Add checks of the expiry date of critical GPG keys. Suggest: warn @ 3 mo crit @ 1 mo Check should run weekly.
I added some tests, but I'm not sure I did it correctly, will audit later. -A
(In reply to Alec Warner from comment #1) > I added some tests, but I'm not sure I did it correctly, will audit later. > > -A Followup. 1) Each key has to be manually fetched on initial setup. This is done for the 4 keys, but we should consider doing it in check_gpg. 2) Each test needs a unique name, and I believe the current config is not doing this, leading monitoring to essentially only check the last key in teh config. This should be easily fixable. -A
(In reply to Alec Warner from comment #2) > (In reply to Alec Warner from comment #1) > > I added some tests, but I'm not sure I did it correctly, will audit later. > > > > -A > > Followup. > > 1) Each key has to be manually fetched on initial setup. This is done for > the 4 keys, but we should consider doing it in check_gpg. > > 2) Each test needs a unique name, and I believe the current config is not > doing this, leading monitoring to essentially only check the last key in teh > config. This should be easily fixable. > > -A 2) is fixed and we should get alerts 30days before expiration. -A