Initial commit
This commit is contained in:
commit
46862014f6
20 changed files with 2673 additions and 0 deletions
89
checker/definition.go
Normal file
89
checker/definition.go
Normal file
|
|
@ -0,0 +1,89 @@
|
|||
package checker
|
||||
|
||||
import (
|
||||
"time"
|
||||
|
||||
sdk "git.happydns.org/checker-sdk-go/checker"
|
||||
)
|
||||
|
||||
// Version is the checker version reported in CheckerDefinition.Version.
|
||||
// Overridden at link time by the binary/plugin entrypoints.
|
||||
var Version = "built-in"
|
||||
|
||||
// Definition returns the CheckerDefinition for the Kerberos checker.
|
||||
func (p *kerberosProvider) Definition() *sdk.CheckerDefinition {
|
||||
return &sdk.CheckerDefinition{
|
||||
ID: "kerberos",
|
||||
Name: "Kerberos Realm Tester",
|
||||
Version: Version,
|
||||
Availability: sdk.CheckerAvailability{
|
||||
ApplyToService: true,
|
||||
LimitToServices: []string{"abstract.Kerberos"},
|
||||
},
|
||||
HasHTMLReport: true,
|
||||
ObservationKeys: []sdk.ObservationKey{ObservationKeyKerberos},
|
||||
Options: sdk.CheckerOptionsDocumentation{
|
||||
RunOpts: []sdk.CheckerOptionDocumentation{
|
||||
{
|
||||
Id: "realm",
|
||||
Type: "string",
|
||||
Label: "Kerberos realm",
|
||||
Placeholder: "EXAMPLE.COM",
|
||||
AutoFill: sdk.AutoFillDomainName,
|
||||
Required: true,
|
||||
Description: "DNS domain advertising the realm (the realm name itself is derived in uppercase).",
|
||||
},
|
||||
{
|
||||
Id: "principal",
|
||||
Type: "string",
|
||||
Label: "Principal (optional)",
|
||||
Placeholder: "user@EXAMPLE.COM",
|
||||
Description: "Supply to run an authenticated round-trip. Leave blank for anonymous probes only.",
|
||||
},
|
||||
{
|
||||
Id: "password",
|
||||
Type: "string",
|
||||
Label: "Password (optional)",
|
||||
Secret: true,
|
||||
Description: "Password for the principal above. Used once per run; never stored by the checker.",
|
||||
},
|
||||
{
|
||||
Id: "targetService",
|
||||
Type: "string",
|
||||
Label: "Service to request (TGS)",
|
||||
Placeholder: "host/host.example.com",
|
||||
Default: "",
|
||||
Description: "SPN requested via TGS-REQ once a TGT is acquired. Defaults to krbtgt (realm self-test).",
|
||||
},
|
||||
},
|
||||
AdminOpts: []sdk.CheckerOptionDocumentation{
|
||||
{
|
||||
Id: "timeout",
|
||||
Type: "number",
|
||||
Label: "Per-probe timeout (seconds)",
|
||||
Default: 5,
|
||||
},
|
||||
{
|
||||
Id: "requireStrongEnctypes",
|
||||
Type: "bool",
|
||||
Label: "Require strong enctypes",
|
||||
Default: true,
|
||||
Description: "Flag realms that only advertise DES/RC4 as CRIT.",
|
||||
},
|
||||
{
|
||||
Id: "maxClockSkew",
|
||||
Type: "number",
|
||||
Label: "Max tolerated clock skew (seconds)",
|
||||
Default: 300,
|
||||
Description: "Default Kerberos tolerance is 300s; tighter values surface drift earlier.",
|
||||
},
|
||||
},
|
||||
},
|
||||
Rules: Rules(),
|
||||
Interval: &sdk.CheckIntervalSpec{
|
||||
Min: 5 * time.Minute,
|
||||
Max: 7 * 24 * time.Hour,
|
||||
Default: 24 * time.Hour,
|
||||
},
|
||||
}
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue