log warn "ldap.conf does not have URI, BASE, TLS_CACERT, TLS_REQCERT all configured correctly"
}
+check_ssh_hostkeys() {
+ if [ -e /etc/ssh/ssh_host_ed25519_key ] ; then
+ if ! [ -e /etc/ssh/ssh_host_ed25519_key.pub ]; then
+ log warn "Have /etc/ssh/ssh_host_ed25519_key without .pub"
+ return
+ fi
+ if cat /etc/ssh/ssh_known_hosts | awk -v hostname=$(hostname -f) '{split($1,a,","); if (a[1] == hostname) { print } }' | grep -q -F -f /etc/ssh/ssh_host_ed25519_key.pub; then
+ log ok "ed25519 host key in known_hosts"
+ return
+ else
+ log warn "ed25519 host key missing from known_hosts"
+ return
+ fi
+ else
+ log ok "no ed25519 host key."
+ return
+ fi
+}
+
+
check_aliases
check_ldap_conf
+check_ssh_hostkeys
[ "$critical" = "" ] || echo -n "Critical: $critical; "
[ "$warn" = "" ] || echo -n "Warning: $warn; "
* dsa-check-running-kernel: in cat_vmlinux(), only consider the first 5 hits
for the magic start sequence. This makes running times bearable on our
new octeons.
+ * dsa-check-config: check if existing ed25519 host keys are in ldap.
[ Hendrik Köhler ]
* Extend dsa-check-entropy output so Icinga2 can process performance
data (e.g. used by Graphite).
- -- Peter Palfrader <weasel@debian.org> Wed, 05 Nov 2014 14:57:51 +0100
+ -- Peter Palfrader <weasel@debian.org> Sun, 07 Dec 2014 10:56:34 +0100
dsa-nagios-checks (100) unstable; urgency=low