matteocorti / check_ssl_cert

A shell script (that can be used as a Nagios/Icinga plugin) to check an SSL/TLS connection.
GNU General Public License v3.0
372 stars 132 forks source link

Error "cannot find program: bc" when running check_ssl_cert to monitor smtp cert #475

Closed aquibkazi closed 1 year ago

aquibkazi commented 1 year ago

Getting below error when I run check to monitor one of our smtp cert. our smtp is actually a postfix which is configured to allow tlsv1.3

[root@ip-REDACTED check_ssl_cert-2.75.0]# ./check_ssl_cert -H REDACTED_SMTP_HOSTNAME -P smtp -w 10 -c 5 SSL_CERT UNKNOWN 'REDACTED_SMTP_HOSTNAME': cannot find program: bc

debug output:

./check_ssl_cert -H REDACTED -P smtp -w 10 -c 5 -d

[DBG] check_ssl_cert version: 2.75.0 [DBG] System info: Linux ip-REDACTED 5.14.0-284.30.1.el9_2.x86_64 #1 SMP PREEMPT_DYNAMIC Fri Aug 25 09:13:12 EDT 2023 x86_64 x86_64 x86_64 GNU/Linux [DBG] /etc/os-release: [DBG] NAME="Red Hat Enterprise Linux" [DBG] VERSION="9.2 (Plow)" [DBG] ID="rhel" [DBG] ID_LIKE="fedora" [DBG] VERSION_ID="9.2" [DBG] PLATFORM_ID="platform:el9" [DBG] PRETTY_NAME="Red Hat Enterprise Linux 9.2 (Plow)" [DBG] ANSI_COLOR="0;31" [DBG] LOGO="fedora-logo-icon" [DBG] CPE_NAME="cpe:/o:redhat:enterprise_linux:9::baseos" [DBG] HOME_URL="https://www.redhat.com/" [DBG] DOCUMENTATION_URL="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9" [DBG] BUG_REPORT_URL="https://bugzilla.redhat.com/" [DBG]
[DBG] REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 9" [DBG] REDHAT_BUGZILLA_PRODUCT_VERSION=9.2 [DBG] REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux" [DBG] REDHAT_SUPPORT_PRODUCT_VERSION="9.2" [DBG] User: root [DBG] Shell: /bin/bash [DBG] GNU bash, version 5.1.8(1)-release (x86_64-redhat-linux-gnu) [DBG] Copyright (C) 2020 Free Software Foundation, Inc. [DBG] License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html [DBG]
[DBG] This is free software; you are free to change and redistribute it. [DBG] There is NO WARRANTY, to the extent permitted by law. [DBG] grep: /bin/grep [DBG] grep (GNU grep) 3.6 [DBG] Copyright (C) 2020 Free Software Foundation, Inc. [DBG] License GPLv3+: GNU GPL version 3 or later https://gnu.org/licenses/gpl.html. [DBG] This is free software: you are free to change and redistribute it. [DBG] There is NO WARRANTY, to the extent permitted by law. [DBG]
[DBG] Written by Mike Haertel and others; see [DBG] https://git.sv.gnu.org/cgit/grep.git/tree/AUTHORS. [DBG] hostname: /bin/hostname [DBG] $PATH: /root/.local/bin:/root/bin:/sbin:/bin:/usr/sbin:/usr/bin [DBG] Command line arguments: -H 'REDACTED_SMTP_HOSTNAME' -P smtp -w 10 -c 5 -d [DBG] TMPDIR = /tmp [DBG] Required HTTP headers:
[DBG] Unrequired HTTP headers: [DBG] curl binary needed. SSL Labs = , OCSP = 1, CURL = , IGNORE_CONNECTION_STATE=, FILE_URI= [DBG] curl binary not specified [DBG] curl available: /bin/curl [DBG] curl 7.76.1 (x86_64-redhat-linux-gnu) libcurl/7.76.1 OpenSSL/3.0.7 zlib/1.2.11 brotli/1.0.9 libidn2/2.3.0 libpsl/0.21.1 (+libidn2/2.3.0) libssh/0.10.4/openssl/zlib nghttp2/1.43.0 [DBG] Release-Date: 2021-04-14 [DBG] Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp [DBG] Features: alt-svc AsynchDNS brotli GSS-API HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM NTLM_WB PSL SPNEGO SSL TLS-SRP UnixSockets [DBG] Proxy settings (after): [DBG] http_proxy = [DBG] https_proxy = [DBG] HTTP_PROXY = [DBG] HTTPS_PROXY = [DBG] s_client =
[DBG] curl =
[DBG] Checking if the host is listed in /etc/hosts [DBG] Host listed in /etc/hosts as [DBG] REDACT_IP 'REDACTED_SMTP_HOSTNAME' [DBG] HOST = 'REDACTED_SMTP_HOSTNAME' [DBG] SNI = [DBG] HOST_NAME = 'REDACTED_SMTP_HOSTNAME' [DBG] HOST_ADDR = 'REDACTED_SMTP_HOSTNAME' [DBG] NAMES_TO_BE_CHECKED = HOST [DBG] Checking if 'REDACTED_SMTP_HOSTNAME' is an IP address [DBG] 'REDACTED_SMTP_HOSTNAME' is not an IP address [DBG] HOST_IS_IP. = 0 [DBG] Checking if 'REDACTED_SMTP_HOSTNAME' is an IP address [DBG] 'REDACTED_SMTP_HOSTNAME' is not an IP address [DBG] Adding 'REDACTED_SMTP_HOSTNAME' to NAMES_TO_BE_CHECKED [DBG] NAMES_TO_BE_CHECKED = 'REDACTED_SMTP_HOSTNAME' [DBG] -c specified: 5 [DBG] -w specified: 10 [DBG] cleaning up temporary files SSL_CERT UNKNOWN 'REDACTED_SMTP_HOSTNAME': cannot find program: bc

openssl version

OpenSSL 3.0.7 1 Nov 2022 (Library: OpenSSL 3.0.7 1 Nov 2022)

matteocorti commented 1 year ago

As defined in INSTALL.md bc is a required utility. Which is the output of command -v bc?

matteocorti commented 1 year ago

The check works:

./check_ssl_cert -P smtp --host smtp-inbound.bns.emailprivacy.com
SSL_CERT OK - smtp-inbound.bns.emailprivacy.com:25, smtp, x509 certificate '*.bns.emailprivacy.com' (smtp-inbound.bns.emailprivacy.com) from 'Let's Encrypt' valid until Jan  4 12:08:49 2024 GMT (expires in 65 days)|days_chain_elem1=65;20;15;; days_chain_elem2=686;20;15;;
aquibkazi commented 1 year ago

Thank you Matteo for quick reply.