Rob Crittenden
Rob Crittenden
CA integration requires that a set of shared certificates is the same between masters (literal clones). Use cluster checking to verify that the public keys are the same across the...
Users and private groups are supposed to be linked together by the mepmanaged plugin but we've seen occasions where this linkage is broken. Look for private groups that have no...
For those distributions which use a centralized crypto policy, report in meta the current policy in-use.
certmonger should not track the CA signing cert if it was issued externally. Report if it is. This could issue a new self-signed CA certificate rather than forcing a renewal...
Ideally there should be a way to know that all checks have executed. Implement a counter to count the expected vs received results. If they don't match add a new...
In filesystemspace.py /var/log/audit can be skipped if running in a container. This is currently detected manually but the same should be more easily available by calling systemd-detect-virt -c/--container.
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1773572 Right now one receives a SUCCESS on all AD trust checks if it is not configured. We should reflect in some way that trust is not installed/configured....
Checking the CS.cfg ranges requires visibility for the whole cluster so only report those values. We can check that the data stored in LDAP doesn't overlap and that the nextRange...
Blog post about Dogtag range management that might help understand how to check this: https://frasertweedale.github.io/blog-redhat/posts/2019-07-26-dogtag-replica-ranges.html
hsm_validator() was more or less bolted in place late in the development cycle in in order to catch some of the more common problems: bad token name, bad password, etc....