[checkmk-commits] 6840 FIX sshd_config: change the option without-password to key-based

Module: check_mk Branch: master Commit: d2e1c2d5b0807ee644492db9bc7792de1463326b URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=d2e1c2d5b0807e… Author: Alexander Wilms <aw(a)mathias-kettner.de> Date: Wed Oct 17 14:10:01 2018 +0200 6840 FIX sshd_config: change the option without-password to key-based In the sshd_config the options without-password and prohibit-password are equivalent. Therefore, we transform the old Check_MK option without-password to the new option key-based which represents both values. Change-Id: I455913ce2610c407d08eea74b40c740bfb2fa7f6 --- .werks/6840 | 13 +++++++++++++ checks/sshd_config | 12 +++++++++++- cmk/gui/plugins/wato/check_parameters.py | 32 +++++++++++++++++++++++--------- 3 files changed, 47 insertions(+), 10 deletions(-) diff --git a/.werks/6840 b/.werks/6840 new file mode 100644 index 0000000..fc6a437 --- /dev/null +++ b/.werks/6840 @@ -0,0 +1,13 @@ +Title: sshd_config: change the option without-password to key-based +Level: 1 +Component: checks +Compatible: compat +Edition: cre +Version: 1.6.0i1 +Date: 1539777921 +Class: fix + +In the sshd_config the options without-password and +prohibit-password are equivalent. Therefore, we +transform the old Check_MK option without-password +to the new option key-based which represents both values. diff --git a/checks/sshd_config b/checks/sshd_config index 06d8df8..69e11fb 100644 --- a/checks/sshd_config +++ b/checks/sshd_config @@ -39,13 +39,19 @@ def parse_sshd_config(info): identity = lambda x: x + + def map_permit_root_login(value): + if value in [u"prohibit-password", u"without-password"]: + return u"key-based" + return value + relevant_options = { #option parse function "Protocol": lambda x: ",".join(sorted(x.split(","))), # Port can be defined multiple times in sshd_config. # Therefore we use a list of ints. "Port": lambda x: [int(x)], - "PermitRootLogin": identity, + "PermitRootLogin": map_permit_root_login, "PasswordAuthentication": identity, "PermitEmptyPasswords": identity, "ChallengeResponseAuthentication": identity, @@ -79,6 +85,10 @@ def inventory_sshd_config(parsed): def check_sshd_config(_no_item, params, parsed): + root_login = params.get("PermitRootLogin", "") + if root_login == "without-password": + params["PermitRootLogin"] = "key-based" + # type_ is needed because info contains unicode and params str convert = lambda x, type_: (x if isinstance(x, type_) else ", ".join(map(type_, x))) diff --git a/cmk/gui/plugins/wato/check_parameters.py b/cmk/gui/plugins/wato/check_parameters.py index a60f49f..cafb1c8 100644 --- a/cmk/gui/plugins/wato/check_parameters.py +++ b/cmk/gui/plugins/wato/check_parameters.py @@ -2137,6 +2137,17 @@ register_check_parameters( match_type = "dict", ) +def transform_ssh_config(choice): + """ + In the sshd_config the options without-password and + prohibit-password are equivalent. Therefore, we + transform the old Check_MK option without-password + to the new option key-based which represents both values. + """ + if choice == "without-password": + return "key-based" + return choice + register_check_parameters( subgroup_applications, "sshd_config", @@ -2144,15 +2155,18 @@ register_check_parameters( Dictionary( elements = [ ("PermitRootLogin", - DropdownChoice( - title = _("Permit root login"), - choices = [ - ('yes', _('Yes')), - ('without-password', _('Without password')), - ('forced-commands-only', _('Forced commands only')), - ('no', _('No')), - ], - default_value = "without-password", + Transform( + DropdownChoice( + title = _("Permit root login"), + choices = [ + ('yes', _('yes')), + ('key-based', _('without-password/prohibit-password (Key based)')), + ('forced-commands-only', _('forced-commands-only')), + ('no', _('no')), + ], + default_value = "key-based", + ), + forth=transform_ssh_config )), ("Protocol", DropdownChoice(