We need to look for two locations, not two directives

Of course, the various versions of sshd take these two locations in
different ways, but I'm not making skynet just yet.
Signed-off-by: Stephen Gran <steve@lobefin.net>

diff --git a/dsa-nagios-checks/share/weak-ssh-keys-check b/dsa-nagios-checks/share/weak-ssh-keys-check
index a9bd752..d6d4f8c 100755 (executable)
--- a/dsa-nagios-checks/share/weak-ssh-keys-check
+++ b/dsa-nagios-checks/share/weak-ssh-keys-check
@@ -309,23 +309,26 @@ sub from_debianorg_places () {
 
     my @ak = grep { /^AuthorizedKeysFile\s/i } @lines;
     my @ak2 = grep { /^AuthorizedKeysFile2\s/i } @lines;
+    my @ak_files;
 
-    if (scalar @ak != 1) {
-       print $fh "UNKNOWN\n";
-       print $fh "There is more than one AuthorizedKeysFile definition in sshd_config\n";
-       exit
+    for my $line ((@ak, @ak2)) {
+           my @file_locations = split /\s+/, $line;
+           shift @file_locations;
+           push @ak_files, @file_locations;
     }
-    if (scalar @ak2 != 1) {
+
+    if (scalar @ak_files != 2) {
        print $fh "UNKNOWN\n";
-       print $fh "There is more than one AuthorizedKeysFile2 definition in sshd_config\n";
+       print $fh "There should be two locations for User AuthorizedKeysFile defined in sshd_config\n";
        exit
     }
-    unless ($ak[0] =~ m#^((?i)AuthorizedKeysFile)\s+/etc/ssh/userkeys/%u$# ) {
+
+    unless (grep { m#^/etc/ssh/userkeys/%u$# } @ak_files) {
        print $fh "UNKNOWN\n";
        print $fh "The AuthorizedKeysFile definition has an unexpected value.  Should be /etc/ssh/userkeys/%u\n";
        exit
     }
-    unless ($ak2[0] =~ m#^((?i)AuthorizedKeysFile2)\s+/var/lib/misc/userkeys/%u$# ) {
+    unless (grep { m#^/var/lib/misc/userkeys/%u$# } @ak_files) {
        print $fh "UNKNOWN\n";
        print $fh "The AuthorizedKeysFile2 definition has an unexpected value.  Should be /var/lib/misc/userkeys/%u\n";
        exit