Add dsa-check-unbound-anchors

[mirror/dsa-nagios.git] / dsa-nagios-checks / checks / dsa-check-unbound-anchors

diff --git a/dsa-nagios-checks/checks/dsa-check-unbound-anchors b/dsa-nagios-checks/checks/dsa-check-unbound-anchors
new file mode 100755 (executable)
index 0000000..5c83fcc
--- /dev/null
+++ b/dsa-nagios-checks/checks/dsa-check-unbound-anchors
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+set -e
+set -u
+
+not_valid=""
+for key in $(find /var/lib/unbound -type f) ; do
+       if ! grep -v '^;' "$key" | grep -q '\[  VALID  \]'; then
+               not_valid="$not_valid $(basename "$key" .key)"
+       fi
+done
+if [ -n "$not_valid" ]; then
+       echo "Warning: no valid trust anchors found for$not_valid."
+       exit 1
+fi
+
+old_anchors=$(find /var/lib/unbound -type f -mtime +5)
+if [ -n "$old_anchors" ]; then
+       echo "Warning: Some keys are old: $old_anchors."
+       exit 1
+fi
+
+
+echo "OK: All keys in /var/lib/unbound recent and valid"
+exit 0