1

I have been trying to get my small bash script working for the past few days, so that I can import a list of domains from a text file and loop it into an if statement with the openssl commands. Any ideas what I am doing wrong here, when run it looks like its not passing the text file into the loop. Was trying a while statement with limited success. Thank you for the help!

#!/bin/bash

#IP Range to test for expired certificates
for SITE in $(cat host.txt);

do
# Openssl Test and Parse Results, match against expired certificate presented
  if [[ $(echo | timeout 1 openssl s_client -connect $SITE:443 2>&1  | sed -ne '/certificate 
       has expired/p') ]]; then
  echo "$SITE Certificate Expiration Error" >> out.txt
  timeout 1 openssl s_client -connect $SITE:443 2>&1 | sed -ne '/subject=/,/issuer=/p' >> 
  out.txt

  else

    echo $SITE "Certificate not expired"
  fi
done
MrDoe
  • 49
  • 1
  • 2
  • 5

1 Answers1

0

i have tested your script and it works for me, just deleted some linefeeds which breaks your code

your cat works, but i recommend to filter lines only which start with IPv4/IPv6 address with regex (or at least grep -v ^# to skip # comments). you can also add some regex to match domain names

don't know whats the purpose of echo | openssl have just deleted this and works without

instead of redirecting stdout >> out.txt you can use tee -a which will do both, display the output and append to file

#!/bin/bash

# IP Range to test for expired certificates
# for SITE in $(grep -v ^# host.txt);
for SITE in $(grep -oE '^([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})|^(([a-f0-9:]+:+)+[a-f0-9]+)' host.txt);

do
# Openssl Test and Parse Results, match against expired certificate presented
  if [[ $(timeout 1 openssl s_client -connect $SITE:443 2>&1 | sed -ne '/certificate has expired/p') ]]; then
  echo "$SITE Certificate Expiration Error" | tee -a out.txt
  timeout 1 openssl s_client -connect $SITE:443 2>&1 | sed -ne '/subject=/,/issuer=/p' >> out.txt

  else

    echo $SITE "Certificate not expired"
  fi
done
alecxs
  • 701
  • 8
  • 17
  • thank you for taking a look at it, when I have been putting FQDNS in the host.txt file, removing the grep regex and replacing it with cat. The script seems to hit the else statement and doesnt hit the first line. Any ideas? I feel like we are close – MrDoe Jun 03 '20 at 21:00
  • its working fine to me, depending on i get *"Certificate not expired"* or *" Certificate Expiration Error"* (with log in out.txt) – alecxs Jun 03 '20 at 21:34