp_end=$(date --date="$end" +"%s")
left=$(($((timestamp_end - timestamp_current))/(60*60*24))) left=$(($((timestamp_end - timestamp_current))/(60*60*24)))
end="$end ($left days left)" end="$end ($left days left)"
ip=$(dig +short $host) ip=$(dig +short $host)
# issuer=C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G2
# subject=CN=*.maboiteverte.fr
# notBefore=Jan 8 00:00:00 2024 GMT
# notAfter=Jan 27 23:59:59 2025 GMT
h="$host ($ip)" h="$host ($ip)"
n="Subject: $subject" n="Subject: $subject"
@@ -161,4 +179,8 @@ for host in "${hosts[@]}"; do
echo -e "\n" echo -e "\n"
sleep 1 sleep 1
else
echo -e "${red}$host is offline !${reset}"
fi
done done