I wrote a small script monitor my TLS certificates expiration.
The following is the output when I run /etc/update-motd.d/05-ssl in the terminal. The permissions on the script is 633 root
TLS certs Valid until
● facebook.com Thu Jun 06 2019
● google.com Tue Jun 18 2019
However when I log in via ssh my MOTD only shows
TLS certs Valid until
I suspect this is related to the piping I am doing in the last line when I print the output.
#!/bin/bash
ssl_domains="facebook.com google.com"
currentTime=$(date +%s)
output="TLS certs| Valid until"
for domain in $ssl_domains; do
certTime=$(openssl s_client -servername ${domain} -connect ${domain}:443 < /dev/null 2>/dev/null | openssl x509 -noout -enddate 2>/dev/null | cut -d= -f2)
certLineTime=$(date -d "${certTime}" +"%a %b %d %Y")
certTimestamp=$(date -d "${certTime}" +%s)
if [ "${certTimestamp}" -ge "${currentTime}" ]; then
sign="\e[36m●\e[0m"
else
sign="\e[1;33m▲\e[0m"
fi
output+="\n$sign $domain| $certLineTime"
done
echo -e "$output" | column -t -s '|'
Try adding
export LANG='en_US.UTF-8'
at the top of your script.
Related
I have a script that im trying to create an error message and timeout for if the openssl takes to long. Here is the script. Can anyone help me? I'm a little lost.
FILENAME=$1
while read -r ip; do
echo "${ip}"
echo -n | openssl s_client -connect "${ip}:443" -showcerts 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -noout -dates
done < <(cut -d "," -f2 $FILENAME | tail -n +2)
You could use timeout from gnu core utils package(manual)
Maybe do something like:
while read -r ip; do
timeout [timeout duration] [your ssl command]
if [ $? -eq 124 ]; then
echo FAIL
else
echo OK
fi
done
I have a log file that includes lines that are formatted like the following below. I am trying to create a script in Linux that will remove the lines older then x days from the current date.
Wed Jan 26 10:44:35 2022 : Auth: (72448) Login incorrect (mschap: MS-CHAP2-Response is incorrect): [martin.zeus] (from client CoreNetwork port 0 via TLS tunnel)
Wed Jan 16 10:45:32 2022 : Auth: (72482) Login OK: [george.kye] (from client CoreNetwork port 5 cli CA-93-F0-6C-7E-77)
I think you should take a look at logrotate and Kibana & Elastic search to parse and filter the logs.
Nevertheless, I made a simple script that prints only the entries from the day that you pass as an argument until the current date,
E.g. This will print only the logs since the last 5 days. bash filter.sh log.txt 5
#!/usr/bin/env bash
file="${1}"
days="${2:-1}"
epoch_days=$(date -d "now -${days} days" +%s)
OFS=$IFS
IFS=$'\n'
while read line; do
epoch_log=$(date --date="$(echo $line | cut -d':' -f1,2,3)" +%s)
if [ ${epoch_log} -ge ${epoch_days} ]; then
echo ${line}
fi
done < ${file}
IFS=$OFS
I am trying to run mailx after remoting into another linux box, but for some reason the command doesn't work. I also want to add the content of a csv file in the mail I am trying to send, but it is not working.
SERVER=host1
rm conncheck.csv
`netstat -na 63.111.184.111 442|grep "ESTABLISHED"|grep "63.111.184.111:442" >> conncheck.csv`
`netstat -na 63.111.184.201 572|grep "ESTABLISHED"|grep "63.111.184.201:572" >> conncheck.csv`
wordcount=`grep "ESTABLISHED" conncheck.csv|wc -l`
if [ $wordcount == 2 ]; then
`scp conncheck.csv $SERVER:/tmp/`
ssh -o "StrictHostKeyChecking=no" $SERVER `cat /tmp/conncheck.csv | mailx -s "LiquidityFIX connection is up" recepient#email.com < /dev/null'
else
ssh -o "StrictHostKeyChecking=no" $SERVER mailx -s 'LiquidityFIX connection is down <eom>' recepient#email.com < /dev/null'
fi
~
I think I am getting the command incorrect. Kindly advise how to get this working
in this line:
ssh -o "StrictHostKeyChecking=no" $SERVER `cat /tmp/conncheck.csv | mailx -s "LiquidityFIX connection is up" recepient#email.com < /dev/null'
you need to change the ` to ' right before the cat
I am currently grabbing the date from an http header using this command:
wget --no-cache -S -O /dev/null google.com 2>&1 | sed -n -e 's/ *Date: *//p' -eT -eq
It's output is: Thu, 26 Oct 2017 20:19:57 GMT
I then need to convert this output to an accepted input that the BusyBox date command will accept, i.e.:
date --set="YYYY-MM-DD HH:MM:SS"
I am trying to automate the testing of passwordless ssh from 72 remote servers back to a central server. I have central server passwordless ssh working to the 72 servers, but need it working from them back the the central server.
The 72 servers have one of two ssh versions.
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
OR
sshg3: SSH Tectia Client 6.1.8 on x86_64-unknown-linux-gnu Build: 136 Product: SSH Tectia Client License type: commercial
The issue I am experience is trying to save ssh -V into a variable, it seems that it does not print to STDOUT. Thus my attempts below are failing.
ssh -V > someFile.txt
ssh_version=$(ssh -V)
How can I easily save output of ssh -V so that the appropriate ssh batch option can be called?
Below is the script I am using for remote testing.
#!/bin/sh
ssh -V > /tmp/ssh_version_check.txt
cat /tmp/ssh_version_check.txt | grep "OpenSSH"
rc=$?
if [[ $rc == 0 ]]
then
ssh -o BatchMode=yes <central_server> "test -d /tmp"
rc=$?
if [[ $rc != 0 ]]
then
echo "$(hostname) failed" >> /tmp/failed_ssh_test.txt
fi
else
ssh -B <central_server> "test -d /tmp"
rc=$?
if [[ $rc != 0 ]]
then
echo "$(hostname) failed" >> /tmp/failed_ssh_test.txt
fi
fi
ssh -V outputs to STDERR, not STDOUT.
Instead of saying
ssh -V > /tmp/ssh_version_check.txt
say
ssh -V >& /tmp/ssh_version_check.txt
or
ssh -V > /tmp/ssh_version_check.txt 2>&1
In order to save to a variable, say:
ssh_version=$(ssh -V 2>&1)