Project

General

Profile

Feature #9799

Add host certificate monitoring

Added by Gerard Bernabeu Altayo over 4 years ago. Updated about 4 years ago.

Status:
New
Priority:
Normal
Start date:
08/06/2015
Due date:
% Done:

0%

Estimated time:
2.00 h
Duration:

Description

We currently have unmonitored certificates in production machines, for example:

[root@gratia-main-osg ~]# ll /etc/grid-security/host*.pem
lrwxrwxrwx 1 root root 37 May 6 11:28 /etc/grid-security/hostcert.pem -> gratia-main-osg.fnal.gov-hostcert.pem
lrwxrwxrwx 1 root root 36 May 6 11:27 /etc/grid-security/hostkey.pem -> gratia-main-osg.fnal.gov-hostkey.pem
[root@gratia-main-osg ~]#

I don't see any alert on check_mk:

https://ecfmon1.fnal.gov/dcsomon/check_mk/index.py?start_url=%2Fdcsomon%2Fcheck_mk%2Fview.py%3Fview_name%3Dhost%26host%3Dgratia-main-osg%26site%3D

Sensors need to be deployed for check_mk. IMO a good way to do this would be to have whichever puppet class deploys certificates include a class that installs the certificate monitoring check.

History

#1 Updated by Nicholas Peregonow about 4 years ago

Created a host certificate check and an http certificate check. These have been deployed to the gratia machines. Will need to ensure these work on other machines, and then deploy with puppet



Also available in: Atom PDF