Tag Archives: linux

Batch check SSL Certificates on CentOS

Hello all,

I’ve moved to management and don’t get to do the fun stuff as much, but recently I got to script a SSL check as we didn’t have engineering resources to complete the task. Yay!

WARNING: Do not copy/paste code from websites. Sites can inject funny stuff into lines that you cannot see.

Single URL test prep work

  1. Get a Linux VM. I chose CentOS 7, but you could use almost anything.
  2. Get a list of URLs to check.

Install the Qualys SSL checker to CentOS

  1. ssh to your Linux box.
  2. Install the Go language if it isn’t already.
    • sudo yum install golang
  3. Grab the Qualys SSL labs tester binary for Linux. OSX and Win is also available.
    • curl -O https://github.com/ssllabs/ssllabs-scan/releases/download/v1.3.0/ssllabs-scan_1.3.0-linux64.tgz
  4. Unzip the binary
    • tar -zxvf ssllabs-scan_1.3.0-linux64.tgz
  5. Make your binary executable.
    • chmod +x ssllabs-scan
  6. Test it out!

Prep work for multiple URLs.

  1. Import our list
    • touch sitelist
    • vi sitelist
    • hit a to edit, and then paste in your URL list
    • hit ESC to get our of edit mode.
    • wq
    • hit enter
  2. Test it on our sitelist.
    • ./ssllabs-scan -json-flat=true -hostfile=sitelist > results.json
  3. Does it look okay?
    • more results.json
    • hit q to exit

Convert to CSV. If your brain has atrophied from being in management and you can no longer read json.

  1. Install epel repo, pip, lxml, and most importantly csvkit. You need epel before you can install pip.
    • sudo yum install epel-release
    • sudo yum install python-pip
    • sudo pip install --upgrade pip
    • sudo pip install csvkit
    • sudo pip install lxml==3.4.2
  2. Convert!
    • in2csv results.json > results.csv
  3. Does it look like a csv?
    • more results.csv
    • hit q to exit

Big thanks to https://github.com/wireservice/csvkit and Qualys https://github.com/ssllabs/ssllabs-scan


Bash Script to Create a Bomgar Licensing Report

I recently showed a developer at work the Bomgar API so he can whip up some fancy reporting. But why should devs have all the fun?

Figuring out the sed part made my brain catch on fire.

# Author Greg Carriger
# Rep Console Usage file version v1
## Collect Data
wget --no-check-certificate https://portal.domain.com/api/command.ns?username=exampleuser\&password=examplepassword\&action=get_logged_in_reps
grep display_name command.ns* > user1
rm command.ns*
wget --no-check-certificate https://portal2.domain.com/api/command.ns?username=exampleuser\&password=examplepassword\&action=get_logged_in_reps
grep display_name command.ns* > user2
rm command.ns*
usert=$(cat user1 user2 | sort -u | wc -l)
user1=$(cat user1 | wc -l)
user2=$(cat user2 | wc -l)
time=$(date +%s)
## Write Data
echo $usert $user1 $user2 > tempstats
cat tempstats | sed '$s|^|'"$time"' |' >> stats
## Clean up
rm user1 user2 tempstats

Not done yet.