• 实现目标:
      1. 自动发现域名,并监控证书过期时间;
      1. 当证书低于60天则触发钉钉,邮件报警;
      1. 新增监控需在文件ssl_cert_list中增加域名,格式为:"www.baidu.com 443"
  • 实现步骤:
      1. 在zabbix中增加钉钉报警
#!/usr/bin/python
# -*- coding: utf-8 -*-
import requests
import json
import sys

# 告警群,测试环境
url = 'https://oapi.dingtalk.com/robot/send?access_token=XXXXXXXXXXXXXXXXXXXXXXX'

def send_msg(msg):
    """
    发送消息的函数,这里使用阿里的钉钉
    :param msg: 要发送的消息
    :return: 200 or False
    """
    # url = url
    program = {"msgtype": "text", "text": {"content": msg}, }
    headers = {'Content-Type': 'application/json'}
    try:
        f = requests.post(url, data=json.dumps(program), headers=headers)
    except Exception as e:
        return False
    return f.status_code

def main():
    msg = sys.argv[1]
    send_msg(msg)

if __name__ == '__main__':
    main()
    * 2. 测试能否正常发送钉钉报警
* 2. 增加域名监控脚本,需安装openssl
#!/bin/bash
host=$1
port=$2
end_date=`/usr/bin/openssl s_client -servername $host -host $host -port $port -showcerts /dev/null |
  sed -n '/BEGIN CERTIFICATE/,/END CERT/p' |
  /usr/bin/openssl  x509 -text 2>/dev/null |
  sed -n 's/ *Not After : *//p'`

if [ -n "$end_date" ]
then
    end_date_seconds=`date '+%s' --date "$end_date"`
    now_seconds=`date '+%s'`
    echo "($end_date_seconds-$now_seconds)/24/3600" | bc
fi