New SSH options added and small changes to improve output on screen and in log file

2015-12-04 11:05:13 +01:00 · 2015-12-04 11:05:13 +01:00 · 386d7701f3
parent ce06bc6b2c
commit 386d7701f3
1 changed files with 21 additions and 18 deletions
--- a/include/tests_ssh
+++ b/include/tests_ssh
@ -87,26 +87,28 @@
    if [ ${SKIPTEST} -eq 0 ]; then
        logtext "Test: Checking specific defined options in ${SSH_DAEMON_CONFIG}"
        ## SSHOPTIONS scheme:
-        ##      <OptionName>:<ExpectedValue>,<MediumScoreValue>,<WrongValue>
+        ##      <OptionName>:<ExpectedValue>,<MediumScoreValue>,<WeakValue>
        ##      Example:
        ##      PermitRootLogin:NO,WITHOUT-PASSWORD,YES
-        SSHOPS="Protocol:2,,1\
-                PermitRootLogin:NO,WITHOUT-PASSWORD,YES\
-                StrictModes:YES,,NO\
-                VerifyReverseMapping:YES,,NO\
-                IgnoreRhosts:YES,,NO\
-                UseDNS:YES,,NO\
-                X11Forwarding:NO,,YES\
-                FingerprintHash:SHA256,MD5,\
-                TCPKeepAlive:YES,,NO\
-                Compression:NO,DELAYED,YES\
-                PrintLastLog:YES,,NO"
+        SSHOPS="Compression:NO,DELAYED,YES,\
+                FingerprintHash:SHA256,MD5,,\
+                IgnoreRhosts:YES,,NO,\
+                LogLevel:VERBOSE,INFO,,\
+                PermitRootLogin:NO,WITHOUT-PASSWORD,YES,\
+                PrintLastLog:YES,,NO,\
+                Protocol:2,,1,\
+                StrictModes:YES,,NO,\
+                TCPKeepAlive:YES,,NO,\
+                UseDNS:YES,,NO,\
+                UsePrivilegeSeparation:SANDBOX,YES,NO,\
+                VerifyReverseMapping:YES,,NO,\
+                X11Forwarding:NO,,YES,"

        for I in ${SSHOPS}; do
            OPTIONNAME=`echo ${I} | cut -d ':' -f1`
            EXPECTEDVALUE=`echo ${I} | cut -d ':' -f2 | cut -d',' -f1`
            MEDIUMSCOREDVALUE=`echo ${I} | cut -d ':' -f2 | cut -d',' -f2`
-            WRONGVALUE=`echo ${I} | cut -d ':' -f2 | cut -d',' -f3`
+            WEAKVALUE=`echo ${I} | cut -d ':' -f2 | cut -d',' -f3`
            FOUNDVALUE=`awk -v OPT="${OPTIONNAME}" 'index($0, OPT) == 1 { print toupper($2) }' ${SSH_DAEMON_CONFIG}`
            logtext "Test: Checking ${OPTIONNAME} in ${SSH_DAEMON_CONFIG}"

@ -119,20 +121,21 @@
                    Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result OK --color GREEN
                    AddHP 3 3
                elif [ "${FOUNDVALUE}" = "${MEDIUMSCOREDVALUE}" ]; then
-                    logtext "Result: SSH option ${OPTIONNAME} is configured totally wrong"
-                    ReportSuggestion ${TEST_NO} "Consider hardening of SSH configuration" "${OPTIONNAME}" "-"
+                    logtext "Result: SSH option ${OPTIONNAME} is configured reasonably"
+                    ReportSuggestion ${TEST_NO} "Consider hardening of SSH configuration" "${OPTIONNAME} (${FOUNDVALUE} --> ${EXPECTEDVALUE})" "-"
                    Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result "MEDIUM" --color YELLOW
                    AddHP 1 3
-                elif [ "${FOUNDVALUE}" = "${WRONGVALUE}" ]; then
-                    logtext "Result: SSH option ${OPTIONNAME} is configured totally wrong"
+                elif [ "${FOUNDVALUE}" = "${WEAKVALUE}" ]; then
+                    logtext "Result: SSH option ${OPTIONNAME} is in a weak configuruation state and should be fixed"
                    #ReportWarning ${TEST_NO} "M" "Unsafe configured SSH option: ${OPTIONNAME}"
-                    ReportSuggestion ${TEST_NO} "Consider hardening SSH configuration" "${OPTIONNAME}" "-"
+                    ReportSuggestion ${TEST_NO} "Consider hardening SSH configuration" "${OPTIONNAME} (${FOUNDVALUE} --> ${EXPECTEDVALUE})" "-"
                    Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result WARNING --color RED
                    AddHP 0 3
                else
                    logtext "Result: Value of SSH option ${OPTIONNAME} is unknown (not defined)"
                    Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result DEFAULT --color WHITE
                    #ReportException "SSH-7408:01" "Unknown SSH option"
+                    report "unknown_config_option[]=ssh|$SSH_DAEMON_CONFIG}|${OPTIONNAME}|"
                fi

            else