Skip to content

Commit

Permalink
Merge pull request #5 from dnmvisser/dv_proxy_support
Browse files Browse the repository at this point in the history
Add proxy support, cleanups
  • Loading branch information
dnmvisser authored Nov 10, 2023
2 parents 39cdb47 + 6b1e656 commit 25a092e
Show file tree
Hide file tree
Showing 3 changed files with 345 additions and 36 deletions.
249 changes: 249 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,249 @@
# Created by https://www.toptal.com/developers/gitignore/api/macos,python,visualstudiocode,vim
# Edit at https://www.toptal.com/developers/gitignore?templates=macos,python,visualstudiocode,vim

### macOS ###
# General
.DS_Store
.AppleDouble
.LSOverride

# Icon must end with two \r
Icon


# Thumbnails
._*

# Files that might appear in the root of a volume
.DocumentRevisions-V100
.fseventsd
.Spotlight-V100
.TemporaryItems
.Trashes
.VolumeIcon.icns
.com.apple.timemachine.donotpresent

# Directories potentially created on remote AFP share
.AppleDB
.AppleDesktop
Network Trash Folder
Temporary Items
.apdisk

### macOS Patch ###
# iCloud generated files
*.icloud

### Python ###
# Byte-compiled / optimized / DLL files
__pycache__/
*.py[cod]
*$py.class

# C extensions
*.so

# Distribution / packaging
.Python
build/
develop-eggs/
dist/
downloads/
eggs/
.eggs/
lib/
lib64/
parts/
sdist/
var/
wheels/
share/python-wheels/
*.egg-info/
.installed.cfg
*.egg
MANIFEST

# PyInstaller
# Usually these files are written by a python script from a template
# before PyInstaller builds the exe, so as to inject date/other infos into it.
*.manifest
*.spec

# Installer logs
pip-log.txt
pip-delete-this-directory.txt

# Unit test / coverage reports
htmlcov/
.tox/
.nox/
.coverage
.coverage.*
.cache
nosetests.xml
coverage.xml
*.cover
*.py,cover
.hypothesis/
.pytest_cache/
cover/

# Translations
*.mo
*.pot

# Django stuff:
*.log
local_settings.py
db.sqlite3
db.sqlite3-journal

# Flask stuff:
instance/
.webassets-cache

# Scrapy stuff:
.scrapy

# Sphinx documentation
docs/_build/

# PyBuilder
.pybuilder/
target/

# Jupyter Notebook
.ipynb_checkpoints

# IPython
profile_default/
ipython_config.py

# pyenv
# For a library or package, you might want to ignore these files since the code is
# intended to run in multiple environments; otherwise, check them in:
# .python-version

# pipenv
# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
# However, in case of collaboration, if having platform-specific dependencies or dependencies
# having no cross-platform support, pipenv may install dependencies that don't work, or not
# install all needed dependencies.
#Pipfile.lock

# poetry
# Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
# This is especially recommended for binary packages to ensure reproducibility, and is more
# commonly ignored for libraries.
# https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
#poetry.lock

# pdm
# Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
#pdm.lock
# pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it
# in version control.
# https://pdm.fming.dev/#use-with-ide
.pdm.toml

# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
__pypackages__/

# Celery stuff
celerybeat-schedule
celerybeat.pid

# SageMath parsed files
*.sage.py

# Environments
.env
.venv
env/
venv/
ENV/
env.bak/
venv.bak/

# Spyder project settings
.spyderproject
.spyproject

# Rope project settings
.ropeproject

# mkdocs documentation
/site

# mypy
.mypy_cache/
.dmypy.json
dmypy.json

# Pyre type checker
.pyre/

# pytype static type analyzer
.pytype/

# Cython debug symbols
cython_debug/

# PyCharm
# JetBrains specific template is maintained in a separate JetBrains.gitignore that can
# be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
# and can be added to the global gitignore or merged into this file. For a more nuclear
# option (not recommended) you can uncomment the following to ignore the entire idea folder.
#.idea/

### Python Patch ###
# Poetry local configuration file - https://python-poetry.org/docs/configuration/#local-configuration
poetry.toml

# ruff
.ruff_cache/

# LSP config files
pyrightconfig.json

### Vim ###
# Swap
[._]*.s[a-v][a-z]
!*.svg # comment out if you don't need vector files
[._]*.sw[a-p]
[._]s[a-rt-v][a-z]
[._]ss[a-gi-z]
[._]sw[a-p]

# Session
Session.vim
Sessionx.vim

# Temporary
.netrwhist
*~
# Auto-generated tag files
tags
# Persistent undo
[._]*.un~

### VisualStudioCode ###
.vscode/*
!.vscode/settings.json
!.vscode/tasks.json
!.vscode/launch.json
!.vscode/extensions.json
!.vscode/*.code-snippets

# Local History for Visual Studio Code
.history/

# Built Visual Studio Code Extensions
*.vsix

### VisualStudioCode Patch ###
# Ignore all local history of files
.history
.ionide

# End of https://www.toptal.com/developers/gitignore/api/macos,python,visualstudiocode,vim
83 changes: 70 additions & 13 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,35 +5,52 @@ Nagios/Icinga plugin.

# Installation and requirements

You will need python 3.5 or newer, and the yaml, packaging and requests modules. Easiest
through the standard package manager:
You will need python 3.5 or newer, and the `yaml` and `requests` modules.
For exmaple through the standard package manager:

```shell
apt-get install python3 python3-yaml python3-requests
```

or with a dedicated venv:

```sh
apt-get install python3 python3-yaml python3-requests python3-packaging
apt-get install python3-venv
python3 -m venv venv
. venv/bin/activate
pip install -U pip wheel
pip install pyyaml requests
```

# Features

* Uses the [SSL Labs v3
API](https://github.com/ssllabs/ssllabs-scan/blob/master/ssllabs-api-docs-v3.md)
* Configurable warning/critical thresholds (default B and C)
* Caches results
* Configurable warning/critical threshold scores (default: `B/C`)
* Caching of results
* Proxy support

# Usage

```
usage: nagios-ssllabs-rating.py [-h] --host HOST [--warning WARNING]
[--critical CRITICAL] [--tempdir TEMPDIR]
usage: nagios-ssllabs-rating.py [-h] --host HOST [--proxy PROXY]
[--warning WARNING]
[--critical CRITICAL]
[--tempdir TEMPDIR]
Check the rating of an HTTPS web site with the SSLLabs API. See
https://github.com/ssllabs/ssllabs-scan/blob/master/ssllabs-api-docs-v3.md
https://github.com/ssllabs/ssllabs-scan/blob/master/ssllabs-api-
docs-v3.md
optional arguments:
options:
-h, --help show this help message and exit
--host HOST The hostname/FQDN to check
--proxy PROXY The proxy to use when connecting to the SSLLabs
website
--warning WARNING Rating that triggers a WARNING (default: B)
--critical CRITICAL Rating that triggers a CRITICAL (default: C)
--tempdir TEMPDIR Directory to store cache files (default on this system:
--tempdir TEMPDIR Directory to store cache files (default on this
system:
/tmp)
```

Expand All @@ -46,7 +63,7 @@ The rest of the output is extra information, meant for nagios as

Default usage:

```
```shell
~$ ./nagios-ssllabs-rating.py --host wiki.geant.org
OK: SSLLabs rating is A
See https://www.ssllabs.com/ssltest/analyze.html?d=wiki.geant.org
Expand Down Expand Up @@ -88,7 +105,7 @@ testTime: 1594723519403

To get notified earlier, you can use lower thresholds ratings. For instance:

```
```shell
~$ ./nagios-ssllabs-rating.py --host wiki.geant.org --warning A --critical B
WARNING: SSLLabs rating is A
See https://www.ssllabs.com/ssltest/analyze.html?d=wiki.geant.org
Expand Down Expand Up @@ -127,6 +144,46 @@ status: READY
testTime: 1594723519403
```

You can also supply an HTTP proxy explicitly:

```shell
~$ ./nagios-ssllabs-rating.py --host about.geant.org --proxy http://localhost:8000
OK: SSLLabs rating is A+
See https://www.ssllabs.com/ssltest/analyze.html?d=about.geant.org

API result:

criteriaVersion: 2009q
endpoints:
- delegation: 1
duration: 130042
grade: A+
gradeTrustIgnored: A+
hasWarnings: false
ipAddress: 2001:798:3:0:0:0:0:132
isExceptional: true
progress: 100
serverName: security.geant.org
statusMessage: Ready
- delegation: 1
duration: 130157
grade: A+
gradeTrustIgnored: A+
hasWarnings: false
ipAddress: 83.97.93.30
isExceptional: true
progress: 100
serverName: tnc22.geant.org
statusMessage: Ready
engineVersion: 2.2.0
host: about.geant.org
isPublic: false
port: 443
protocol: http
startTime: 1699541305491
status: READY
testTime: 1699541566057
```

# Tips/gotchas

Expand All @@ -146,8 +203,8 @@ When there are _no_ endpoints at all, this _is_ reported however (as CRITICAL):




* Starting up many probes at __exactly__ the same time will result in API
throttling. Don't do that.
* For use as a Nagios plugin, you can set the `tempdir` to something like `/var/cache/nagios3`,
`/var/lib/nagios4/check_ssllabs/`, etc.
* TODO: migrate to v4 API
Loading

0 comments on commit 25a092e

Please sign in to comment.