GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → debfx → check_dane

debfx / check_dane

Licence: GPL-3.0 license
Nagios/Icinga plugin for checking DANE/TLSA records

Programming Languages

python
139335 projects - #7 most used programming language

Labels

icingadnssecdanetlsa

Projects that are alternatives of or similar to check dane

smtpdane
SMTP DANE testing tool
Stars: ✭ 15 (+15.38%)
Mutual labels:  dnssec, dane, tlsa
toolbox-wiki
Internet.nl toolbox - how-to's for modern mail security standards (DMARC, DKIM, SPF and DANE)
Stars: ✭ 96 (+638.46%)
Mutual labels:  dnssec, dane
danetls
Program to test DANE enabled TLS Services
Stars: ✭ 18 (+38.46%)
Mutual labels:  dnssec, dane
DANE-for-SMTP
'DANE for SMTP' wiki
Stars: ✭ 28 (+115.38%)
Mutual labels:  dnssec, dane
check dnssec expiry
Icinga / Nagios plugin to validate DNSSEC validity of a DNS zone.
Stars: ✭ 19 (+46.15%)
Mutual labels:  icinga, dnssec
Icingaweb2 Module Grafana
Grafana module for Icinga Web 2 (supports InfluxDB & Graphite)
Stars: ✭ 190 (+1361.54%)
Mutual labels:  icinga
check clever tanken
Benzinpreis-Monitoring mit Icinga 2 || Kraftstoffmonitoring
Stars: ✭ 21 (+61.54%)
Mutual labels:  icinga
Check nwc health
check_nwc_health is a plugin which checks the health of network components and interfaces.
Stars: ✭ 127 (+876.92%)
Mutual labels:  icinga
Sakuli
Sakuli is an end-2-end testing and monitoring tool for web sites and common UIs with multiple monitoring integrations
Stars: ✭ 115 (+784.62%)
Mutual labels:  icinga
jp.tiar.app
jp.tiar.app
Stars: ✭ 28 (+115.38%)
Mutual labels:  dnssec
icingaweb2-module-cube
Drill-down view for Icinga web 2 based on custom variables
Stars: ✭ 40 (+207.69%)
Mutual labels:  icinga
Icinga Vagrant
Vagrant boxes for Icinga 2, Icinga Web 2, modules, themes and integrations (Graphite, InfluxDB, Elastic, Graylog, etc.)
Stars: ✭ 248 (+1807.69%)
Mutual labels:  icinga
certgrinder
Certgrinder is a client/server system for getting LetsEncrypt certificates for your infrastructure. ACME challenges are handled by the Certgrinder server, making it possible to get certificates in highly isolated environments, since only an SSH connection to the Certgrinder server is needed.
Stars: ✭ 24 (+84.62%)
Mutual labels:  tlsa
Thola
Tool for monitoring and provisioning network devices (mainly using SNMP) - monitoring check plugin
Stars: ✭ 179 (+1276.92%)
Mutual labels:  icinga
mailsec-check
Another utility to analyze state of deployment of security-related email protocols.
Stars: ✭ 37 (+184.62%)
Mutual labels:  dane
Icinga2
Icinga is a monitoring system which checks the availability of your network resources, notifies users of outages, and generates performance data for reporting.
Stars: ✭ 1,670 (+12746.15%)
Mutual labels:  icinga
nagmapReborn
Nagmap Reborn - Standalone integration with some server monitoring systems providing a user-friendly interface through geographic visualization.
Stars: ✭ 19 (+46.15%)
Mutual labels:  icinga
Wireguard-DNScrypt-VPN-Server
Fast setup wireguard server script, with dnscrypt and adblocking, maleware blocking, more blocking if you need. Use case eg. always on vpn and adblocking on ios or android, and be more secured in unknown networks.
Stars: ✭ 48 (+269.23%)
Mutual labels:  dnssec
icinga-core
Icinga 1.x, the old core (EOL 31.12.2018)
Stars: ✭ 45 (+246.15%)
Mutual labels:  icinga
check netscaler
A Nagios Plugin written in Perl for the Citrix ADC (formerly Citrix NetScaler). It uses the NetScaler NITRO API.
Stars: ✭ 36 (+176.92%)
Mutual labels:  icinga
View All Similar Projects ➔

⚠️ This repository is no longer maintained.

check_ssl_cert supports validating DANE records with openssl >= 1.1.0

check_dane

Nagios/Icinga plugin for checking DANE/TLSA records.

It compares the DANE/TLSA record against the TLS certificate provided by a service.

Usage

-h, --help            show this help message and exit
--host HOST, -H HOST  Hostname to check.
--port PORT, -p PORT  TCP port to check.
--connect-host CONNECT_HOST, --ip CONNECT_HOST, -I CONNECT_HOST
                      Connect to this host instead of --host.
--connect-port CONNECT_PORT
                      Connect to this port instead of --port.
--starttls {smtp,imap,xmpp,quassel}
                      Send the protocol-specific messages to enable TLS.
--check-pkix          Additionally perform traditional checks on the
                      certificate (ca trust path, hostname, expiry).
--min-days-valid MIN_DAYS_VALID
                      Minimum number of days a certificate has to be valid.
                      Format: INTEGER[,INTEGER]. 1st is #days for warning,
                      2nd is critical.
--no-dnssec           Continue even when DNS replies aren't DNSSEC
                      authenticated.
--nameserver NAMESERVER
                      Use a custom nameserver.
--timeout TIMEOUT     Network timeout in sec. Default: 10
--version             show program's version number and exit

Supported TLSA records

  • Certificate Usage: "Service certificate constraint" (1) and "Domain-issued certificate" (3) is supported
  • Selector: "Full certificate" (0) and SubjectPublicKeyInfo (1)
  • Matching Type: "Exact match" (0), SHA-256 hash (1) and SHA-512 hash (2)

Requirements

  • Python >= 3.4
  • dnspython
  • openssl binary
  • DNSSEC capable resolver (or use --no-dnssec but be aware of the security implications)

Examples

  • check_dane -H mx.example.com -p 25 --starttls smtp
  • check_dane -H example.com -p 443 --check-pkix
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].