Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

PLEASE MOVE ME TO A MORE APPROPRIATE LOCATION!

Background

Moonshot has a number of steps that need to be performed to ensure that things work smoothly.  This can be done in an automated fashion - i.e. using a script to verify that certain important, but easy to confirm things are in place.

Usage

$ moonshot-readiness
usage: moonshot-readiness [task] [task]...
 
  Available tasks:
    minimal (default)
    client
    rp
    rp-proxy
    idp-proxy
    ssh-client
    ssh-server
 
$ moonshot-readiness client ssh-client
  Testing task basic...
    Hostname is fqdn...                             [OKAY]
    Supported OS...                                 [OKAY]
    Moonshot repositories configured...             [FAIL]
 
  Testing task client...
    gss/mech...                                     [OKAY]
    mech_eap.so in library path...                  [FAIL]
 
  Testing task ssh-client...
    GSSAPIAuthentication...                         [FAIL]
    GSSAPIKeyExchange...                            [OKAY]
 
  Test complete, failed tests:
    Moonshot repositories configured:
      Without the moonshot repositories configured, you will not be able to update to the latest versions of the moonshot code.
    mech_eap.so in library path:
      mech_eap.so was not found in your ld configuration - this may mean you've installed the Moonshot libraries in a non-default location.
    GSSAPIAuthentication:
      Your SSH client is not configured for GSSAPI authentication. Moonshot will not work. 

Structure

Each 'task' defines a number of items to check, what the valid response is, and a message to display in the event of the test failing. Tasks also list a parent tast that they depend on, (i.e. ssh-client depends on client, which in turn depends on basic, which means when testing for ssh-client,  

Tests

TaskDependsTitleDebian MethodRHEL MethodFailure TextFatal
basic-Hostname is FQDNWhen hostname is called, the value returned must be an FQDN, resolvable via DNS.Your servers hostname is not fully qualified or resolvable. This is required in order to prevent certain classes of attack.Yes
basic-Supported OS

Check 'uname -s', 'uname -r', 'uname -m', '/etc/issue', '/etc/*-release' to deterimine if the OS is one of:

  • Debian 6+
  • RHEL 6
  • CentOS 6
  • Scientific Linux 6
You are not running a supported OS. Moonshot may not work as indicated in the documentation.No
basic-Moonshot repository configurationCheck apt-cache policy for the moonshot repositories.Check yum repolist for the moonshot repositories No
basic-Current versionUsing yum, are there any pending updates from the moonshot repository.   
clientbasicgss/mech

Is /usr/etc/gss/mech existant, have permissions of 644, and does it contain the following lines:

  • eap-aes128 1.3.6.1.5.5.15.1.1.17 mech_eap.so
  • eap-aes256 1.3.6.1.5.5.15.1.1.18 mech_eap.so

Is /etc/gss/mech existant, have permissions of 644, and does it contain the following lines:

  • eap-aes128 1.3.6.1.5.5.15.1.1.17 mech_eap.so
  • eap-aes256 1.3.6.1.5.5.15.1.1.18 mech_eap.so
  
ssh-clientclientGSSAPIAuthenticationUsing augeas and /etc/ssh/ssh_config, is 'GSSAPIAuthentication' set to 'yes' Yes
ssh-clientclientGSSAPIKeyExchangeUsing augeas and /etc/ssh/ssh_config, is 'GSSAPIKeyExchange' set to 'yes'  
       
       
       
       

 

 

  • No labels