fix: Enhance SSH key checks to verify the presence of private keys in…

… the .ssh directory ref: #36
ParetoSecurity · Dec 30, 2024 · cd89891 · cd89891
1 parent 32bea1e
commit cd89891
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 2 deletions.
diff --git a/checks/ssh_keys.go b/checks/ssh_keys.go
@@ -76,7 +76,22 @@ func (f *SSHKeys) IsRunnable() bool {
 		return false
 	}
 
-	return true
+	//check if there are any private keys in the .ssh directory
+	files, err := os.ReadDir(sshPath)
+	if err != nil {
+		return false
+	}
+
+	for _, file := range files {
+		if strings.HasSuffix(file.Name(), ".pub") {
+			privateKeyPath := filepath.Join(sshPath, strings.TrimSuffix(file.Name(), ".pub"))
+			if _, err := os.Stat(privateKeyPath); err == nil {
+				return true
+			}
+		}
+	}
+	return false
+
 }
 
 // UUID returns the UUID of the check

diff --git a/checks/ssh_keys_algo.go b/checks/ssh_keys_algo.go
@@ -124,7 +124,21 @@ func (f *SSHKeysAlgo) IsRunnable() bool {
 		return false
 	}
 
-	return true
+	//check if there are any private keys in the .ssh directory
+	files, err := os.ReadDir(sshPath)
+	if err != nil {
+		return false
+	}
+
+	for _, file := range files {
+		if strings.HasSuffix(file.Name(), ".pub") {
+			privateKeyPath := filepath.Join(sshPath, strings.TrimSuffix(file.Name(), ".pub"))
+			if _, err := os.Stat(privateKeyPath); err == nil {
+				return true
+			}
+		}
+	}
+	return false
 }
 
 // UUID returns the UUID of the check