* weak-ssh-keys-check: Check all keys in files in debian key directories

Check all keys in files in /etc/ssh/userkeys and /var/lib/misc/userkeys,
not just the first.  (Also doesn't blow up if a file is empty.)

diff --git a/dsa-nagios-checks/debian/changelog b/dsa-nagios-checks/debian/changelog
index aef644d..3a07849 100644 (file)
--- a/dsa-nagios-checks/debian/changelog
+++ b/dsa-nagios-checks/debian/changelog
@@ -24,8 +24,11 @@ dsa-nagios-checks (8x) unstable; urgency=low
   * add dsa-check-dnssec-delegation.
   * dsa-check-hpasm: Add --fan-high to not tread high fan speeds as a
     warning condition.
+  * weak-ssh-keys-check: Check all keys in files in /etc/ssh/userkeys
+    and /var/lib/misc/userkeys, not just the first.  (Also doesn't
+    blow up if a file is empty.)
 
- -- Peter Palfrader <weasel@debian.org>  Sat, 20 Feb 2010 09:44:13 +0100
+ -- Peter Palfrader <weasel@debian.org>  Mon, 22 Feb 2010 10:31:24 +0100
 
 dsa-nagios-checks (84) unstable; urgency=low
 

diff --git a/dsa-nagios-checks/share/weak-ssh-keys-check b/dsa-nagios-checks/share/weak-ssh-keys-check
index 7587862..a9bd752 100755 (executable)
--- a/dsa-nagios-checks/share/weak-ssh-keys-check
+++ b/dsa-nagios-checks/share/weak-ssh-keys-check
@@ -202,6 +202,7 @@ sub from_ssh_key_file ($) {
     my $name = shift;
     if (open (my $FH, '<', $name)) {
        my $key = <$FH>; 
+       close($FH);
        if (! defined $key) {
                $weird_keyfiles++;
                $text .= "cannot read $name properly - empty?\n";
@@ -336,7 +337,7 @@ sub from_debianorg_places () {
        for my $file (grep { ! -d $d.'/'.$_ } readdir(D)) {
            next if ($file eq 'README-DSA-BUILDD');
            my $f = $d.'/'.$file;
-           from_ssh_key_file $f if -r $f;
+           from_ssh_auth_file $f if -r $f;
        };
     };
 }