From cd89891cd87cddf7487d42915b8b9be3f2ac6430 Mon Sep 17 00:00:00 2001
From: Janez T <hey@dz0ny.dev>
Date: Mon, 30 Dec 2024 13:43:36 +0100
Subject: [PATCH] fix: Enhance SSH key checks to verify the presence of private
 keys in the .ssh directory

ref: https://github.com/ParetoSecurity/pareto-linux/issues/36
---
 checks/ssh_keys.go      | 17 ++++++++++++++++-
 checks/ssh_keys_algo.go | 16 +++++++++++++++-
 2 files changed, 31 insertions(+), 2 deletions(-)

diff --git a/checks/ssh_keys.go b/checks/ssh_keys.go
index 7e5047f..e1df857 100644
--- a/checks/ssh_keys.go
+++ b/checks/ssh_keys.go
@@ -76,7 +76,22 @@ func (f *SSHKeys) IsRunnable() bool {
 		return false
 	}
 
-	return true
+	//check if there are any private keys in the .ssh directory
+	files, err := os.ReadDir(sshPath)
+	if err != nil {
+		return false
+	}
+
+	for _, file := range files {
+		if strings.HasSuffix(file.Name(), ".pub") {
+			privateKeyPath := filepath.Join(sshPath, strings.TrimSuffix(file.Name(), ".pub"))
+			if _, err := os.Stat(privateKeyPath); err == nil {
+				return true
+			}
+		}
+	}
+	return false
+
 }
 
 // UUID returns the UUID of the check
diff --git a/checks/ssh_keys_algo.go b/checks/ssh_keys_algo.go
index bbd1cf3..dd52353 100644
--- a/checks/ssh_keys_algo.go
+++ b/checks/ssh_keys_algo.go
@@ -124,7 +124,21 @@ func (f *SSHKeysAlgo) IsRunnable() bool {
 		return false
 	}
 
-	return true
+	//check if there are any private keys in the .ssh directory
+	files, err := os.ReadDir(sshPath)
+	if err != nil {
+		return false
+	}
+
+	for _, file := range files {
+		if strings.HasSuffix(file.Name(), ".pub") {
+			privateKeyPath := filepath.Join(sshPath, strings.TrimSuffix(file.Name(), ".pub"))
+			if _, err := os.Stat(privateKeyPath); err == nil {
+				return true
+			}
+		}
+	}
+	return false
 }
 
 // UUID returns the UUID of the check