X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=dsa-nagios-checks%2Fshare%2Fweak-ssh-keys-check;h=d6d4f8c67bfe693d02e4fc770b5cdb8c5cda9c5e;hb=97b1b99a844673cf616566005f2edc0832451910;hp=e35a8a10c96e5f2b069a3b8ad58d88b7d4b02cdf;hpb=42e99da9d896a33803e763c746e9a103183b6b34;p=mirror%2Fdsa-nagios.git

diff --git a/dsa-nagios-checks/share/weak-ssh-keys-check b/dsa-nagios-checks/share/weak-ssh-keys-check
index e35a8a1..d6d4f8c 100755
--- a/dsa-nagios-checks/share/weak-ssh-keys-check
+++ b/dsa-nagios-checks/share/weak-ssh-keys-check
@@ -92,11 +92,13 @@ use IPC::Open3;
 my $fprdb_fname = "/var/lib/dsa/ssh-weak-keys.db" ;
 my ($outfile, $help);
 my $dsa_nowarn = 0;
+my $debian_org = 1;
 
 GetOptions(     'help|h' => \$help, #Help function
 		'statusfile|s=s' => \$outfile, 
 		'fprdb|f=s' => \$fprdb_fname,
-		'n|dsa_nowarn' => \$dsa_nowarn,  
+		'n|dsa_nowarn' => \$dsa_nowarn,
+		'd|debian-org!' => \$debian_org,
 );
 
 pod2usage(1) if $help;
@@ -123,9 +125,11 @@ my $text = '';
 my %key_sizes;
 
 
-
-#&from_user_all;
-&from_debianorg_places;
+if ($debian_org) {
+	&from_debianorg_places;
+} else {
+	&from_user_all;
+}
 &from_ssh_host(qw(localhost));
 
 my $status="OK";
@@ -198,6 +202,7 @@ sub from_ssh_key_file ($) {
     my $name = shift;
     if (open (my $FH, '<', $name)) {
 	my $key = <$FH>; 
+	close($FH);
 	if (! defined $key) {
 		$weird_keyfiles++;
 		$text .= "cannot read $name properly - empty?\n";
@@ -304,23 +309,26 @@ sub from_debianorg_places () {
 
     my @ak = grep { /^AuthorizedKeysFile\s/i } @lines;
     my @ak2 = grep { /^AuthorizedKeysFile2\s/i } @lines;
+    my @ak_files;
 
-    if (scalar @ak != 1) {
-	print $fh "UNKNOWN\n";
-	print $fh "There is more than one AuthorizedKeysFile definition in sshd_config\n";
-	exit
+    for my $line ((@ak, @ak2)) {
+	    my @file_locations = split /\s+/, $line;
+	    shift @file_locations;
+	    push @ak_files, @file_locations;
     }
-    if (scalar @ak2 != 1) {
+
+    if (scalar @ak_files != 2) {
 	print $fh "UNKNOWN\n";
-	print $fh "There is more than one AuthorizedKeysFile2 definition in sshd_config\n";
+	print $fh "There should be two locations for User AuthorizedKeysFile defined in sshd_config\n";
 	exit
     }
-    unless ($ak[0] =~ m#^((?i)AuthorizedKeysFile)\s+/etc/ssh/userkeys/%u$# ) {
+
+    unless (grep { m#^/etc/ssh/userkeys/%u$# } @ak_files) {
 	print $fh "UNKNOWN\n";
 	print $fh "The AuthorizedKeysFile definition has an unexpected value.  Should be /etc/ssh/userkeys/%u\n";
 	exit
     }
-    unless ($ak2[0] =~ m#^((?i)AuthorizedKeysFile2)\s+/var/lib/misc/userkeys/%u$# ) {
+    unless (grep { m#^/var/lib/misc/userkeys/%u$# } @ak_files) {
 	print $fh "UNKNOWN\n";
 	print $fh "The AuthorizedKeysFile2 definition has an unexpected value.  Should be /var/lib/misc/userkeys/%u\n";
 	exit
@@ -332,7 +340,7 @@ sub from_debianorg_places () {
 	for my $file (grep { ! -d $d.'/'.$_ } readdir(D)) {
 	    next if ($file eq 'README-DSA-BUILDD');
 	    my $f = $d.'/'.$file;
-	    from_ssh_key_file $f if -r $f;
+	    from_ssh_auth_file $f if -r $f;
 	};
     };
 }