PLEASE MOVE ME TO A MORE APPROPRIATE LOCATION!
Moonshot has a number of steps that need to be performed to ensure that things work smoothly. This can be done in an automated fashion - i.e. using a script to verify that certain important, but easy to confirm things are in place.
Each 'task' defines a number of items to check, what the valid response is, and a message to display in the event of the test failing. Tasks also list a parent tast that they depend on, (i.e. ssh-client depends on client, which in turn depends on basic, which means when testing for ssh-client,
|Task||Depends||Title||Debian Method||RHEL Method||Failure Text||Fatal|
|basic||-||Hostname is FQDN||When hostname is called, the value returned must be an FQDN, resolvable via DNS.||Your servers hostname is not fully qualified or resolvable. This is required in order to prevent certain classes of attack.||Yes|
Check 'uname -s', 'uname -r', 'uname -m', '/etc/issue', '/etc/*-release' to deterimine if the OS is one of:
|You are not running a supported OS. Moonshot may not work as indicated in the documentation.||No|
|basic||-||Moonshot repository configuration||Check apt-cache policy for the moonshot repositories.||Check yum repolist for the moonshot repositories||No|
|basic||-||Current version||Using yum, are there any pending updates from the moonshot repository.|
For RHEL, is /etc/gss/mech present? for Debian, /usr/etc/gss/mech present.
Do the following lines exist:
|ssh-client||client||GSSAPIAuthentication||Using augeas, is 'GSSAPIAuthentication' set to 'yes'||Yes|
|ssh-client||client||GSSAPIKeyExchange||Using augeas, is 'GSSAPIKeyExchange' set to 'yes'|