Security News
Follow-up and Clarification on Recent Malicious Ruby Gems Campaign
A clarification on our recent research investigating 60 malicious Ruby gems.
By Sarah Gooding - Aug 22, 2025
sensu-plugins-ssl
Sensu-Plugins-SSL
Sensu Asset
The Sensu assets packaged from this repository are built against the Sensu Ruby runtime environment. When using these assets as part of a Sensu Go resource (check, mutator or handler), make sure you include the corresponding Sensu Ruby runtime asset in the list of assets needed by the resource. The current ruby-runtime assets can be found here in the Bonsai Asset Index.
Functionality
Files
- bin/check-java-keystore-cert.rb
- bin/check-ssl-anchor.rb
- bin/check-ssl-crl.rb
- bin/check-ssl-cert.rb
- bin/check-ssl-host.rb
- bin/check-ssl-hsts-preload.rb
- bin/check-ssl-hsts-preloadable.rb
- bin/check-ssl-qualys.rb
- bin/check-ssl-root-issuer.rb
Usage
bin/check-ssl-anchor.rb
Check that a specific website is chained to a specific root certificate (Let's Encrypt for instance). Requires the openssl commandline tool to be available on the system.
./bin/check-ssl-anchor.rb -u example.com -a "i:/O=Digital Signature Trust Co./CN=DST Root CA X3"
bin/check-ssl-crl.rb
Checks a CRL has not or is not expiring by inspecting it's next update value.
You can check against a CRL file on disk:
./bin/check-ssl-crl -c 300 -w 600 -u /path/to/crl
or an online CRL:
./bin/check-ssl-crl -c 300 -w 600 -u http://www.website.com/file.crl
Critical and Warning thresholds are specified in minutes.
bin/check-ssl-qualys.rb
Checks the ssllabs qualysis api for grade of your server, this check can be quite long so it should not be scheduled with a low interval and will probably need to adjust the check timeout options per the check attributes spec based on my tests you should expect this to take around 3 minutes.
./bin/check-ssl-qualys.rb -d google.com
bin/check-ssl-root-issuer.rb
Check that a specific website is chained to a specific root certificate issuer. This is a pure Ruby implementation, does not require the openssl cmdline client tool to be installed.
./bin/check-ssl-root-issuer.rb -u example.com -a "CN=DST Root CA X3,O=Digital Signature Trust Co."
Installation
Testing
To run the testing suite, you'll need to have a working ruby environment, gem, and bundler installed. We use rake to run the rspec tests automatically.
bundle install
bundle update
bundle exec rake
Notes
bin/check-ssl-anchor.rb and bin/check-ssl-host.rb would be good to run in combination with each other to test that the chain is anchored to a specific certificate and each certificate in the chain is correctly signed.
FAQs
Unknown package
We found that sensu-plugins-ssl demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 27 Aug 2020
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
ESLint Adds Support for Parallel Linting, Closing 10-Year-Old Feature Request
ESLint now supports parallel linting with a new --concurrency flag, delivering major speed gains and closing a 10-year-old feature request.
By Sarah Gooding - Aug 22, 2025
Research
/Security News
Malicious Go Module Disguised as SSH Brute Forcer Exfiltrates Credentials via Telegram
A malicious Go module posing as an SSH brute forcer exfiltrates stolen credentials to a Telegram bot controlled by a Russian-speaking threat actor.
By Kirill Boychenko - Aug 21, 2025