#!/bin/sh

# Check that debian-admin is in /etc/aliases for root.
# Peter Palfrader, 2008

#my %ERRORS = ( OK => 0, WARNING => 1, CRITICAL => 2, UNKNOWN => -1 );

set -e
err=0

log() {
	if [ "$0" = "ok" ] && [ "$err" = 0 ]; then
		err=0
	elif [ "$1" = "warn" ] && [ "$err" -lt 1 ]; then
		err=1
	elif [ "$1" = "critical" ] && [ "$err" -lt 2 ]; then
		err=2
	elif [ "$1" = "unknown" ] && [ "$err" = 0 ]; then
		err=3
	fi
	if [ "`eval echo \\$$1`" = "" ]; then
		eval $1="\"$2\""
	else
		eval $1="\"`eval echo \\$$1`; $2\""
	fi
}


check_aliases() {
	if ! [ -e /etc/aliases ]; then
		log unknown "/etc/aliases not found"
		return
	fi

	if egrep '^root:.*debian-admin@debian.org' /etc/aliases > /dev/null; then
		log ok "debian-admin found in aliases"
		return
	fi

	log warn "debian-admin not found in root entry in aliases"
}

check_ssh_hostkeys() {
	if [ -e /etc/ssh/ssh_host_ed25519_key ] ; then
		if ! [ -e /etc/ssh/ssh_host_ed25519_key.pub ]; then
			log warn "Have /etc/ssh/ssh_host_ed25519_key without .pub"
			return
		fi
		if cat /etc/ssh/ssh_known_hosts | awk -v hostname=$(hostname -f) '{split($1,a,","); if (a[1] == hostname) { print } }' | grep -q -F -f /etc/ssh/ssh_host_ed25519_key.pub; then
			log ok "ed25519 host key in known_hosts"
			return
		else
			log warn "ed25519 host key missing from known_hosts"
			return
		fi
	else
		log ok "no ed25519 host key"
		return
	fi
}

check_ipv6_dad() {
	if ip a | grep -q dadfailed; then
		log warn "some configured ipv6 addresses failed DAD"
	else
		log ok "no DAD failures"
	fi

}



check_aliases
check_ssh_hostkeys
check_ipv6_dad

[ "$critical" = "" ] || echo -n "Critical: $critical; "
[ "$warn" = "" ] || echo -n "Warning: $warn; "
[ "$unknown" = "" ] || echo -n "Unknown: $unknown; "
[ "$ok" = "" ] || echo -n "OK: $ok"
echo
exit $err
