Skip to content
master
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
cmd
 
 
 
 
 
 
pkg
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

README.markdown

Description

ct_mon monitors Certificate Trasparency logs by specified regexp in CN or SAN, sends mail notifications/stores certificate details in MongoDB.

How to run

$ git clone https://github.com/kyprizel/ct_mon.git ct_mon

$ cd ct_mon

$ vi conf/config.json

$ docker build -t ct_mon .

$ docker run ct_mon

I recommend to setup MongoDB to store the monitoring states and/or certificate matches.

Configuration params

match_subject_regex

**default:**required param

example:"(?i)(yandex\.|yandex-team)"

Regexp to search certificates

notify_persons

default:[]

example:["eldar@kyprizel.net"]

List of emails to notify about new certificates

mongo_uri

**default:**required param

**example:**localhost

MongoDB connection parameters, will be used to store matched certificate entries and monitor state

store_matches

**default:**false

**example:**true

If true - store found certificates in DB

save_state

**default:**30

**example:**600

Number of seconds after which monitor state will be stored to DB

smtp_from

**default:**empty

**example:**user@domain.com

SMTP From value

smtp_host

**default:**empty

**example:**localhost

SMTP host

smtp_user

**default:**empty

**example:**pki@yourdomain.com

SMTP user

smtp_password

**default:**empty

SMTP password

smtp_port

**default:**25 **example:**25

SMTP port

smtp_subject

default:"Certificate Transparency monitor notification"

example:"CT monitor notification"

Mail subject

notify_on_match

**default:**false

**example:**true

If true - persons listed in notify_persons will be notified on every matched certificate

ca_whitelist

default:[]

example:[YandexExternalCA", "GlobalSign Organization Validation CA - G2", "Yandex CA"]

Whitelist of CAs, certificates signed by this CAs will pass the test

start_index

**default:**0

**example:**102780000

CT index to start fetching from, bigger value overrides DB state

rescan_period

**default:**0

**example:**30

Number of seconds to launch a rescan, if not set - daemon will exit on reaching the end of log.

About

Certificate Transparency monitor with notifications

Topics

Resources

License

Releases

No releases published
You can’t perform that action at this time.