Module: check_mk
Branch: master
Commit: d2e1c2d5b0807ee644492db9bc7792de1463326b
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=d2e1c2d5b0807e…
Author: Alexander Wilms <aw(a)mathias-kettner.de>
Date: Wed Oct 17 14:10:01 2018 +0200
6840 FIX sshd_config: change the option without-password to key-based
In the sshd_config the options without-password and
prohibit-password are equivalent. Therefore, we
transform the old Check_MK option without-password
to the new option key-based which represents both values.
Change-Id: I455913ce2610c407d08eea74b40c740bfb2fa7f6
---
.werks/6840 | 13 +++++++++++++
checks/sshd_config | 12 +++++++++++-
cmk/gui/plugins/wato/check_parameters.py | 32 +++++++++++++++++++++++---------
3 files changed, 47 insertions(+), 10 deletions(-)
diff --git a/.werks/6840 b/.werks/6840
new file mode 100644
index 0000000..fc6a437
--- /dev/null
+++ b/.werks/6840
@@ -0,0 +1,13 @@
+Title: sshd_config: change the option without-password to key-based
+Level: 1
+Component: checks
+Compatible: compat
+Edition: cre
+Version: 1.6.0i1
+Date: 1539777921
+Class: fix
+
+In the sshd_config the options without-password and
+prohibit-password are equivalent. Therefore, we
+transform the old Check_MK option without-password
+to the new option key-based which represents both values.
diff --git a/checks/sshd_config b/checks/sshd_config
index 06d8df8..69e11fb 100644
--- a/checks/sshd_config
+++ b/checks/sshd_config
@@ -39,13 +39,19 @@
def parse_sshd_config(info):
identity = lambda x: x
+
+ def map_permit_root_login(value):
+ if value in [u"prohibit-password", u"without-password"]:
+ return u"key-based"
+ return value
+
relevant_options = {
#option parse function
"Protocol": lambda x:
",".join(sorted(x.split(","))),
# Port can be defined multiple times in sshd_config.
# Therefore we use a list of ints.
"Port": lambda x: [int(x)],
- "PermitRootLogin": identity,
+ "PermitRootLogin": map_permit_root_login,
"PasswordAuthentication": identity,
"PermitEmptyPasswords": identity,
"ChallengeResponseAuthentication": identity,
@@ -79,6 +85,10 @@ def inventory_sshd_config(parsed):
def check_sshd_config(_no_item, params, parsed):
+ root_login = params.get("PermitRootLogin", "")
+ if root_login == "without-password":
+ params["PermitRootLogin"] = "key-based"
+
# type_ is needed because info contains unicode and params str
convert = lambda x, type_: (x if isinstance(x, type_)
else ", ".join(map(type_, x)))
diff --git a/cmk/gui/plugins/wato/check_parameters.py
b/cmk/gui/plugins/wato/check_parameters.py
index a60f49f..cafb1c8 100644
--- a/cmk/gui/plugins/wato/check_parameters.py
+++ b/cmk/gui/plugins/wato/check_parameters.py
@@ -2137,6 +2137,17 @@ register_check_parameters(
match_type = "dict",
)
+def transform_ssh_config(choice):
+ """
+ In the sshd_config the options without-password and
+ prohibit-password are equivalent. Therefore, we
+ transform the old Check_MK option without-password
+ to the new option key-based which represents both values.
+ """
+ if choice == "without-password":
+ return "key-based"
+ return choice
+
register_check_parameters(
subgroup_applications,
"sshd_config",
@@ -2144,15 +2155,18 @@ register_check_parameters(
Dictionary(
elements = [
("PermitRootLogin",
- DropdownChoice(
- title = _("Permit root login"),
- choices = [
- ('yes', _('Yes')),
- ('without-password', _('Without password')),
- ('forced-commands-only', _('Forced commands
only')),
- ('no', _('No')),
- ],
- default_value = "without-password",
+ Transform(
+ DropdownChoice(
+ title = _("Permit root login"),
+ choices = [
+ ('yes', _('yes')),
+ ('key-based',
_('without-password/prohibit-password (Key based)')),
+ ('forced-commands-only',
_('forced-commands-only')),
+ ('no', _('no')),
+ ],
+ default_value = "key-based",
+ ),
+ forth=transform_ssh_config
)),
("Protocol",
DropdownChoice(