tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Tweaked nginx protocol check so it actually works. Added insecure protocol detection.

This commit is contained in:
d4t4king 2014-10-08 22:04:29 +00:00
parent 3d0fb8d529
commit 111097506f
2 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
include/functions
View File

@ -824,6 +824,7 @@
if [ "${VALUE}" = "on" ]; then NGINX_SSL_PREFER_SERVER_CIPHERS=1; fi if [ "${VALUE}" = "on" ]; then NGINX_SSL_PREFER_SERVER_CIPHERS=1; fi
;; ;;
ssl_protocols) ssl_protocols)
NGINX_SSL_PROTOCOLS=1
;; ;;
ssl_session_cache) ssl_session_cache)
;; ;;

6
include/tests_webservers
View File

@ -501,6 +501,12 @@
if [ ${NGINX_SSL_PROTOCOLS} -eq 1 ]; then if [ ${NGINX_SSL_PROTOCOLS} -eq 1 ]; then
Display --indent 8 --text "- Protocols configured" --result "YES" --color GREEN Display --indent 8 --text "- Protocols configured" --result "YES" --color GREEN
FIND=`${GREPBINARY} "ssl_protocols" ${NGINX_CONF_LOCATION} | ${GREPBINARY} "SSLv[12]"`
if [ "${FIND}" = "" ]; then
Display --indent 10 --text "- Insecure protocols found" --result "NO" --color GREEN
else
Display --indent 10 --text "- Insecure protocols found" --result "YES" --color RED
fi
else else
Display --indent 8 --text "- Protocols configured" --result "NO" --color RED Display --indent 8 --text "- Protocols configured" --result "NO" --color RED
NGINX_SSL_SUGGESTION=1 NGINX_SSL_SUGGESTION=1