add scripts

author: Christian Hesse <mail@eworm.de> 2018-07-05 15:29:26 +0200
committer: Christian Hesse <mail@eworm.de> 2018-07-05 15:34:08 +0200
commit: e1f134ead584c7b2e9ed406f5520d7f1a23294aa (patch)
tree: 929660280fb0acc183401d7e59a40f1cd7e8992c /check-certificates
parent: 1d99dc38ff1f583d6e46adc5d1ba3455114d53c1 (diff)
1 files changed, 52 insertions, 0 deletions
diff --git a/check-certificates b/check-certificates
new file mode 100644
index 0000000..925187d
--- /dev/null
+++ b/check-certificates
@@ -0,0 +1,52 @@
+# RouterOS script: check-certificates
+# Copyright (c) 2013-2018 Christian Hesse <mail@eworm.de>
+#
+# check for certificate validity
+
+:global "identity";
+:global "email-general-to";
+:global "email-general-cc";
+
+:local months ("jan","feb","mar","apr","may","jun","jul","aug","sep","oct","nov","dec");
+
+:local currentdate [ / system clock get date ];
+
+:local currentmonthstr [ :pick $currentdate 0 3 ];
+:local currentday [ :pick $currentdate 4 6 ];
+:local currentyear [ :pick $currentdate 7 11 ];
+:local currentmonth ([ :find $months $currentmonthstr -1 ] + 1);
+:local currentstamp ($currentyear * 365 + $currentmonth * 30 + $currentday);
+
+:foreach cert in=[ / certificate find where !revoked ] do={
+  :local certname [ / certificate get $cert name ];
+  :local invaliddate [ / certificate get $cert invalid-after ];
+
+  :if ([ :len $invaliddate ] > 0) do={
+    :local invalidmonthstr [ :pick $invaliddate 0 3 ];
+    :local invalidday [ :pick $invaliddate 4 6 ];
+    :local invalidyear [ :pick $invaliddate 7 11 ];
+    :local invalidmonth ([ :find $months $invalidmonthstr -1 ] + 1);
+    :local invalidstamp ($invalidyear * 365 + invalidmonth * 30 + invalidday);
+
+    :local remaining ($invalidstamp - $currentstamp);
+
+    :if ($remaining < 15) do={
+      :local commonname [ / certificate get $cert common-name ];
+      :local fingerprint [ / certificate get $cert fingerprint ];
+      :local invalidbefore [ / certificate get $cert invalid-before ];
+      :local invalidafter [ / certificate get $cert invalid-after ];
+      / tool e-mail send to=$"email-general-to" cc=$"email-general-cc" \
+        subject=("[" . $identity . "] Certificate warning!") \
+        body=("A certificate on " . $identity . " is about to expire.\n\n" . \
+          "Certificate Name: " . $certname . "\n" . \
+          "Common Name:      " . $commonname . "\n" . \
+          "Fingerprint:      " . $fingerprint . "\n" . \
+          "Validity:         " . $invalidbefore . " to " . $invalidafter);
+      :log warning ("A certificate is about to expire within " . $remaining . " days: " . $certname);
+    } else={
+      :log debug ("The certificate " . $certname . " expires in " . $remaining . " days.");
+    }
+  } else={
+    :log debug ("The certificate " . $certname . " is just a template.");
+  }
+}
author	Christian Hesse <mail@eworm.de>	2018-07-05 15:29:26 +0200
committer	Christian Hesse <mail@eworm.de>	2018-07-05 15:34:08 +0200
commit	e1f134ead584c7b2e9ed406f5520d7f1a23294aa (patch)
tree	929660280fb0acc183401d7e59a40f1cd7e8992c /check-certificates
parent	1d99dc38ff1f583d6e46adc5d1ba3455114d53c1 (diff)