Documentation
¶
Overview ¶
Package config provides types and functions to collect, validate and apply user-provided settings.
Index ¶
Constants ¶
const ( // LogLevelDisabled maps to zerolog.Disabled logging level LogLevelDisabled string = "disabled" // LogLevelPanic maps to zerolog.PanicLevel logging level LogLevelPanic string = "panic" // LogLevelFatal maps to zerolog.FatalLevel logging level LogLevelFatal string = "fatal" // LogLevelError maps to zerolog.ErrorLevel logging level LogLevelError string = "error" // LogLevelWarn maps to zerolog.WarnLevel logging level LogLevelWarn string = "warn" // LogLevelInfo maps to zerolog.InfoLevel logging level LogLevelInfo string = "info" // LogLevelDebug maps to zerolog.DebugLevel logging level LogLevelDebug string = "debug" // LogLevelTrace maps to zerolog.TraceLevel logging level LogLevelTrace string = "trace" )
const SkipSANSCheckKeyword string = "SKIPSANSCHECKS"
SkipSANSCheckKeyword is used as the sole argument to `--sans-entries` if the user wishes to disable SANs entry verification. This seemingly illogical option allows defining the `--sans-entries` flag in a command definition used by a group-based service check even though some systems targeted by that service check may use a certificate which does not have any SANs entries present.
Variables ¶
var ErrVersionRequested = errors.New("version information requested")
ErrVersionRequested indicates that the user requested application version information.
var Usage = func() { flag.CommandLine.SetOutput(os.Stdout) fmt.Fprintln(flag.CommandLine.Output(), "\n"+Version()+"\n") fmt.Fprintf(flag.CommandLine.Output(), "Usage of %s:\n", os.Args[0]) flag.PrintDefaults() }
Usage is a custom override for the default Help text provided by the flag package. Here we prepend some additional metadata to the existing output.
Functions ¶
Types ¶
type AppType ¶
type AppType struct {
// Scanner represents an application intended for bulk operations across a
// range of hosts.
Scanner bool
// Plugin represents an application used as a Nagios plugin.
Plugin bool
// Inspecter represents an application used for one-off or isolated
// checks. Unlike a Nagios plugin which is focused on specific attributes
// resulting in a severity-based outcome, an Inspecter application is
// intended for examining a small set of targets for
// informational/troubleshooting purposes.
Inspecter bool
}
AppType represents the type of application that is being configured/initialized. Not all application types will use the same features and as a result will not accept the same flags. Unless noted otherwise, each of the application types are incompatible with each other, though some flags are common to all types.
type Config ¶
type Config struct {
// SANsEntries is the list of Subject Alternate Names (SANs) to verify are
// present on the examined certificate. This value is provided a
// comma-separated list.
SANsEntries multiValueStringFlag
// Filename is the fully-qualified path to a file containing one or more
// certificates.
Filename string
// Server is the fully-qualified domain name of the system running a
// certificate-enabled service.
Server string
// ScanRateLimit is the maximum number of concurrent port scan attempts.
ScanRateLimit int
// DNSName is the fully-qualified domain name associated with the
// certificate. This is usually specified when the FQDN or IP used to make
// the connection is different than the Common Name or Subject Alternate
// Names entries associated with the certificate.
DNSName string
// Port is the TCP port used by the certifcate-enabled service.
Port int
// LoggingLevel is the supported logging level for this application.
LoggingLevel string
// AgeWarning is the number of days remaining before certificate
// expiration when this application will flag the NotAfter certificate
// field as a WARNING state.
AgeWarning int
// AgeCritical is the number of days remaining before certificate
// expiration when this application will flag the NotAfter certificate
// field as a CRITICAL state.
AgeCritical int
// EmitBranding controls whether "generated by" text is included at the
// bottom of application output. This output is included in the Nagios
// dashboard and notifications. This output may not mix well with branding
// output from other tools such as atc0005/send2teams which also insert
// their own branding output.
EmitBranding bool
// VerboseOutput controls whether detailed certificate metadata is emitted
// along with standard certificate details.
VerboseOutput bool
// EmitCertText controls whether x509 TLS certificates are printed to
// stdout using an OpenSSL-inspired text format. There is a good bit of
// output text, so this setting defaults to false.
EmitCertText bool
// ShowVersion is a flag indicating whether the user opted to display only
// the version string and then immediately exit the application.
ShowVersion bool
// ShowHostsWithClosedPorts indicates whether hosts without any open ports
// are included in the port scan results summary output.
ShowHostsWithClosedPorts bool
// ShowHostsWithValidCerts indicates whether hosts with valid certificates
// are included in the overview summary output.
ShowHostsWithValidCerts bool
// ShowValidCerts indicates whether all certificates are included in
// output summary, even certificates which have passed all validity
// checks.
ShowValidCerts bool
// ShowOverview indicates whether a brief overview of certificate scan
// findings is provided, or whether the detailed certificate results list
// is shown at the end of scanning specified hosts.
ShowOverview bool
// ShowResultsDuringScan indicates whether host scan results should be
// shown during a port scan. See also ShowHostsWithClosedPorts. Enabling
// either of these options results in live scan result details being
// shown.
ShowPortScanResults bool
// Log is an embedded zerolog Logger initialized via config.New().
Log zerolog.Logger
// contains filtered or unexported fields
}
Config represents the application configuration as specified via command-line flags.
func New ¶
New is a factory function that produces a new Config object based on user provided flag and config file values. It is responsible for validating user-provided values and initializing the logging settings used by this application.
func (Config) CertPorts ¶
CertPorts returns the user-specified list of ports to check for certificates or the default value if not specified.
func (Config) IPAddresses ¶
IPAddresses returns a list of individual IP Addresses expanded from any user-specified IP Addresses (single or ranges), hostnames or FQDNs.
func (Config) Timeout ¶
Timeout converts the user-specified connection timeout value in seconds to an appropriate time duration value for use with setting net.Dial timeout.
func (Config) TimeoutAppInactivity ¶
TimeoutAppInactivity converts the user-specified application inactivity timeout value in seconds to an appropriate time duration value for use with setting automatic context cancellation.
func (Config) TimeoutPortScan ¶
TimeoutPortScan converts the user-specified port scan timeout value in milliseconds to an appropriate time duration value for use with setting net.Dial timeout.
Source Files