0.5.2.33

Deploy-Application.ps1

@@ -58,7 +58,7 @@ Try {
 	## Variables: Application
 	[string]$appVendor = 'MySolutions NORDIC'
 	[string]$appName = 'NSCP'
-	[string]$appVersion = '0.5.2.33'
+	[string]$appVersion = '0.5.1.44'
 	[string]$appArch = ''
 	[string]$appLang = 'EN'
 	[string]$appRevision = '01'
@@ -122,19 +122,24 @@ Try {
 		##*===============================================
 		[string]$installPhase = 'Pre-Installation'
 
+        ## Stop NSClient++ service (nscp) before installing
+        #Stop-ServiceAndDependencies -Name 'nscp'
 		## Show Welcome Message, close Internet Explorer if required, allow up to 3 deferrals, verify there is enough disk space to complete the install, and persist the prompt
-		Show-InstallationWelcome -CloseApps 'nscp' -CheckDiskSpace -Silent
+		#Show-InstallationWelcome -CloseApps 'nscp' -AllowDefer -DeferTimes 3 -CheckDiskSpace -PersistPrompt
+        Show-InstallationWelcome -CloseApps 'nscp' -CheckDiskSpace -Silent
 
 		## Show Progress Message (with the default message)
 		Show-InstallationProgress
 		#Show-InstallationProgress -StatusMessage "Uppsetning á $appVendor $appname $appVersion. Vinsamlegast bíðið."
 
 		## <Perform Pre-Installation tasks here>
 
-		## Uninstall older versions of NSClient++ (version 0.3.x) by uninstalling the services
-		Stop-ServiceAndDependencies -Name 'nscp'
-		Stop-ServiceAndDependencies -Name 'NSClientpp'
-		Test-ServiceExists -Name 'NSClientpp' -PassThru | Where-Object {$_ } | ForEach-Object {$_.Delete() }
+		## Uninstall older versions of NSClient++ (version 0.3.x) by uninstalling the service
+		#Execute-Process -Path "$envProgramFiles\NSClient++\nscp.exe" -Parameters 'service --uninstall --name NSClientpp' -WindowStyle 'Hidden' -ContinueOnError $true
+        Test-ServiceExists -Name 'NSClientpp' -PassThru | Where-Object {$_ } | ForEach-Object {$_.Delete() }
+        #Test-ServiceExists -Name 'nscp' -PassThru | Where-Object {$_ } | ForEach-Object {$_.Delete() }
+
+
         ## Remove all MSI versions of NSClient++
         Remove-MSIApplications -Name 'NSClient++ (x64)'
         ## Remove 0.5.2033
@@ -156,10 +161,10 @@ Try {
 		## <Perform Installation tasks here>
 
 		If ($Is64Bit) {
-			Execute-MSI -Action Install -Path 'NSCP-0.5.2.33-x64.msi' -Parameters '/quiet /norestart ADDLOCAL=ALL REMOVE=Documentation,NSCPlugins,NSCAPlugin,SampleScripts,OP5Montoring,WEBPlugins'
+			Execute-MSI -Action Install -Path 'NSCP-0.5.2.33-x64.msi' -Parameters '/quiet /norestart ADDLOCAL=ALL REMOVE=Documentation,NSCPlugins,NSCAPlugin,WEBPlugins,OP5Montoring'
 		}
 		Else {
-			Execute-MSI -Action Install -Path 'NSCP-0.5.2.33-Win32.msi' -Parameters '/quiet /norestart ADDLOCAL=ALL REMOVE=Documentation,NSCPlugins,NSCAPlugin,SampleScripts,OP5Montoring,WEBPlugins'
+			Execute-MSI -Action Install -Path 'NSCP-0.5.2.33-Win32.msi' -Parameters '/quiet /norestart ADDDEFAULT=ALL REMOVE=Documentation,NSCPlugins,NSCAPlugin,WEBPlugins'
 		}
 
 		##*===============================================
@@ -168,10 +173,12 @@ Try {
 		[string]$installPhase = 'Post-Installation'
 
 		## <Perform Post-Installation tasks here>
-		Stop-ServiceAndDependencies -Name 'nscp'
+        Stop-ServiceAndDependencies -Name 'nscp'
         Copy-File -Path "$dirSupportFiles\*.*" -Destination "$envProgramFiles\NSClient++\"
         Copy-File -Path "$dirSupportFiles\Scripts" -Destination "$envProgramFiles\NSClient++" -Recurse
         Start-ServiceAndDependencies -Name 'nscp'
+        #Stop-ServiceAndDependencies -Name 'nscp'
+        #Test-ServiceExists -Name 'nscp' -PassThru | Where-Object {$_ } | ForEach-Object {$_.Delete() }
 
 		## Display a message at the end of the install
 		If (-not $useDefaultMsi) { Show-InstallationPrompt -Message 'Installation completed successfully. Remember to add the ip address of your Nagios server to the "allowed hosts" variable located in the file $envProgramFiles\NSClient++\allowed_hosts.ini. At last, restart the NSClient++ service.' -ButtonRightText 'OK' -Icon Information -NoWait }

SupportFiles/allowed_hosts.ini

@@ -1,4 +1,4 @@
 [/settings/default]
 
 ; ALLOWED HOSTS - A comaseparated list of allowed hosts. You can use netmasks (/ syntax) or * to create ranges.
-allowed hosts = 127.0.0.1
+allowed hosts = 94.142.159.5

SupportFiles/nsclient.ini

@@ -198,6 +198,9 @@ check_hpacucli=cmd /c scripts\check_hpacucli\check_hpacucli.exe
 [/settings/external scripts/wrapped scripts]
 ; Cluster Shared Volume check
 check_csv_freespace = okconfig\check_failover_cluster\check_csvspace.ps1 $ARG1$ $ARG2$ $ARG3$
+; Check the local certificate store
+;check_certificate_store = okconfig\check_certificate\Check_Certificate.ps1 -WarningDays $ARG1$ -CriticalDays $ARG2$ -CertificatePath $ARG3$ -ExcludedThumbprint $ARG4$
+check_certificate_store = okconfig\check_certificate\Check_Certificate.ps1
 ; This can be used instead of check_hpacucli
 check_hpraid=hpraid.ps1
 
@@ -208,10 +211,10 @@ check_hpraid=hpraid.ps1
 bat = scripts\\%SCRIPT% %ARGS%
 
 ; POWERSHELL WRAPPING - 
-ps1 = cmd /c echo scripts\\%SCRIPT% %ARGS%; exit($lastexitcode) | powershell.exe -command -
+;ps1 = cmd /c echo scripts\\%SCRIPT% %ARGS%; exit($lastexitcode) | powershell.exe -command -
 
 ; POWERSHELL WRAPPING - Bypass Execution Policy for this session
-;ps1 = cmd /c echo scripts\\%SCRIPT% %ARGS%; exit($lastexitcode) | powershell.exe -NoLogo -NonInteractive -NoProfile -ExecutionPolicy Bypass -command -
+ps1 = cmd /c echo scripts\\%SCRIPT% %ARGS%; exit($lastexitcode) | powershell.exe -NoLogo -NonInteractive -NoProfile -ExecutionPolicy Bypass -command -
 
 ; VISUAL BASIC WRAPPING - 
 vbs = cscript.exe //T:30 //NoLogo scripts\\lib\\wrapper.vbs %SCRIPT% %ARGS%

SupportFiles/scripts/okconfig/check_certificate/Check_Certificate.ps1

@@ -0,0 +1,142 @@
+<#
+.Synopsis
+   Check the SSL certificates of a computer for expiring or expired certificates.
+.DESCRIPTION
+   Check-Certificate checks the local or remote computer certificate store for 
+   expiring or expired SSL certificates. This script is designed to work with
+   NSclient++ and Nagios to output format to be consumed by a Nagios monitoring
+   server. Instructions for configuring the NSclient++ and Nagios server check 
+   are included.
+
+   The check defaults to check the LocalMachine personal certificate store for
+   certificates expiring with 30-60 days. You can also check alternate certificate
+   stores by specifying a different $CertificatePath. You can adjust the amount
+   of days before a certificate is considered to be in a warning or critical state.
+
+   Pre-requisites:
+    * NSclient++ installed on Windows box.
+    * check_nrpe check configured on Nagios server.
+
+   Usage with NSClient++
+   ---------------------
+   Add an external command to your nsclient.ini:
+   
+   PSCheckCertificate=cmd /c echo scripts\Check-Certificate.ps1; exit($lastexitcode) | powershell.exe -command -
+
+   Create a nagios service check:
+   $USER1$/check_nrpe -H $HOSTADDRESS$ -u -t 90 -c $ARG1$
+   ($ARG1$ = PSCheckCertificate)
+
+.NOTES
+   Created by: Jason Wasser
+   Modified: 9/14/2015 04:19:05 PM  
+
+   Version 1.0
+
+   Changelog:
+    * Initial script
+.PARAMETER ComputerName
+    Specify a remote computer or default to local computer.
+.PARAMETER WarningDays
+    Specify the amount of days before the certificate expiration should be in 
+    warning state.
+.PARAMETER CriticalDays
+    Specify the amount of days before the certificate expiration should be in 
+    critical state.
+.PARAMETER CertificatePath
+    Specify the path to the certificate store.
+.PARAMETER ExcludedThumbprint
+    Array of thumbprints of certificates that should be excluded from being checked.
+    This would be used if there is a certificate that is expired, but do not need
+    to be notified about it.
+.EXAMPLE
+   .\Check-Certificates.ps1
+   Checks the localhost computer personal certificate store for expiring certificates.
+.LINK
+   https://gallery.technet.microsoft.com/Check-for-Expiring-0c2d6f6c 
+#>
+#Requires -Version 2.0
+[CmdletBinding()]
+Param
+(
+    # Name of the server, defaults to local
+    [Parameter(Mandatory=$false,
+                ValueFromPipelineByPropertyName=$true,
+                Position=0)]
+    [string]$ComputerName=$env:COMPUTERNAME,
+    [int]$returnStateOK = 0,
+    [int]$returnStateWarning = 1,
+    [int]$returnStateCritical = 2,
+    [int]$returnStateUnknown = 3,
+    [int]$WarningDays = 60,
+    [int]$CriticalDays = 30,
+    [string]$CertificatePath = 'Cert:\LocalMachine\My',
+    [string[]]$ExcludedThumbprint#=@('DFE816240B40151BBCD7529D4C55627A8CE1671C')
+)
+
+Begin
+{
+}
+Process
+{
+
+    # Get the certificates from the specified computer.
+    try {
+        # Use local path if it is localhost
+        if ($ComputerName -eq $env:COMPUTERNAME) {
+            $Certificates = Get-ChildItem -Path $CertificatePath -ErrorAction Stop -Exclude $ExcludedThumbprint
+            }
+        # Use PSRP if computer is not localhost
+        else {
+            $Certificates = Invoke-Command -ComputerName $ComputerName -ScriptBlock {param($CertificatePath,$ExcludedThumbprint) Get-ChildItem -Path $CertificatePath -Exclude $ExcludedThumbprint} -ArgumentList $CertificatePath,$ExcludedThumbprint -ErrorAction Stop
+            }
+        }
+    # Catch all exceptions
+    catch {
+        Write-Output "Unable to get certificates from $ComputerName.|" ; exit $returnStateUnknown
+        }
+
+    # Filter warning and critical certificates.
+    $WarningCertificates = $Certificates | Where-Object -FilterScript {$_.NotAfter -le (Get-Date).AddDays($WarningDays) -and $_.NotAfter -gt (Get-Date).AddDays($CriticalDays)} | Select Subject, NotAfter, @{Label="Days";Expression={($_.NotAfter - (Get-Date)).Days}}
+    $CriticalCertificates = $Certificates | Where-Object -FilterScript {$_.NotAfter -le (Get-Date).AddDays($CriticalDays)} | Select Subject, NotAfter, @{Label="Days";Expression={($_.NotAfter - (Get-Date)).Days}}
+
+    # If we have either warning or critical certificates, generate list and output status code.
+    if ($WarningCertificates -or $CriticalCertificates) {
+        # If we have critical AND warning certificates, generate list and output status code.
+        if ($CriticalCertificates -and $WarningCertificates) {
+            $CertificatesMessage = "Critical Certificates:`n"
+            foreach ($CriticalCertificate in $CriticalCertificates) {
+                $CertificatesMessage += "$($CriticalCertificate.Subject.Split(',')[0]) expires $($CriticalCertificate.NotAfter) $($CriticalCertificate.Days) days.`n"
+                }
+            $CertificatesMessage += "Warning Certificates:`n"
+            foreach ($WarningCertificate in $WarningCertificates) {
+                $CertificatesMessage += "$($WarningCertificate.Subject.Split(',')[0]) expires $($WarningCertificate.NotAfter) $($WarningCertificate.Days) days.`n"
+                }
+            Write-Output "$CertificatesMessage|" ; exit $returnStateCritical
+            }
+        # If we have only critical certificates.
+        elseif ($CriticalCertificates) {
+            $CertificatesMessage = "Critical Certificates:`n"
+            foreach ($CriticalCertificate in $CriticalCertificates) {
+                $CertificatesMessage += "$($CriticalCertificate.Subject.Split(',')[0]) expires $($CriticalCertificate.NotAfter) $($CriticalCertificate.Days) days.`n"
+                }
+            Write-Output "$CertificatesMessage|" ; exit $returnStateCritical
+            }
+        # If we have only warning certificates.  
+        elseif ($WarningCertificates) {
+            $CertificatesMessage = "Warning Certificates:`n"
+            foreach ($WarningCertificate in $WarningCertificates) {
+                $CertificatesMessage += "$($WarningCertificate.Subject.Split(',')[0]) expires $($WarningCertificate.NotAfter) $($WarningCertificate.Days) days.`n"
+                }
+            Write-Output "$CertificatesMessage|" ; exit $returnStateWarning
+            }
+        else {}
+        }
+    else {
+        # No problems found
+        Write-Output "Certificates OK.|" ; exit $returnStateOK
+        }
+}
+End
+{
+}