Commit ea3b6620 authored by remy's avatar remy
Browse files

adding a working makefile

parent 1889b791
......@@ -4,20 +4,22 @@ install: certs urls
dirs:
mkdir -p /usr/local/websitechecks/etc
mkdir -p /usr/local/websitechecks/var/certs
mkdir /usr/local/websitechecks/var/urls
mkdir /usr/local/websitechecks/var/status
mkdir -p /usr/local/websitechecks/var/workdir
mkdir /usr/local/websitechecks/var/results
mkdir /usr/local/websitechecks/libexec
chmod -R 777 /usr/local/websitechecks/var
status_conf: status
certs_conf: status
status: dirs
cp profile.conf /usr/local/websitechecks/etc/
cp profile.conf /etc/default/websitechecks
cp host_https_list.txt /usr/local/websitechecks/etc/
certs: status
cp check_certs.sh /usr/local/bin
cp ssl-cert-info.sh /usr/local/websitechecks/libexec
chmod +x /usr/local/bin/check_certs.sh
url_conf: dirs
......@@ -25,9 +27,11 @@ url_conf: dirs
urls: url_conf
cp check_urls.sh /usr/local/bin
cp check_sha256.awk /usr/local/websitechecks/libexec
chmod +x /usr/local/bin/check_urls.sh
clean:
rm -rf /usr/local/websitechecks
rm -f /usr/local/bin/check_urls.sh
rm -f /usr/local/bin/check_certs.sh
rm -f /etc/default/websitechecks
......@@ -17,6 +17,13 @@ First, you will need to enter some informations in `profile.conf` file. This fil
Then, edit `host_https_list.txt` and `url_list.txt` to fit your needs.
## How to install
After editing the 3 configuration files (`profile.conf` and listings `host_https_list.txt`, `url_list.txt`), just run:
```bash
sudo make
```
## How to check your HTTPS certificates
......@@ -25,7 +32,7 @@ Edit `host_https_list.txt` file containing the list of hosts (fqdn / fully quali
Then, just run:
```bash
bash check_certs.sh
check_certs.sh
```
This will produce a json output on the standard output and in the output directory (`OUTPUT_DIR` defined in `profile.conf` (default is `./results`)).
......@@ -39,13 +46,13 @@ Enter the list of URL to scan in `url_list.txt`.
To initialize the working directory `workdir`, you need to launch:
```bash
bash check_urls.sh init
check_urls.sh init
```
Then, you can do a basic scan:
```bash
bash check_urls.sh check
check_urls.sh check
```
You will find your results in `json` format in your `OUTPUT_DIR` defined in `profile.conf`.
......@@ -54,9 +61,9 @@ To display more informations about differences:
```bash
# compare from last run
bash check_urls.sh compare
check_urls.sh compare
# or check differences since the init step
bash check_urls.sh compare2init
check_urls.sh compare2init
```
Finally, you can add a cron job to produce results every N minutes/days...
......@@ -70,8 +77,8 @@ diff -rq <previous_workdir> `date +"%Y%m%d"`_workdir
diff -Ebw <previous_workdir>/website.index.html `date +"%Y%m%d"`_workdir/website.index.html
# finally, if everything is ok, regenerate a workdir
bash check_urls.sh clean
bash check_urls.sh init
check_urls.sh clean
check_urls.sh init
```
After, you will have many directories with all your webpages histories.
......
......@@ -5,18 +5,34 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
DATE=`date '+%Y%m%d_%H%M%S'`
cd ${DIR}
. ./profile.conf
websites=`awk '{ if ($1 !~ "^#") {print;} }' host_https_list.txt`
TOTAL_WEBSITES=`echo ${websites}|awk '{print NF}'`
if [ -z "${OUTPUT_DIR}" ]; then
if [ -f /etc/default/websitechecks ]; then
. /etc/default//websitechecks
if [ -z "${OUTPUT_DIR}" ]; then
OUTPUT_DIR="${VARDIR}/results"
fi
if [ -f "${LIBEXECDIR}/ssl-cert-info.sh" ]; then
CERT_INFO="${LIBEXECDIR}/ssl-cert-info.sh"
fi
if [ -f "${ETCDIR}/host_https_list.txt" ]; then
HOST_LIST="${ETCDIR}/host_https_list.txt"
fi
else
. ./profile.conf
cd ${DIR}
if [ -z "${OUTPUT_DIR}" ]; then
OUTPUT_DIR="./results"
fi
CERT_INFO="${DIR}/ssl-cert-info.sh"
HOST_LIST=host_https_list.txt
fi
if [ ! -d ${OUTPUT_DIR} ]; then
mkdir -p ${OUTPUT_DIR};
mkdir -p ${OUTPUT_DIR}
fi
websites=`awk '{ if ($1 !~ "^#") {print;} }' ${HOST_LIST}`
TOTAL_WEBSITES=`echo ${websites}|awk '{print NF}'`
OUTPUT="${OUTPUT_DIR}/${DATE}_check_certs.json"
#formatting output for jsonreader
......@@ -26,10 +42,10 @@ for host in ${websites}
do
results="${results}\n\t\"${host}\":{"
results="${results}\n\t\t\"enddate\":\t\""
END_DATE=`bash ${DIR}/ssl-cert-info.sh --host $host --end | sed "s/$/\",/"`
END_DATE=`bash ${CERT_INFO} --host $host --end | sed "s/$/\",/"`
results="${results}${END_DATE}"
results="${results}\n\t\t\"status\":\t\""
END_OK=`bash ${DIR}/ssl-cert-info.sh --host $host --end-check|sed "s/$/\"/"`
END_OK=`bash ${CERT_INFO} --host $host --end-check|sed "s/$/\"/"`
results="${results}${END_OK}"
if [ $i -eq $TOTAL_WEBSITES ]; then
results="${results}\n\t}"
......@@ -42,7 +58,7 @@ results="${results}\n}"
echo -e ${results} | tee ${OUTPUT}
ssl_answers=`for host in ${websites}; do echo -n "$host:" && bash ${DIR}/ssl-cert-info.sh --host $host --end-check; done`
ssl_answers=`for host in ${websites}; do echo -n "$host:" && bash ${CERT_INFO} --host $host --end-check; done`
count=`echo "${ssl_answers}" | grep -c "Ok"`
if [ $count -ne $TOTAL_WEBSITES ]; then
......
......@@ -35,7 +35,6 @@
CURDIR=`pwd`
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
WORKDIR=${DIR}/workdir
DATE=`date '+%Y%m%d_%H%M%S'`
# path to commands; could be useful for crons
......@@ -168,9 +167,27 @@ function remove_dyn_elems {
done < $1
}
if [ -f /etc/default/websitechecks ]; then
. /etc/default//websitechecks
if [ -z ${WORKDIR} ]; then
WORKDIR=${VARDIR}/workdir
fi
if [ -f "${ETCDIR}/url_list.txt" ]; then
URL_LIST="${ETCDIR}/url_list.txt"
fi
if [ -f "${LIBEXECDIR}/check_sha256.awk" ]; then
CHECK_SHA256="${LIBEXECDIR}/check_sha256.awk"
fi
else
. ./profile.conf
cd ${DIR}
if [ -z ${WORKDIR} ]; then
WORKDIR=${DIR}/workdir
fi
URL_LIST="../url_list"
CHECK_SHA256="../check_sha256.awk"
fi
cd ${DIR}
. ./profile.conf
if ${CHECK_CERT}; then
CURL_OPTS="-Is"
else
......@@ -226,10 +243,10 @@ do
echo -n $website" " >> status.log && $CURL $CURL_OPTS $website|head -1 >> status.log
$WGET -O "${name}.index.html" $website 2>/dev/null
fi
done < ../url_list.txt
done < ${URL_LIST}
/usr/bin/dos2unix status.log 2>/dev/null
remove_dyn_elems ../url_list.txt
remove_dyn_elems ${URL_LIST}
if [ -z ${FIRST} ]; then
......@@ -273,9 +290,9 @@ if [ -z ${FIRST} ]; then
if [[ "$name" =~ [[:space:]]*# ]] || [[ "$name" == "" ]] || [[ "$activity" == "inactive" ]]; then
continue
else
$AWK -f ../check_sha256.awk -v url=$url -v sitename=${name} -v total=$total sha256sum.txt*
$AWK -f ${CHECK_SHA256} -v url=$url -v sitename=${name} -v total=$total sha256sum.txt*
fi
done < ../url_list.txt|sort >> checksums.json
done < ${URL_LIST} |sort >> checksums.json
echo "}" >> checksums.json
else
$SHA256SUM *.html > sha256sum.txt.orig
......
......@@ -4,4 +4,8 @@ MAIL_SUBJECT="certificate error"
# following must be set to false if you have some autosigns certificates website
# otherwise, you can set it to true
CHECK_CERT=false
OUTPUT_DIR="./results"
INSTALL_DIR="/usr/local/websitechecks"
VARDIR="${INSTALL_DIR}/var"
ETCDIR="${INSTALL_DIR}/etc"
LIBEXECDIR="${INSTALL_DIR}/libexec"
OUTPUT_DIR="${VARDIR}/results"
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment