blob: fd92c7a9f3fe7a25cdfebc8abb3cb2df9d880ed2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
<?php
// Icinga Web 2 X.509 Module | (c) 2018 Icinga GmbH | GPLv2
namespace Icinga\Module\X509\Clicommands;
use Icinga\Application\Logger;
use Icinga\Module\X509\CertificateUtils;
use Icinga\Module\X509\Command;
use Icinga\Module\X509\Hook\SniHook;
use Icinga\Module\X509\Job;
class ScanCommand extends Command
{
/**
* Scans IP and port ranges to find X.509 certificates.
*
* This command starts scanning the IP and port ranges which belong to the job that was specified with the
* --job parameter.
*
* USAGE
*
* icingacli x509 scan --job <name>
*/
public function indexAction()
{
$name = $this->params->shiftRequired('job');
$parallel = (int) $this->Config()->get('scan', 'parallel', 256);
if ($parallel <= 0) {
$this->fail("The 'parallel' option must be set to at least 1.");
}
$jobs = $this->Config('jobs');
if (! $jobs->hasSection($name)) {
$this->fail('Job not found.');
}
$jobDescription = $this->Config('jobs')->getSection($name);
if (! strlen($jobDescription->get('cidrs'))) {
$this->fail('The job does not specify any CIDRs.');
}
$db = $this->getDb();
$job = new Job($name, $db, $jobDescription, SniHook::getAll(), $parallel);
$finishedTargets = $job->run();
if ($finishedTargets === null) {
Logger::warning("The job '%s' does not have any targets.", $name);
} else {
Logger::info(
"Scanned %s target%s in job '%s'.\n",
$finishedTargets,
$finishedTargets != 1 ? 's' : '',
$name
);
$verified = CertificateUtils::verifyCertificates($db);
Logger::info("Checked %d certificate chain%s.", $verified, $verified !== 1 ? 's' : '');
}
}
}
|
