Long and suggestive title… And yes, effectively, in this post we are going to centralize the security checks from our Centreon. And so in an automated way we will be able to ensure the services that our company has on the internet, SSL/TLS services that don't have to be secure.

So, We are going to take advantage of the great site SSL Labs, which as we know allows us to check online, but manual our sites, This way we can know the security we offer on our supposedly secure websites or services. And that's the idea, centralise it from Centreon, have our sites monitored in an automated manner.

We'll use the script check_ssl that we will download from the Nagios Exchange website, we leave it as usual in the Centreon plugin directory (/usr/lib/centreon/plugins) And at most, We will need the following dependency that we will install previously:

pip install requests

Once installed we can run it or ask the script for its help, where it will give us the following information that will allow us to choose the site we want to check, which notes we will indicate that are Warning or Critical, The timeout to wait, Remember that the first time he generates the report he takes his minutes, the days for the expiration of the certificate…

Usage: check_ssl.py [options] ARG1 ARG2 ARG3 FOR EXAMPLE: -H www.ciencias.ulisboa.pt, -c E+,E-,E,F+,F-,F,T,M -w C+,C-,C,D+,D-,D Options:
  -h, --help            show this help message and exit   -H DOMAIN, --domain=DOMAIN                         Domain name for check ssl   -c CRITICAL, --critical=CRITICAL                         Specify all value for ssllabs grade yo considered                         critical, Ex. -c T,M,E+,E-,E,F+,F-,F   -w WARNING, --warning=WARNING                         Specify all value for ssllabs grade yo considered                         warning, Ex. -w C+,C-,C,D+,D-,D   -s SLEEP, --sleep=SLEEP                         Specify the number of seconds you want to wait, if not                         found the result in cache, the defoult value is 45
                        seconds   -d DAYS, --days=DAYS  specify how many days before it expires will be                         considered warning, the defoult value is 30 days   -V, --version         This option show the current version number of the                         program and exit   -A, --author          This option show author information and exit

Note, el script es para Python 2.x, lo digo porque igual necesitas indicarlo a la hora de ejecutar y que no lo abra mediante Python 3.x.

Total, que una vez hayamos cacharreado ya podremos como siempre, register the Command that Centreon needs to execute so that then all the services that we generate to check the different websites, Well, it can be executed as we like. As we know, since “Configuration” > “Commands” > “Checks” we can create our command, and something like the following will be good for us:

/usr/bin/python2.7 $CENTREONPLUGINS$/check_ssl.py -H $ARG 1$ -c E+,E-,E,F+,F-,F,T,M -w C+,C-,C,D+,D-,D --sleep=200 --days=7

If we look at, the command will carry a single argument that we will fill in each time we create the service with the FQDN of the URL to be verified.

Total, that we will be able to create as many Services as we need to check every public place we have, as always since “Configuration” > “Services” > “Services by host”, Creating or cloning.

After work, as always we will export the changes in Centreon and we will be able to verify the changes, We check and test. Be aware that if you have not checked your site initially from the web, There will not be a cached place so it may take you a few minutes to refresh, that is why in the Command I put him 200 seconds of waiting, and 7 days of cache, so that each 7 days check again. And remember that this check-up is done 1 Once a day we are happy.

As always hoping you are interested and thanks for sharing & Giving Those Hearts on Social Media.