- 實現目標:
-
- 自動發現域名,並監控證書過期時間;
-
- 當證書低於60天則觸發釘釘,郵件報警;
-
- 新增監控需在文件ssl_cert_list中增加域名,格式爲:"www.baidu.com 443"
- 實現步驟:
#!/usr/bin/python
# -*- coding: utf-8 -*-
import requests
import json
import sys
# 告警羣,測試環境
url = 'https://oapi.dingtalk.com/robot/send?access_token=XXXXXXXXXXXXXXXXXXXXXXX'
def send_msg(msg):
"""
發送消息的函數,這裏使用阿里的釘釘
:param msg: 要發送的消息
:return: 200 or False
"""
# url = url
program = {"msgtype": "text", "text": {"content": msg}, }
headers = {'Content-Type': 'application/json'}
try:
f = requests.post(url, data=json.dumps(program), headers=headers)
except Exception as e:
return False
return f.status_code
def main():
msg = sys.argv[1]
send_msg(msg)
if __name__ == '__main__':
main()
* 2. 測試能否正常發送釘釘報警
* 2. 增加域名監控腳本,需安裝openssl
#!/bin/bash
host=$1
port=$2
end_date=`/usr/bin/openssl s_client -servername $host -host $host -port $port -showcerts </dev/null 2>/dev/null |
sed -n '/BEGIN CERTIFICATE/,/END CERT/p' |
/usr/bin/openssl x509 -text 2>/dev/null |
sed -n 's/ *Not After : *//p'`
if [ -n "$end_date" ]
then
end_date_seconds=`date '+%s' --date "$end_date"`
now_seconds=`date '+%s'`
echo "($end_date_seconds-$now_seconds)/24/3600" | bc
fi
