Add dsa-check-unbound-anchors

author Peter Palfrader <peter@palfrader.org>

Tue, 9 Oct 2018 07:42:17 +0000 (09:42 +0200)

committer Peter Palfrader <peter@palfrader.org>

Tue, 9 Oct 2018 07:42:17 +0000 (09:42 +0200)
author Peter Palfrader <peter@palfrader.org>
Tue, 9 Oct 2018 07:42:17 +0000 (09:42 +0200)
committer Peter Palfrader <peter@palfrader.org>
Tue, 9 Oct 2018 07:42:17 +0000 (09:42 +0200)
diff --git a/dsa-nagios-checks/checks/dsa-check-unbound-anchors b/dsa-nagios-checks/checks/dsa-check-unbound-anchors

new file mode 100755 (executable)

index 0000000..5c83fcc
--- /dev/null
+++ b/dsa-nagios-checks/checks/dsa-check-unbound-anchors
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+set -e
+set -u
+
+not_valid=""
+for key in $(find /var/lib/unbound -type f) ; do
+       if ! grep -v '^;' "$key" | grep -q '\[  VALID  \]'; then
+               not_valid="$not_valid $(basename "$key" .key)"
+       fi
+done
+if [ -n "$not_valid" ]; then
+       echo "Warning: no valid trust anchors found for$not_valid."
+       exit 1
+fi
+
+old_anchors=$(find /var/lib/unbound -type f -mtime +5)
+if [ -n "$old_anchors" ]; then
+       echo "Warning: Some keys are old: $old_anchors."
+       exit 1
+fi
+
+
+echo "OK: All keys in /var/lib/unbound recent and valid"
+exit 0
diff --git a/dsa-nagios-checks/debian/changelog b/dsa-nagios-checks/debian/changelog

index ade7cf3..c5d80fe 100644 (file)
--- a/dsa-nagios-checks/debian/changelog
+++ b/dsa-nagios-checks/debian/changelog
@@ -1,6 +1,7 @@
  dsa-nagios-checks (117) UNRELEASED; urgency=medium
  
    * dsa-check-hpssacli: add --ignore-cache
+  * add: dsa-check-unbound-anchors
  
   -- Peter Palfrader <weasel@debian.org>  Sun, 11 Mar 2018 09:06:13 +0100
author	Peter Palfrader <peter@palfrader.org>
	Tue, 9 Oct 2018 07:42:17 +0000 (09:42 +0200)
committer	Peter Palfrader <peter@palfrader.org>
	Tue, 9 Oct 2018 07:42:17 +0000 (09:42 +0200)
dsa-nagios-checks/checks/dsa-check-unbound-anchors	[new file with mode: 0755]	patch \| blob
dsa-nagios-checks/debian/changelog		patch \| blob \| history