sensu-plugins-ssl-boutetnico
Advanced tools
This fork is automatically tested, built and published to RubyGems and Bonsai.
bin/check-ssl-anchor.rbCheck that a specific website is chained to a specific root certificate (Let's Encrypt for instance). Requires the openssl commandline tool to be available on the system.
./bin/check-ssl-anchor.rb -u example.com -a "i:/O=Digital Signature Trust Co./CN=DST Root CA X3"
bin/check-ssl-crl.rbChecks a CRL has not or is not expiring by inspecting it's next update value.
You can check against a CRL file on disk:
./bin/check-ssl-crl -c 300 -w 600 -u /path/to/crl
or an online CRL:
./bin/check-ssl-crl -c 300 -w 600 -u http://www.website.com/file.crl
Critical and Warning thresholds are specified in minutes.
bin/check-ssl-qualys.rbChecks the ssllabs qualysis api for grade of your server, this check can be quite long so it should not be scheduled with a low interval and will probably need to adjust the check timeout options per the check attributes spec based on my tests you should expect this to take around 3 minutes.
./bin/check-ssl-qualys.rb -d google.com
bin/check-ssl-root-issuer.rbCheck that a specific website is chained to a specific root certificate issuer. This is a pure Ruby implementation, does not require the openssl cmdline client tool to be installed.
./bin/check-ssl-root-issuer.rb -u example.com -a "CN=DST Root CA X3,O=Digital Signature Trust Co."
To run the testing suite, you'll need to have a working ruby environment, gem, and bundler installed. We use rake to run the rspec tests automatically.
bundle install
bundle update
bundle exec rake
bin/check-ssl-anchor.rb and bin/check-ssl-host.rb would be good to run in combination with each other to test that the chain is anchored to a specific certificate and each certificate in the chain is correctly signed.
FAQs
Unknown package
We found that sensu-plugins-ssl-boutetnico demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
React disclosed a CVSS 10.0 RCE in React Server Components and is advising users to upgrade affected packages and frameworks to patched versions now.
Research
/Security News
We spotted a wave of auto-generated “elf-*” npm packages published every two minutes from new accounts, with simple malware variants and early takedowns underway.
Research
/Security News
Malicious Rust crate evm-units disguised as an EVM version helper downloads and silently executes OS-specific payloads likely aimed at crypto theft.