X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=dsa-nagios-checks%2Fshare%2Fweak-ssh-keys-check;h=d6d4f8c67bfe693d02e4fc770b5cdb8c5cda9c5e;hb=dada4218cea097e1007089fd24041d3bc4d35e43;hp=7587862b0c5765dbdb8bf8ac41010261ede0d39f;hpb=c3212c3f62d849d3de462cfed6f0c9aaa6d1e9d9;p=mirror%2Fdsa-nagios.git

diff --git a/dsa-nagios-checks/share/weak-ssh-keys-check b/dsa-nagios-checks/share/weak-ssh-keys-check
index 7587862..d6d4f8c 100755
--- a/dsa-nagios-checks/share/weak-ssh-keys-check
+++ b/dsa-nagios-checks/share/weak-ssh-keys-check
@@ -202,6 +202,7 @@ sub from_ssh_key_file ($) {
     my $name = shift;
     if (open (my $FH, '<', $name)) {
 	my $key = <$FH>; 
+	close($FH);
 	if (! defined $key) {
 		$weird_keyfiles++;
 		$text .= "cannot read $name properly - empty?\n";
@@ -308,23 +309,26 @@ sub from_debianorg_places () {
 
     my @ak = grep { /^AuthorizedKeysFile\s/i } @lines;
     my @ak2 = grep { /^AuthorizedKeysFile2\s/i } @lines;
+    my @ak_files;
 
-    if (scalar @ak != 1) {
-	print $fh "UNKNOWN\n";
-	print $fh "There is more than one AuthorizedKeysFile definition in sshd_config\n";
-	exit
+    for my $line ((@ak, @ak2)) {
+	    my @file_locations = split /\s+/, $line;
+	    shift @file_locations;
+	    push @ak_files, @file_locations;
     }
-    if (scalar @ak2 != 1) {
+
+    if (scalar @ak_files != 2) {
 	print $fh "UNKNOWN\n";
-	print $fh "There is more than one AuthorizedKeysFile2 definition in sshd_config\n";
+	print $fh "There should be two locations for User AuthorizedKeysFile defined in sshd_config\n";
 	exit
     }
-    unless ($ak[0] =~ m#^((?i)AuthorizedKeysFile)\s+/etc/ssh/userkeys/%u$# ) {
+
+    unless (grep { m#^/etc/ssh/userkeys/%u$# } @ak_files) {
 	print $fh "UNKNOWN\n";
 	print $fh "The AuthorizedKeysFile definition has an unexpected value.  Should be /etc/ssh/userkeys/%u\n";
 	exit
     }
-    unless ($ak2[0] =~ m#^((?i)AuthorizedKeysFile2)\s+/var/lib/misc/userkeys/%u$# ) {
+    unless (grep { m#^/var/lib/misc/userkeys/%u$# } @ak_files) {
 	print $fh "UNKNOWN\n";
 	print $fh "The AuthorizedKeysFile2 definition has an unexpected value.  Should be /var/lib/misc/userkeys/%u\n";
 	exit
@@ -336,7 +340,7 @@ sub from_debianorg_places () {
 	for my $file (grep { ! -d $d.'/'.$_ } readdir(D)) {
 	    next if ($file eq 'README-DSA-BUILDD');
 	    my $f = $d.'/'.$file;
-	    from_ssh_key_file $f if -r $f;
+	    from_ssh_auth_file $f if -r $f;
 	};
     };
 }