[sec_scan][22] add authorized keys reporter (#44523)

* [sec_scan][22] add authorized keys reporter This PR introduces a SSH authorized keys reporter that monitors `/etc/passwd` file and all users' authorized_keys files and reports the findings back to teleport. Part of gravitational/access-graph#637 Signed-off-by: Tiago Silva <[email protected]> * handle comments * handle comments --------- Signed-off-by: Tiago Silva <[email protected]>
gravitational · Jul 30, 2024 · afca9cb · afca9cb
1 parent 72457a8
commit afca9cb
Show file tree

Hide file tree

Showing 6 changed files with 891 additions and 2 deletions.
diff --git a/api/types/accessgraph/authorized_key.go b/api/types/accessgraph/authorized_key.go
@@ -28,7 +28,8 @@ import (
 )
 
 const (
-	authorizedKeyDefaultKeyTTL = 8 * time.Hour
+	// AuthorizedKeyDefaultKeyTTL is the default TTL for an authorized key.
+	AuthorizedKeyDefaultKeyTTL = 8 * time.Hour
 )
 
 // NewAuthorizedKey creates a new SSH authorized key resource.
@@ -40,7 +41,7 @@ func NewAuthorizedKey(spec *accessgraphv1pb.AuthorizedKeySpec) (*accessgraphv1pb
 		Metadata: &headerv1.Metadata{
 			Name: name,
 			Expires: timestamppb.New(
-				time.Now().Add(authorizedKeyDefaultKeyTTL),
+				time.Now().Add(AuthorizedKeyDefaultKeyTTL),
 			),
 		},
 		Spec: spec,