diff --git a/CITATION.cff b/CITATION.cff index 8d41723..e8eb8a1 100644 --- a/CITATION.cff +++ b/CITATION.cff @@ -7,34 +7,22 @@ authors: - family-names: "Cécile" given-names: "Adam" website: https://github.com/eLvErDe -- name: agibson2 - website: https://github.com/agibson2 - name: Alexander Aleksandrovič Klimov website: https://github.com/Al2Klimov -- name: alvar - website: https://github.com/oxzi -- family-names: "Dijkman" - given-names: "Andreas" - family-names: "Klärner" given-names: "Andre" website: https://github.com/klaernie +- family-names: "Dijkman" + given-names: "Andreas" - family-names: "Miśkiewicz" given-names: "Arkadiusz" website: https://github.com/arekm -- name: barakAtSoluto - website: https://github.com/barakAtSoluto - family-names: "Byrne" given-names: "Ben" website: https://github.com/benbyr - family-names: "Strößenreuther" given-names: "Bernd" website: https://github.com/booboo-at-gluga-de -- name: booboo-at-gluga-de - website: https://github.com/booboo-at-gluga-de -- name: cbiedl - website: https://github.com/cbiedl -- name: chornberger-c2c - website: https://github.com/chornberger-c2c - family-names: "Ruppert" given-names: "Christian" - family-names: "Moench-Tegeder" @@ -43,15 +31,11 @@ authors: - family-names: "Kuenzler" given-names: "Claudio" website: https://github.com/Napsty -- name: claudioth - website: https://github.com/claudioth - family-names: "Riegg" given-names: "Claus-Theodor" website: https://github.com/ctriegg-mak - family-names: "Smith" given-names: "Colin" -- name: d7415 - website: https://github.com/d7415 - family-names: "Pritts" given-names: "Dan" - family-names: "Wallis" @@ -59,15 +43,9 @@ authors: - family-names: "Visser" given-names: "Dick" website: https://github.com/dnmvisser -- name: dupondje - website: https://github.com/dupondje - family-names: "Sabol" given-names: "Ed" website: https://github.com/esabol -- name: eeertel - website: https://github.com/eeertel -- name: eimamagi - website: https://github.com/eimamagi - family-names: "Ertel" given-names: "Emilian" - family-names: "Apolloner" @@ -75,30 +53,20 @@ authors: website: https://github.com/apollo13 - name: Georg website: https://github.com/gbotti -- name: grizzlydev-sarl - website: https://github.com/grizzlydev-sarl -- name: iasdeoupxe - website: https://github.com/iasdeoupxe - family-names: "Mironov" given-names: "Igor" website: https://github.com/mcs6502 - family-names: "Hablutzel" given-names: "Jaime" website: https://github.com/hablutzel1 -- name: jalbstmeijer - website: https://github.com/jalbstmeijer - name: Jalonet website: https://github.com/jalonet - family-names: "Gonel" given-names: "Javier" - family-names: "Lecour" given-names: "Jérémy" -- name: jf-vf - website: https://github.com/jf-vf - family-names: "Hopp" given-names: "Jim" -- name: jmuecke - website: https://github.com/jmuecke - family-names: "Meurer" given-names: "Jonas" website: https://github.com/mejo- @@ -108,8 +76,6 @@ authors: - family-names: "Thalheim" given-names: "Jörg" website: https://github.com/Mic92 -- name: juckerf - website: https://github.com/juckerf - family-names: "McCormack" given-names: "Kenny" - family-names: "Jahn" @@ -126,17 +92,14 @@ authors: - family-names: "Tribus" given-names: "Lukas" website: https://github.com/lukastribus -- family-names: "Wąsikowski" - given-names: "Łukasz" - website: https://github.com/IdahoPL +- family-names: "Fournier" + given-names: "Marc" - family-names: "Burkhalter" given-names: "Marcel" website: https://github.com/explorer69 - family-names: "Burkhalter" given-names: "Marcel" website: https://github.com/marcel-burkhalter -- family-names: "Fournier" - given-names: "Marc" - family-names: "Rejås" given-names: "Marcus" - family-names: "Ruys" @@ -163,21 +126,21 @@ authors: - family-names: "Lafont" given-names: "Nicolas" website: https://github.com/ManicoW +- name: PSSGCSim + website: https://github.com/PSSGCSim - family-names: "Rochnyak" given-names: "Pavel" website: https://github.com/rpv-tomsk -- name: Peter - website: https://github.com/Peter2121 - family-names: "Newman" given-names: "Peter" website: https://github.com/peternewman +- name: Peter + website: https://github.com/Peter2121 - family-names: "Kueck" given-names: "Philippe" - family-names: "Rupert" given-names: "Pim" website: https://github.com/prupert -- name: PSSGCSim - website: https://github.com/PSSGCSim - family-names: "Thoma" given-names: "Raphael" - family-names: "Bartels" @@ -185,6 +148,8 @@ authors: website: https://github.com/bb-Ricardo - name: Ricardo website: https://github.com/bb-Ricardo +- family-names: "Yamry" + given-names: "Rob" - name: Robin H. Johnson - family-names: "Pronk" given-names: "Robin" @@ -192,8 +157,6 @@ authors: - family-names: "Schneider" given-names: "Robin" website: https://github.com/ypid-geberit -- family-names: "Yamry" - given-names: "Rob" - name: Rolf Eike Beer - family-names: "Nowakowski" given-names: "Ryan" @@ -207,12 +170,8 @@ authors: - family-names: "Shmanko" given-names: "Sergei" website: https://github.com/sshmanko -- name: skanx - website: https://github.com/skanx - name: Slavko website: https://github.com/slavkoja -- name: sokol-44 - website: https://github.com/sokol-44 - family-names: "Schlesinger" given-names: "Stefan" - family-names: "Nierlein" @@ -228,8 +187,6 @@ authors: website: https://github.com/d7031 - name: Tone website: https://github.com/anthonyhaussman -- name: tunnelpr0 - website: https://github.com/tunnelpr0 - family-names: "Haarala" given-names: "Tuomas" - family-names: "Heidelberger" @@ -237,8 +194,6 @@ authors: website: https://github.com/va1entin - name: Vamp898 website: https://github.com/Vamp898 -- name: vanElden - website: https://github.com/vanElden - name: Varac website: https://github.com/varac - family-names: "Szépe" @@ -248,26 +203,71 @@ authors: - family-names: "Horky" given-names: "Vojtech" website: https://github.com/vhotspur -- name: waja - website: https://github.com/waja - name: Wim van Ravesteijn website: https://github.com/wimvr - family-names: "Schricker" given-names: "Wolfgang" -- name: xert - website: https://github.com/xert - family-names: "Gravel" given-names: "Yannick" -- name: yasirathackersdotmu - website: https://github.com/yasirathackersdotmu - name: Zadkiel website: https://github.com/aslafy-z +- name: agibson2 + website: https://github.com/agibson2 +- name: alvar + website: https://github.com/oxzi +- name: barakAtSoluto + website: https://github.com/barakAtSoluto +- name: booboo-at-gluga-de + website: https://github.com/booboo-at-gluga-de +- name: cbiedl + website: https://github.com/cbiedl +- name: chornberger-c2c + website: https://github.com/chornberger-c2c +- name: claudioth + website: https://github.com/claudioth +- name: d7415 + website: https://github.com/d7415 +- name: dupondje + website: https://github.com/dupondje +- name: eeertel + website: https://github.com/eeertel +- name: eimamagi + website: https://github.com/eimamagi +- name: grizzlydev-sarl + website: https://github.com/grizzlydev-sarl +- name: iasdeoupxe + website: https://github.com/iasdeoupxe +- name: jalbstmeijer + website: https://github.com/jalbstmeijer +- name: jf-vf + website: https://github.com/jf-vf +- name: jmuecke + website: https://github.com/jmuecke +- name: juckerf + website: https://github.com/juckerf +- name: skanx + website: https://github.com/skanx +- name: sokol-44 + website: https://github.com/sokol-44 +- name: tunnelpr0 + website: https://github.com/tunnelpr0 +- name: vanElden + website: https://github.com/vanElden +- name: waja + website: https://github.com/waja +- name: xert + website: https://github.com/xert +- name: yasirathackersdotmu + website: https://github.com/yasirathackersdotmu +- family-names: "Wąsikowski" + given-names: "Łukasz" + website: https://github.com/IdahoPL - family-names: "Палаузов" given-names: "Дилян" website: https://github.com/dilyanpalauzov title: "check_ssl_cert" -version: 2.84.5 -date-released: 2024-10-02 +version: 2.85.0 +date-released: 2024-10-15 url: "https://github.com/matteocorti/check_ssl_cert" repository-code: "https://github.com/matteocorti/check_ssl_cert" keywords: diff --git a/ChangeLog b/ChangeLog index e5f6199..2250f70 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2024-10-16 Matteo Corti + + * check_ssl_cert (DEFAULT_REQUIRED_HTTP_HEADERS): removed X-Frame-Options from the list of required headers (is now deprecated) + 2024-10-13 Matteo Corti * check_ssl_cert (parse_command_line_options): fix the validation of --url and --user-agent diff --git a/NEWS.md b/NEWS.md index 2e69f7d..51af5d1 100644 --- a/NEWS.md +++ b/NEWS.md @@ -1,5 +1,7 @@ # News +* 2024-10-15 Version 2.85.0 + * Removed ```X-Frame-Options``` from the list of the required HTTP headers (is now deprecated) * 2024-10-02 Version 2.84.5 * Fixed a in the command line options validation for ```--url``` and ```--user-agent``` * 2024-10-02 Version 2.84.4 diff --git a/README.md b/README.md index 6688bf6..1154905 100644 --- a/README.md +++ b/README.md @@ -232,7 +232,7 @@ Options: certificate CAs --require-dnssec Require DNSSEC --require-http-header header Require the specified HTTP header - (e.g., X-Frame-Options) + (e.g., strict-transport-security) --require-no-http-header header Require the absence of the specified HTTP header (e.g., X-Powered-By) --require-no-ssl2 Critical if SSL version 2 is offered diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index 2f95f5c..8ad1467 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -1 +1 @@ -Fixed a in the command line options validation for ```--url``` and ```--user-agent``` +Removed ```X-Frame-Options``` from the list of the required HTTP headers (is now deprecated) diff --git a/VERSION b/VERSION index c308855..af87173 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.84.5 +2.85.0 diff --git a/check_ssl_cert b/check_ssl_cert index c8559bd..bb6f401 100755 --- a/check_ssl_cert +++ b/check_ssl_cert @@ -26,7 +26,7 @@ ################################################################################ # Constants -VERSION=2.84.5 +VERSION=2.85.0 SHORTNAME="SSL_CERT" # reset possibly set variables @@ -46,7 +46,7 @@ CONFIGURATION_FILE="${HOME}/.check_ssl_certrc" CRITICAL_MSG="" DEBUG=0 DEBUG_FILE="" -DEFAULT_REQUIRED_HTTP_HEADERS="strict-transport-security,X-Frame-Options,Content-Security-Policy,X-Content-Type-Options,Referrer-Policy,Permissions-Policy" +DEFAULT_REQUIRED_HTTP_HEADERS="strict-transport-security,Content-Security-Policy,X-Content-Type-Options,Referrer-Policy,Permissions-Policy" DEFAULT_UNREQUIRED_HTTP_HEADERS="X-Powered-By,X-Aspnet-Version,X-XSS-Protection,X-AspNetMvc-Version" EARLIEST_VALIDITY_HOURS="" HOST_CACHE="${HOME}/.check_ssl_cert-cache" @@ -146,7 +146,7 @@ check_option() { ################################################################################ # Add the specified header to the list of required HTTP headers # Usage: -# add_required_header X-Frame-Options +# add_required_header strict-transport-security add_required_header() { header=$1 debuglog "Adding ${header} to the list of required HTTP headers: ${REQUIRED_HTTP_HEADERS}" @@ -516,7 +516,7 @@ usage() { echo " certificate CAs" echo " --require-dnssec Require DNSSEC" echo " --require-http-header header Require the specified HTTP header" - echo " (e.g., X-Frame-Options)." + echo " (e.g., strict-transport-security)." echo " Can be specified more than once" echo " --require-no-http-header header Require the absence of the specified" echo " HTTP header (e.g., X-Powered-By)" @@ -612,7 +612,8 @@ usage() { echo " Alternative Name" echo " extension" echo " --require-security-header header require the specified HTTP" - echo " security header (e.g., X-Frame-Options)" + echo " security header" + echo " (e.g., strict-transport-security)" echo " (deprecated use --require-http-header)" echo " Can be specified more than once" echo " --require-security-headers Require all the HTTP security headers:" @@ -621,7 +622,6 @@ usage() { echo " Referrer-Policy" echo " strict-transport-security" echo " X-Content-Type-Options" - echo " X-Frame-Options" echo " --require-security-headers-path path the path to be used to fetch HTTP" echo " security headers" echo " --require-x-frame-options [path] Require the presence of the" diff --git a/check_ssl_cert.1 b/check_ssl_cert.1 index 4822fc2..3b04f6b 100644 --- a/check_ssl_cert.1 +++ b/check_ssl_cert.1 @@ -1,7 +1,7 @@ .\" Process this file with .\" groff -man -Tascii check_ssl_cert.1 .\" -.TH "check_ssl_cert" 1 "October, 2024" "2.84.5" "USER COMMANDS" +.TH "check_ssl_cert" 1 "October, 2024" "2.85.0" "USER COMMANDS" .SH NAME check_ssl_cert \- checks the validity of X.509 certificates .SH SYNOPSIS @@ -374,7 +374,7 @@ The server must accept a client certificate. 'list' is an optional comma separat Require DNSSEC .TP .BR " --require-http-header" " header" -Require the specified HTTP header (e.g., X-Frame-Options) +Require the specified HTTP header (e.g., strict-transport-security) .TP .BR " --require-no-http-header" " header" Require the absence of the specified HTTP header (e.g., X-Powered-By) diff --git a/check_ssl_cert.spec b/check_ssl_cert.spec index f027e9a..7908cfa 100644 --- a/check_ssl_cert.spec +++ b/check_ssl_cert.spec @@ -1,4 +1,4 @@ -%global version 2.84.5 +%global version 2.85.0 %global release 0 %global sourcename check_ssl_cert %global packagename nagios-plugins-check_ssl_cert @@ -54,6 +54,9 @@ rm -rf $RPM_BUILD_ROOT %endif %changelog +* Wed Oct 15 2024 Matteo Corti - 2.85.0-0 +- Updated to 2.85.0 + * Sun Oct 13 2024 Matteo Corti - 2.84.5-0 - Updated to 2.84.5 diff --git a/test/integration_tests.sh b/test/integration_tests.sh index 5f64390..381f894 100755 --- a/test/integration_tests.sh +++ b/test/integration_tests.sh @@ -1583,14 +1583,6 @@ testHTTPHeaders() { ${SCRIPT} ${TEST_DEBUG} -H securityheaders.com --ignore-exp --debug-headers } - -testHTTPHeadersOK() { - # shellcheck disable=SC2086 - ${SCRIPT} ${TEST_DEBUG} -H securityheaders.com --ignore-exp --require-security-headers - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" -} - testHTTPHeadersFailed() { # shellcheck disable=SC2086 ${SCRIPT} ${TEST_DEBUG} -H badssl.com --ignore-exp --require-security-headers diff --git a/utils/help.txt b/utils/help.txt index 0ffd7a4..89613e4 100644 --- a/utils/help.txt +++ b/utils/help.txt @@ -151,7 +151,7 @@ --require-client-cert [list];certificate. 'list' is an optional comma --require-client-cert [list];separated list of expected client --require-dnssec;Require DNSSEC ---require-http-header header;(e.g., X-Frame-Options) +--require-http-header header;(e.g., strict-transport-security) --require-http-header header;Require the specified HTTP header --require-no-http-header header;HTTP header (e.g., X-Powered-By) --require-no-http-header header;Require the absence of the specified