A bash script that can be used with Nagios/Icinga2 to monitor the expiration date of a security.txt file located at a specified URL.


./ -u  -w  -c 
  • -u or --url: URL of the security.txt file to be monitored (not including the path to the file. the file is expected to be at /.well-known/security.txt according to RFC 9116).
  • -w or --warning: Number of days after which a WARNING message will be displayed.
  • -c or --critical: Number of days after which a CRITICAL message will be displayed.


./ -u -w 7 -c 3


The script outputs one of the following messages based on the expiration date of the security.txt file:

* OK: The security.txt expires more than warning_days away.
* WARNING: The security.txt expires within warning_days.
* CRITICAL: The security.txt expires within critical_days.

The script also produces exit codes that correspond with the Nagios/Icinga2 states.

Example configuration in Icinga2

object CheckCommand "check_securitytxt" {
  command = [ PluginDir + "/" ]

  arguments = {
    "-u" = "$security_txt_url$"
    "-w" = "$security_txt_warning_days$"
    "-c" = "$security_txt_critical_days$"

apply Service "security.txt" {
  check_command = "check_securitytxt"

  vars.security_txt_url = ""
  vars.security_txt_warning_days = 14
  vars.security_txt_critical_days = 7

  assign where = ""