Skip to content

Hsn723/ct-monitor

Repository files navigation

ct-monitor

GoDoc Go Report Card GitHub tag (latest SemVer)

Queries Cert Spotter for new certificate issuances. When new certificate issuances are found, an email report is sent. Currently supported email providers: SendGrid, Amazon SES, SMTP.

Usage

Usage:
  ct-monitor [flags]

Flags:
  -c, --config string     path to configuration file (default "/etc/ct-monitor/config.toml")
  -h, --help              help for ct-monitor

Plugins

Custom plugins can be specified to filter issuances or perform any extra work with the issuances detected. For instance, you may want to get certificate issuances for example.com including wildcard and subdomains, but ignore issuances for the dev.example.com subdomain only. Better yet, you can use plugins to implement your own mailer or send notifications to Slack instead of using the built-in mailer.

A plugin simply needs to implement the IssuanceFilter interface via net/rpc.

For instance, this plugin simply prints out the number of issuances and otherwise does not modify the slice of Issuance objects.

package main

import (
	"github.com/Hsn723/certspotter-client/api"
	"github.com/Hsn723/ct-monitor/filter"
	"github.com/cybozu-go/log"
	"github.com/hashicorp/go-plugin"
)

type sampleFilter struct{}

func (sampleFilter) Filter(is []api.Issuance) ([]api.Issuance, error) {
	_ = log.Info("running sample filter", map[string]interface{}{
		"issuances": len(is),
	})
	return is, nil
}

func main() {
	plugin.Serve(&plugin.ServeConfig{
		HandshakeConfig: filter.HandshakeConfig,
		Plugins: map[string]plugin.Plugin{
			filter.PluginKey: &filter.IssuanceFilterPlugin{Impl: &sampleFilter{}},
		},
	})
}

For more detailed examples, refer to the documentation of HashiCorp's go-plugin.

Example config

[alert_config]
    mailer_config = "sendgrid"

[sendgrid]
    from = "[email protected]"
    to = "[email protected]"
    apiKey = "your-api-key"

[position_config]
    filename = "/var/log/ct-monitor/positions.toml"

For more details, check the documentation.