GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → sensu-plugins → sensu-plugins-ssl

sensu-plugins / sensu-plugins-ssl

Licence: MIT license
This plugin provides native SSL instrumentation for monitoring, including: hostname and chain verification, cert expiry, and Qualys SSL Labs reporting

Programming Languages

ruby
36898 projects - #4 most used programming language

Labels

hstsmonitoringhstspreloadssl-certificatessensu-pluginsssl-monitoring

Projects that are alternatives of or similar to sensu-plugins-ssl

React Pwa
An upgradable boilerplate for Progressive web applications (PWA) with server side rendering, build with SEO in mind and achieving max page speed and optimized user experience.
Stars: ✭ 2,433 (+15106.25%)
Mutual labels:  hsts, hstspreload
cryptonice
CryptoNice is both a command line tool and library which provides the ability to scan and report on the configuration of SSL/TLS for your internet or internal facing web services. Built using the sslyze API and ssl, http-client and dns libraries, cryptonice collects data on a given domain and performs a series of tests to check TLS configuration…
Stars: ✭ 91 (+468.75%)
Mutual labels:  hsts, ssl-certificates
Trust stores observatory
Continuously monitor and record the content of the major platforms' root certificate stores.
Stars: ✭ 87 (+443.75%)
Mutual labels:  ssl-certificates
docker-testssl
http://testssl.sh/ in a tiny docker container
Stars: ✭ 19 (+18.75%)
Mutual labels:  hsts
Concert
Concert is a console based certificate generation tool for https://letsencrypt.org.
Stars: ✭ 196 (+1125%)
Mutual labels:  ssl-certificates
Tls Inspector
Easily view and inspect X.509 certificates on your iOS device.
Stars: ✭ 92 (+475%)
Mutual labels:  ssl-certificates
tlsassistant
Fully-featured tool that combines state-of-the-art TLS analyzers with a report system that suggests appropriate mitigations and shows the full set of viable attacks.
Stars: ✭ 24 (+50%)
Mutual labels:  hsts
Letscertbot
Let's Certbot is a tool builds automated scripts base on Certbot for obtaining, renewing, deploying SSL certificates.
Stars: ✭ 84 (+425%)
Mutual labels:  ssl-certificates
Nginxconfig.io
⚙️ NGINX config generator on steroids 💉
Stars: ✭ 14,983 (+93543.75%)
Mutual labels:  hsts
Certbot Route53
Helping create Let's Encrypt certificates for AWS Route53
Stars: ✭ 159 (+893.75%)
Mutual labels:  ssl-certificates
hsts-iis-module
IIS module for configuring and injecting the HSTS into IIS sites.
Stars: ✭ 28 (+75%)
Mutual labels:  hsts
Netpwn
Tool made to automate tasks of pentesting.
Stars: ✭ 152 (+850%)
Mutual labels:  ssl-certificates
Ssl Checker
Python script that collects SSL/TLS information from hosts
Stars: ✭ 94 (+487.5%)
Mutual labels:  ssl-certificates
Rancher Lets Encrypt
Automatically create and manage certificates in Rancher using Let's Encrypt webroot verification via a minimal service
Stars: ✭ 88 (+450%)
Mutual labels:  ssl-certificates
Secure headers
Manages application of security headers with many safe defaults
Stars: ✭ 2,942 (+18287.5%)
Mutual labels:  hsts
Checkssl
checks ssl certs for a set of domains
Stars: ✭ 86 (+437.5%)
Mutual labels:  ssl-certificates
Ssl exporter
Exports Prometheus metrics for SSL certificates
Stars: ✭ 211 (+1218.75%)
Mutual labels:  ssl-certificates
Docker Nginx Gunicorn Flask Letsencrypt
Boilerplate code for setting up Nginx + Gunicorn + Flask + automated LetsEncrypt certificates (https) using docker-compose.
Stars: ✭ 117 (+631.25%)
Mutual labels:  ssl-certificates
Testssl.sh
Testing TLS/SSL encryption anywhere on any port
Stars: ✭ 5,676 (+35375%)
Mutual labels:  hsts
nuxt-security
Module for Nuxt.js to configure security headers and more
Stars: ✭ 46 (+187.5%)
Mutual labels:  hsts
View All Similar Projects ➔

Sensu-Plugins-SSL

Build Status Gem Version Code Climate Test Coverage Dependency Status Sensu Bonsai Asset

Sensu Asset

The Sensu assets packaged from this repository are built against the Sensu Ruby runtime environment. When using these assets as part of a Sensu Go resource (check, mutator or handler), make sure you include the corresponding Sensu Ruby runtime asset in the list of assets needed by the resource. The current ruby-runtime assets can be found here in the Bonsai Asset Index.

Functionality

Files

  • bin/check-java-keystore-cert.rb
  • bin/check-ssl-anchor.rb
  • bin/check-ssl-crl.rb
  • bin/check-ssl-cert.rb
  • bin/check-ssl-host.rb
  • bin/check-ssl-hsts-preload.rb
  • bin/check-ssl-hsts-preloadable.rb
  • bin/check-ssl-qualys.rb
  • bin/check-ssl-root-issuer.rb

Usage

bin/check-ssl-anchor.rb

Check that a specific website is chained to a specific root certificate (Let's Encrypt for instance). Requires the openssl commandline tool to be available on the system.

./bin/check-ssl-anchor.rb -u example.com -a "i:/O=Digital Signature Trust Co./CN=DST Root CA X3"

bin/check-ssl-crl.rb

Checks a CRL has not or is not expiring by inspecting it's next update value.

You can check against a CRL file on disk:

./bin/check-ssl-crl -c 300 -w 600 -u /path/to/crl

or an online CRL:

./bin/check-ssl-crl -c 300 -w 600 -u http://www.website.com/file.crl

Critical and Warning thresholds are specified in minutes.

bin/check-ssl-qualys.rb

Checks the ssllabs qualysis api for grade of your server, this check can be quite long so it should not be scheduled with a low interval and will probably need to adjust the check timeout options per the check attributes spec based on my tests you should expect this to take around 3 minutes.

./bin/check-ssl-qualys.rb -d google.com

bin/check-ssl-root-issuer.rb

Check that a specific website is chained to a specific root certificate issuer. This is a pure Ruby implementation, does not require the openssl cmdline client tool to be installed.

./bin/check-ssl-root-issuer.rb -u example.com -a "CN=DST Root CA X3,O=Digital Signature Trust Co."

Installation

Installation and Setup

Testing

To run the testing suite, you'll need to have a working ruby environment, gem, and bundler installed. We use rake to run the rspec tests automatically.

bundle install
bundle update
bundle exec rake

Notes

bin/check-ssl-anchor.rb and bin/check-ssl-host.rb would be good to run in combination with each other to test that the chain is anchored to a specific certificate and each certificate in the chain is correctly signed.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].