README
¶
Description
ct_mon monitors Certificate Trasparency logs by specified regexp in CN or SAN, sends mail notifications/stores certificate details in MongoDB.
How to run
$ git clone https://github.com/kyprizel/ct_mon.git ct_mon
$ cd ct_mon
$ vi conf/config.json
$ docker build -t ct_mon .
$ docker run ct_mon
I recommend to setup MongoDB to store the monitoring states and/or certificate matches.
Configuration params
match_subject_regex
**default:**required param
example:"(?i)(yandex\.|yandex-team)"
Regexp to search certificates
notify_persons
default:[]
example:["eldar@kyprizel.net"]
List of emails to notify about new certificates
mongo_uri
**default:**required param
**example:**localhost
MongoDB connection parameters, will be used to store matched certificate entries and monitor state
store_matches
**default:**false
**example:**true
If true - store found certificates in DB
save_state
**default:**30
**example:**600
Number of seconds after which monitor state will be stored to DB
smtp_from
**default:**empty
**example:**user@domain.com
SMTP From value
smtp_host
**default:**empty
**example:**localhost
SMTP host
smtp_user
**default:**empty
**example:**pki@yourdomain.com
SMTP user
smtp_password
**default:**empty
SMTP password
smtp_port
**default:**25 **example:**25
SMTP port
smtp_subject
default:"Certificate Transparency monitor notification"
example:"CT monitor notification"
Mail subject
notify_on_match
**default:**false
**example:**true
If true - persons listed in notify_persons will be notified on every matched certificate
ca_whitelist
default:[]
example:[YandexExternalCA", "GlobalSign Organization Validation CA - G2", "Yandex CA"]
Whitelist of CAs, certificates signed by this CAs will pass the test
start_index
**default:**0
**example:**102780000
CT index to start fetching from, bigger value overrides DB state
rescan_period
**default:**0
**example:**30
Number of seconds to launch a rescan, if not set - daemon will exit on reaching the end of log.
Documentation
¶
There is no documentation for this package.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Godeps
|
|
|
_workspace/src/github.com/google/certificate-transparency/go/asn1
Package asn1 implements parsing of DER-encoded ASN.1 data structures, as defined in ITU-T Rec X.690.
|
Package asn1 implements parsing of DER-encoded ASN.1 data structures, as defined in ITU-T Rec X.690. |
|
_workspace/src/github.com/google/certificate-transparency/go/client
Package client is a CT log client implementation and contains types and code for interacting with RFC6962-compliant CT Log instances.
|
Package client is a CT log client implementation and contains types and code for interacting with RFC6962-compliant CT Log instances. |
|
_workspace/src/github.com/google/certificate-transparency/go/x509
Package x509 parses X.509-encoded keys and certificates.
|
Package x509 parses X.509-encoded keys and certificates. |
|
_workspace/src/github.com/google/certificate-transparency/go/x509/pkix
Package pkix contains shared, low level structures used for ASN.1 parsing and serialization of X.509 certificates, CRL and OCSP.
|
Package pkix contains shared, low level structures used for ASN.1 parsing and serialization of X.509 certificates, CRL and OCSP. |
|
_workspace/src/github.com/mreiferson/go-httpclient
Provides an HTTP Transport that implements the `RoundTripper` interface and can be used as a built in replacement for the standard library's, providing: * connection timeouts * request timeouts This is a thin wrapper around `http.Transport` that sets dial timeouts and uses Go's internal timer scheduler to call the Go 1.1+ `CancelRequest()` API.
|
Provides an HTTP Transport that implements the `RoundTripper` interface and can be used as a built in replacement for the standard library's, providing: * connection timeouts * request timeouts This is a thin wrapper around `http.Transport` that sets dial timeouts and uses Go's internal timer scheduler to call the Go 1.1+ `CancelRequest()` API. |
|
_workspace/src/golang.org/x/net/context
Package context defines the Context type, which carries deadlines, cancelation signals, and other request-scoped values across API boundaries and between processes.
|
Package context defines the Context type, which carries deadlines, cancelation signals, and other request-scoped values across API boundaries and between processes. |
|
_workspace/src/golang.org/x/net/context/ctxhttp
Package ctxhttp provides helper functions for performing context-aware HTTP requests.
|
Package ctxhttp provides helper functions for performing context-aware HTTP requests. |
|
_workspace/src/gopkg.in/mgo.v2
Package mgo offers a rich MongoDB driver for Go.
|
Package mgo offers a rich MongoDB driver for Go. |
|
_workspace/src/gopkg.in/mgo.v2/bson
Package bson is an implementation of the BSON specification for Go: http://bsonspec.org It was created as part of the mgo MongoDB driver for Go, but is standalone and may be used on its own without the driver.
|
Package bson is an implementation of the BSON specification for Go: http://bsonspec.org It was created as part of the mgo MongoDB driver for Go, but is standalone and may be used on its own without the driver. |
|
_workspace/src/gopkg.in/mgo.v2/internal/scram
Pacakage scram implements a SCRAM-{SHA-1,etc} client per RFC5802.
|
Pacakage scram implements a SCRAM-{SHA-1,etc} client per RFC5802. |
|
_workspace/src/gopkg.in/mgo.v2/testserver
WARNING: This package was replaced by mgo.v2/dbtest.
|
WARNING: This package was replaced by mgo.v2/dbtest. |
|
_workspace/src/gopkg.in/mgo.v2/txn
The txn package implements support for multi-document transactions.
|
The txn package implements support for multi-document transactions. |
|
pkg
|
|