feature: exit with non-zero exit code #16
Comments
|
Currently this tool has pretty standard behavior - exits with 0 on success and with 1 if something failed (connection, data, etc). I don't think it is wise to change exit code to < 0 if everything was run fine, therefore I would opt for the option to control this behavior, as You suggested. I'd like to have a bit more of Your thoughts on this. For example:
See where I'm getting with this? A bit more careful planning must be done before implementing this feature. |
|
Thank you for the reply @arthepsy My hypothetical use case would be to use ssh-audit as part of continuous auditing of all SSH servers using Sensu or Nagios checks. In Nagios compatible checks, exit code 0 means PASS, 1=WARN, 2=CRITICAL,3=CHECKERROR. This is the primary reason behind wanting exit code 2.
Exit code 2. I think running ssh-agent in my proposed mode should only return 2 if there are security issues or a severe case of misconfiguration that could lead to problems, regardless of SSH server version. If upgrading SSH server is the only way to fix them, then upgrade is what should be done to silence the alarm (get exit code 0). Basically, exit code 0 should mean "based on all information available to ssh-audit, this SSH server version and configuration are secure". |
|
Once possibility is to define an environment variable detailing the error code further. |
Since ssh-audit can used in a script, it would be nice if ssh-audit would exit with exit code of 2 if there are 1 or more recommendations. I'd be fine with this requiring an optional command argument.
The text was updated successfully, but these errors were encountered: