Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

IDTaskTitleDebian MethodRHEL MethodmacOS MethodFailure TextERRORImplemented
1basicSupported OS

Linux: Check '/etc/*-release' to determine if the OS is one of:

  • Debian 8+
  • RHEL, CentOS, or Scientific Linux (SL) 6 or 7
  • Ubuntu 12, 14, or 16

macOS: Check the output of sw_vers to determine is if the OS is one of:

  • macOS 10.11, 10.12, 10.13
You are not running a supported OS. Moonshot may not work as indicated in the documentation.WARNYes
2basicPrerequisites

Check if the following tools are installed:

  • dig
  • hostname
  • grep
  • echo
  • Debian, Ubuntu: apt-get, apt-key and apt-cache
  • RedHat, CentOS, SL: yum and rpm
One or more prerequisites for this test couldn't be found. Please check that dig, hostname, grep, echo, ... are installed.ERRORYes
3basicHostname is FQDNCheck that the value returned by hostname is an FQDN using dig.Your servers hostname is not fully qualified or resolvable. This is required in order to prevent certain classes of attack.ERRORYes
4basicMoonshot repositories configured

Debian, Ubuntu: Check apt-cache search for the Moonshot packages.

RHEL, CentOS, SL: Check yum list for the Moonshot packages

The Moonshot repositories do not appear to exist on this system. You will not be able to upgrade Moonshot using your distribution's package manager.WARNYes
5basicMoonshot Signing Key

Debian, Ubuntu: Check apt-key list for the Moonshot signing key.

RHEL, CentOS, SL: Check the RPM GPG keyring for the Moonshot signing key

The Moonshot repository key is not installed, you will have difficulty updating packages.WARNYes
6basicCurrent version

Debian, Ubuntu: Using apt-get install, determine pending updates from the Moonshot repository.

RHEL, CentOS, SL: Using yum install, determine pending updates from the Moonshot repository.

You are not running the latest version of the Moonshot software.WARNYes
7rp/etc/radsec.confCheck that /etc/radsec.conf exist/etc/radsec.conf could not be found - you may not be able to communicate with your rp-proxy.ERRORYes
8rp-proxyAPCCheck to see if port 2083 is open to ov-apc.moonshot.ja.netov-apc.moonshot.ja.net does not seem to be accessible. Please check the servers network connection, and see status.moonshot.ja.net for any downtime or maintenance issues.ERRORYes
9rp-proxyTrust RouterCheck to see if port 12309 is open to tr.moonshot.ja.nettr.moonshot.ja.net does not seem to be accessible. Please check the servers network connection, and see status.moonshot.ja.net for any downtime or maintenance issues.ERRORYes
10rp-proxyflatstore-users

Does /etc/moonshot/flatstore-users contain:

  • root
  • freerad
  • radiusd
  • trustrouter
/etc/moonshot/flatstore-users could not be found, or does not contain all the user accounts it needs to. You may be unable to authenticate to the trust router.ERRORYes
11rp-proxyTrust Identity (FreeRADIUS)

Debian, Ubuntu: Does /etc/freeradius/.local/share/moonshot-ui/identities.txt exist?

RHEL, CentOS, SL: Does /var/lib/radius/.local/share/moonshot-ui/identities.txt exist?

FreeRADIUS does not appear to be installed, or no home directory for the FreeRADIUS user could be found. You will not be able to authenticate to the trust router.

No trust identity could be found for the freeradius user account. You will not be able to authenticate to the trust router.

ERRORYes
12idpPort 2083Check to see if port 2083 is open on the current hostPort 2083 appears to be closed. RP's will not be able to initiate connections to your IDP.ERRORYes
13idpPort 12309Check to see if port 12309 is open on the current hostPort 12309 appears to be closed. The trust router will not be able to initiate connections to your IDP.ERRORYes
14idpflatstore-users

Does /etc/moonshot/flatstore-users contain:

  • root
  • freerad
  • radiusd
  • trustrouter
/etc/moonshot/flatstore-users could not be found, or does not contain all the user accounts it needs to. You may be unable to authenticate to the trust router.ERRORYes
15idpTrust Identity (FreeRADIUS)

Debian, Ubuntu: Does /etc/freeradius/.local/share/moonshot-ui/identities.txt exist?

RHEL, CentOS, SL: Does /var/lib/radiusd/.local/share/moonshot-ui/identities.txt exist?

FreeRADIUS does not appear to be installed, or no home directory for the FreeRADIUS user could be found. You will not be able to authenticate to the trust router.

No trust identity could be found for the FreeRADIUS user account. You will not be able to authenticate to the trust router.

ERRORYes
16idpTrust Identity (Trust Router)Does /var/lib/trust_router/.local/share/moonshot-ui/identities.txt exist?

There either is no trustrouter user or no home directory for the trustrouter user could be found. You will not be able to authenticate to the trust router.

No trust identity could be found for the trustrouter user account. You will not be able to authenticate to the trust router.

ERRORYes
17clientgss/mech

Debian, Ubuntu: Does /etc/gss/mech.d/moonshot-gss-eap.conf exist

macOS, RHEL, CentOS, SL: Does /etc/gss/mech exist

Does it have permissions of 644, and does it contain the following lines:

  • eap-aes128 1.3.6.1.5.5.15.1.1.17 mech_eap.so
  • eap-aes256 1.3.6.1.5.5.15.1.1.18 mech_eap.so 
The Moonshot mech file is missing mech_eap.so will not be loaded.ERRORYes
18ssh-clientGSSAPIAuthentication enabledUsing grep to verify that /etc/ssh/ssh_config has 'GSSAPIAuthentication' set to 'yes' GSSAPIAuthentication must be enabled for Moonshot to function when using SSH.ERRORYes
19ssh-clientGSSAPIKeyExchange disabledLinux only: Using grep to verify that /etc/ssh/ssh_config has 'GSSAPIKeyExchange' set to 'no' GSSAPIKeyExchange should be not enabled for Moonshot to function correctly when using SSH.WARNYes
20ssh-serverPrivilege separation disabledUsing grep to verify that /etc/ssh/ssh_config has 'UsePrivilegeSeparation' set to 'no' (for versions before OpenSSH 6.5p1) Moonshot currently requires that OpenSSH server has privilege separation disabled.ERRORYes
21ssh-serverGSSAPIAuthenticationUsing grep to verify that /etc/ssh/ssh_config has 'GSSAPIAuthentication' set to 'yes'  GSSAPIAuthentication must be enabled for Moonshot to function when using SSH.ERRORYes

...