UNIX/Linux Verify Certificate Signature Task

Microsoft.Unix.Check.Certificate.Signature (Task)

This Task is used to display the Signature algorithm of the agent's signed certificate. This can be helpful in identifying SHA1 certificates that require an update.

Element properties:

Target	Microsoft.Unix.Computer
Accessibility	Internal
Category	Custom
Enabled	True
Remotable	False
Timeout	12000

Member Modules:

ID	Module Type	TypeId	RunAs
PA	ProbeAction	Microsoft.Unix.WSMan.Invoke.VarPriv.ProbeAction	Default

Source Code:

<Task ID="Microsoft.Unix.Check.Certificate.Signature" Accessibility="Internal" Enabled="true" Target="Microsoft.Unix.Computer" Timeout="12000" Remotable="true">

  <Category>Custom</Category>

  <ProbeAction ID="PA" TypeID="Microsoft.Unix.WSMan.Invoke.VarPriv.ProbeAction">

    <TargetSystem>$Target/Property[Type="Microsoft.Unix.Computer"]/NetworkName$</TargetSystem>

    <UserName>$RunAs[Name="Microsoft.Unix.PrivilegedAccount"]/UserName$</UserName>

    <Password>$RunAs[Name="Microsoft.Unix.PrivilegedAccount"]/Password$</Password>

    <Uri>http://schemas.microsoft.com/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem?__cimnamespace=root/scx</Uri>

    <Selector/>

    <InvokeAction>ExecuteShellCommand</InvokeAction>

    <Input>&lt;p:ExecuteShellCommand_INPUT xmlns:p="http://schemas.microsoft.com/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem"&gt;&lt;p:command&gt;openssl x509 -noout -text -in /etc/opt/microsoft/scx/ssl/scx.pem | grep 'Signature Algorithm'&lt;/p:command&gt;&lt;p:timeout&gt;120&lt;/p:timeout&gt;&lt;/p:ExecuteShellCommand_INPUT&gt;</Input>

    <TimeOutInMS>12000</TimeOutInMS>

  </ProbeAction>

</Task>