我目前正在尝试监视我的系统证书,以确保在到期前30天收到警报。作为示例,我采用了google.com并监视其证书。在查看monitrc文件时,我添加了以下内容:
check host google.com with address google.com
if failed
port 443
protocol https
with ssl options {verify: enable}
certificate valid > 1095 days
then alert
重新启动monit时出现错误,没有名为google.com的服务
答案 0 :(得分:0)
您还可以使用Overseer之类的软件进行定期测试,并使用Notify17通知模板接收通知(请参见示例recipe)。
您可以使用以下测试规则:
https://myurl.com/path must run https
或
https://myurl.com/path must run ssl
这些规则评估通过SSL是否可以访问网站以及证书是否即将过期(您可以在source code中看到更多选项)。
P.S。要轻松使用Overseer,您可以查看Kubernetes deployment example。
答案 1 :(得分:0)
在设置新的monit配置或更改/编辑当前配置时,应首先重新加载以确保monit重新初始化守护程序
# Edit monit config
root@home:~# vim /etc/monit/conf-enabled/test
# Restart right way will fail
root@home:~# monit restart all
There is no service named "google.com"
# Logs
[CEST Sep 12 19:16:29] info : 'home' trying to restart
[CEST Sep 12 19:16:29] info : 'home' restart action done
[CEST Sep 12 19:17:09] info : 'home' restart on user request
[CEST Sep 12 19:17:09] error : HttpRequest: error -- client [::1]: HTTP/1.0 400 There is no service named "google.com"
[CEST Sep 12 19:17:09] error : There is no service named "google.com"
# Edit monit config
root@home:~# vim /etc/monit/conf-enabled/test
# Reload to reinitialize monit
root@home:~# monit reload
Reinitializing monit daemon
root@home:~# monit status
Monit 5.25.2 uptime: 24m
Remote Host 'google.com'
status OK
monitoring status Monitored
monitoring mode active
on reboot start
port response time 878.069 ms to google.com:443 type TCP/IP using TLS (certificate valid for 69 days) protocol HTTP
data collected Thu, 12 Sep 2019 19:24:06