From b039f8d1bbb45380e5f6afe917a060b4cd828dac Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Tue, 9 Oct 2018 09:42:17 +0200
Subject: [PATCH] Add dsa-check-unbound-anchors

---
 .../checks/dsa-check-unbound-anchors          | 25 +++++++++++++++++++
 dsa-nagios-checks/debian/changelog            |  1 +
 2 files changed, 26 insertions(+)
 create mode 100755 dsa-nagios-checks/checks/dsa-check-unbound-anchors

diff --git a/dsa-nagios-checks/checks/dsa-check-unbound-anchors b/dsa-nagios-checks/checks/dsa-check-unbound-anchors
new file mode 100755
index 0000000..5c83fcc
--- /dev/null
+++ b/dsa-nagios-checks/checks/dsa-check-unbound-anchors
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+set -e
+set -u
+
+not_valid=""
+for key in $(find /var/lib/unbound -type f) ; do
+	if ! grep -v '^;' "$key" | grep -q '\[  VALID  \]'; then
+		not_valid="$not_valid $(basename "$key" .key)"
+	fi
+done
+if [ -n "$not_valid" ]; then
+	echo "Warning: no valid trust anchors found for$not_valid."
+	exit 1
+fi
+
+old_anchors=$(find /var/lib/unbound -type f -mtime +5)
+if [ -n "$old_anchors" ]; then
+	echo "Warning: Some keys are old: $old_anchors."
+	exit 1
+fi
+
+
+echo "OK: All keys in /var/lib/unbound recent and valid"
+exit 0
diff --git a/dsa-nagios-checks/debian/changelog b/dsa-nagios-checks/debian/changelog
index ade7cf3..c5d80fe 100644
--- a/dsa-nagios-checks/debian/changelog
+++ b/dsa-nagios-checks/debian/changelog
@@ -1,6 +1,7 @@
 dsa-nagios-checks (117) UNRELEASED; urgency=medium
 
   * dsa-check-hpssacli: add --ignore-cache
+  * add: dsa-check-unbound-anchors
 
  -- Peter Palfrader <weasel@debian.org>  Sun, 11 Mar 2018 09:06:13 +0100
 
-- 
2.20.1