From 23ed0c7a02343a0bfe90436fd465288e0f4b5055 Mon Sep 17 00:00:00 2001 From: Stephen Gran Date: Tue, 11 Oct 2011 20:20:19 +0100 Subject: [PATCH] We need to look for two locations, not two directives Of course, the various versions of sshd take these two locations in different ways, but I'm not making skynet just yet. Signed-off-by: Stephen Gran --- dsa-nagios-checks/share/weak-ssh-keys-check | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/dsa-nagios-checks/share/weak-ssh-keys-check b/dsa-nagios-checks/share/weak-ssh-keys-check index a9bd752..d6d4f8c 100755 --- a/dsa-nagios-checks/share/weak-ssh-keys-check +++ b/dsa-nagios-checks/share/weak-ssh-keys-check @@ -309,23 +309,26 @@ sub from_debianorg_places () { my @ak = grep { /^AuthorizedKeysFile\s/i } @lines; my @ak2 = grep { /^AuthorizedKeysFile2\s/i } @lines; + my @ak_files; - if (scalar @ak != 1) { - print $fh "UNKNOWN\n"; - print $fh "There is more than one AuthorizedKeysFile definition in sshd_config\n"; - exit + for my $line ((@ak, @ak2)) { + my @file_locations = split /\s+/, $line; + shift @file_locations; + push @ak_files, @file_locations; } - if (scalar @ak2 != 1) { + + if (scalar @ak_files != 2) { print $fh "UNKNOWN\n"; - print $fh "There is more than one AuthorizedKeysFile2 definition in sshd_config\n"; + print $fh "There should be two locations for User AuthorizedKeysFile defined in sshd_config\n"; exit } - unless ($ak[0] =~ m#^((?i)AuthorizedKeysFile)\s+/etc/ssh/userkeys/%u$# ) { + + unless (grep { m#^/etc/ssh/userkeys/%u$# } @ak_files) { print $fh "UNKNOWN\n"; print $fh "The AuthorizedKeysFile definition has an unexpected value. Should be /etc/ssh/userkeys/%u\n"; exit } - unless ($ak2[0] =~ m#^((?i)AuthorizedKeysFile2)\s+/var/lib/misc/userkeys/%u$# ) { + unless (grep { m#^/var/lib/misc/userkeys/%u$# } @ak_files) { print $fh "UNKNOWN\n"; print $fh "The AuthorizedKeysFile2 definition has an unexpected value. Should be /var/lib/misc/userkeys/%u\n"; exit -- 2.20.1