Added function: Check the default value of the parameter that has not been set.
This commit is contained in:
Samson-W
parent
6598eb4b43
commit
0e20dd251a
|
|
@ -21,6 +21,11 @@ ALLOWGROUP='AllowGroups[[:space:]]*\*'
|
|||
DENYUSER='DenyUsers[[:space:]]*nobody'
|
||||
DENYGROUP='DenyGroups[[:space:]]*nobody'
|
||||
|
||||
ALLOWUSER_KEY='AllowUsers'
|
||||
ALLOWGROUP_KEY='AllowGroups'
|
||||
DENYUSER_KEY='DenyUsers'
|
||||
DENYGROUP_KEY='DenyGroups'
|
||||
|
||||
ALLOWUSER_RET=1
|
||||
ALLOWGROUP_RET=1
|
||||
DENYUSER_RET=1
|
||||
|
|
@ -33,26 +38,31 @@ audit () {
|
|||
crit "$PACKAGE is not installed!"
|
||||
else
|
||||
ok "$PACKAGE is installed"
|
||||
if [ $(sshd -T | grep -ic $ALLOWUSER) -eq 1 ]; then
|
||||
check_sshd_access_limit $ALLOWUSER_KEY $ALLOWUSER
|
||||
if [ $FNRET != 0 ]; then
|
||||
crit "AllowUsers is not set!"
|
||||
else
|
||||
ok "AllowUsers has set limit."
|
||||
ALLOWUSER_RET=0
|
||||
fi
|
||||
|
||||
if [ $(sshd -T | grep -ic $ALLOWGROUP) -eq 1 ]; then
|
||||
check_sshd_access_limit $ALLOWGROUP_KEY $ALLOWGROUP
|
||||
if [ $FNRET != 0 ]; then
|
||||
crit "AllowGroups is not set!"
|
||||
else
|
||||
ok "AllowGroups has set limit."
|
||||
ALLOWGROUP_RET=0
|
||||
fi
|
||||
if [ $(sshd -T | grep -ic $DENYUSER) -eq 1 ]; then
|
||||
|
||||
check_sshd_access_limit $DENYUSER_KEY $DENYUSER
|
||||
if [ $FNRET != 0 ]; then
|
||||
crit "DenyUsers is not set!"
|
||||
else
|
||||
ok "DenyUsers has set limit."
|
||||
DENYUSER_RET=0
|
||||
fi
|
||||
if [ $(sshd -T | grep -ic $DENYGROUP) -eq 1 ]; then
|
||||
check_sshd_access_limit $DENYGROUP_KEY $DENYGROUP
|
||||
if [ $FNRET != 0 ]; then
|
||||
crit "DenyGroups is not set!"
|
||||
else
|
||||
ok "DenyGroups has set limit."
|
||||
|
|
|
|||
19
lib/utils.sh
19
lib/utils.sh
|
|
@ -1194,3 +1194,22 @@ check_aa_status ()
|
|||
fi
|
||||
}
|
||||
|
||||
# Check sshd access limit
|
||||
# If not exist key of above, it's fail beacause default is everyone to allow
|
||||
# Example: $1='AllowUsers' $2='AllowUsers[[:space:]]*\*'
|
||||
check_sshd_access_limit ()
|
||||
{
|
||||
if [ $(sshd -T | grep -ic $1) -eq 1 ]; then
|
||||
if [ $(sshd -T | grep -ic $2) -eq 1 ]; then
|
||||
debug "$1 is not set limit!"
|
||||
FNRET=2
|
||||
else
|
||||
debug "$1 has set limit!"
|
||||
FNRET=0
|
||||
fi
|
||||
else
|
||||
debug "Arguments $1 is not exist! By default, login is allowed for all."
|
||||
FNRET=1
|
||||
fi
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue