tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

No warnings for SSH configuration, instead only use suggestions. Plus logging of details.

This commit is contained in:
mboelen 2015-12-03 12:15:49 +01:00
parent e75569babf
commit 7d0f5acc54
1 changed files with 5 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
include/tests_ssh
View File

@ -99,16 +99,12 @@
X11Forwarding:NO,,YES\ X11Forwarding:NO,,YES\
PrintLastLog:YES,,NO" PrintLastLog:YES,,NO"
for I in ${SSHOPS}; for I in ${SSHOPS}; do
do
OPTIONNAME=`echo ${I} | cut -d ':' -f1` OPTIONNAME=`echo ${I} | cut -d ':' -f1`
EXPECTEDVALUE=`echo ${I} | cut -d ':' -f2 | cut -d',' -f1` EXPECTEDVALUE=`echo ${I} | cut -d ':' -f2 | cut -d',' -f1`
MEDIUMSCOREDVALUE=`echo ${I} | cut -d ':' -f2 | cut -d',' -f2` MEDIUMSCOREDVALUE=`echo ${I} | cut -d ':' -f2 | cut -d',' -f2`
WRONGVALUE=`echo ${I} | cut -d ':' -f2 | cut -d',' -f3` WRONGVALUE=`echo ${I} | cut -d ':' -f2 | cut -d',' -f3`
FOUNDVALUE=`awk -v OPT="${OPTIONNAME}" 'index($0, OPT) == 1 { print toupper($2) }' ${SSH_DAEMON_CONFIG}` FOUNDVALUE=`awk -v OPT="${OPTIONNAME}" 'index($0, OPT) == 1 { print toupper($2) }' ${SSH_DAEMON_CONFIG}`
logtext "Test: Checking ${OPTIONNAME} in ${SSH_DAEMON_CONFIG}" logtext "Test: Checking ${OPTIONNAME} in ${SSH_DAEMON_CONFIG}"
if [ ! "${FOUNDVALUE}" = "" ]; then if [ ! "${FOUNDVALUE}" = "" ]; then
@ -119,23 +115,21 @@
logtext "Result: SSH option ${OPTIONNAME} is configured very well" logtext "Result: SSH option ${OPTIONNAME} is configured very well"
Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result OK --color GREEN Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result OK --color GREEN
AddHP 3 3 AddHP 3 3
elif [ "${FOUNDVALUE}" = "${MEDIUMSCOREDVALUE}" ]; then elif [ "${FOUNDVALUE}" = "${MEDIUMSCOREDVALUE}" ]; then
logtext "Result: SSH option ${OPTIONNAME} is configured totally wrong" logtext "Result: SSH option ${OPTIONNAME} is configured totally wrong"
ReportSuggestion ${TEST_NO} "Harder SSH option: ${OPTIONNAME}" ReportSuggestion ${TEST_NO} "Consider hardening of SSH configuration" "${OPTIONNAME}" "-"
Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result "MEDIUM" --color YELLOW Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result "MEDIUM" --color YELLOW
AddHP 1 3 AddHP 1 3
elif [ "${FOUNDVALUE}" = "${WRONGVALUE}" ]; then elif [ "${FOUNDVALUE}" = "${WRONGVALUE}" ]; then
logtext "Result: SSH option ${OPTIONNAME} is configured totally wrong" logtext "Result: SSH option ${OPTIONNAME} is configured totally wrong"
ReportWarning ${TEST_NO} "M" "Unsafe configured SSH option: ${OPTIONNAME}" #ReportWarning ${TEST_NO} "M" "Unsafe configured SSH option: ${OPTIONNAME}"
ReportSuggestion ${TEST_NO} "Reconfigure ${OPTIONNAME}" ReportSuggestion ${TEST_NO} "Consider hardening SSH configuration" "${OPTIONNAME}" "-"
Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result WARNING --color RED Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result WARNING --color RED
AddHP 0 3 AddHP 0 3
else else
logtext "Result: Value of SSH option ${OPTIONNAME} is unknown (not defined)" logtext "Result: Value of SSH option ${OPTIONNAME} is unknown (not defined)"
Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result DEFAULT --color WHITE Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result DEFAULT --color WHITE
#ReportException "SSH-7408:01" "Unknown SSH option"
fi fi
else else