From: Peter Palfrader Date: Mon, 22 Feb 2010 09:32:13 +0000 (+0100) Subject: * weak-ssh-keys-check: Check all keys in files in debian key directories X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=d694c4df7b6cb7af2a09b98430729deefb64c69a;p=mirror%2Fdsa-nagios.git * weak-ssh-keys-check: Check all keys in files in debian key directories Check all keys in files in /etc/ssh/userkeys and /var/lib/misc/userkeys, not just the first. (Also doesn't blow up if a file is empty.) --- diff --git a/dsa-nagios-checks/debian/changelog b/dsa-nagios-checks/debian/changelog index aef644d..3a07849 100644 --- a/dsa-nagios-checks/debian/changelog +++ b/dsa-nagios-checks/debian/changelog @@ -24,8 +24,11 @@ dsa-nagios-checks (8x) unstable; urgency=low * add dsa-check-dnssec-delegation. * dsa-check-hpasm: Add --fan-high to not tread high fan speeds as a warning condition. + * weak-ssh-keys-check: Check all keys in files in /etc/ssh/userkeys + and /var/lib/misc/userkeys, not just the first. (Also doesn't + blow up if a file is empty.) - -- Peter Palfrader Sat, 20 Feb 2010 09:44:13 +0100 + -- Peter Palfrader Mon, 22 Feb 2010 10:31:24 +0100 dsa-nagios-checks (84) unstable; urgency=low diff --git a/dsa-nagios-checks/share/weak-ssh-keys-check b/dsa-nagios-checks/share/weak-ssh-keys-check index 7587862..a9bd752 100755 --- a/dsa-nagios-checks/share/weak-ssh-keys-check +++ b/dsa-nagios-checks/share/weak-ssh-keys-check @@ -202,6 +202,7 @@ sub from_ssh_key_file ($) { my $name = shift; if (open (my $FH, '<', $name)) { my $key = <$FH>; + close($FH); if (! defined $key) { $weird_keyfiles++; $text .= "cannot read $name properly - empty?\n"; @@ -336,7 +337,7 @@ sub from_debianorg_places () { for my $file (grep { ! -d $d.'/'.$_ } readdir(D)) { next if ($file eq 'README-DSA-BUILDD'); my $f = $d.'/'.$file; - from_ssh_key_file $f if -r $f; + from_ssh_auth_file $f if -r $f; }; }; }