mirror of https://github.com/CISOfy/lynis.git
Moved [SSH-7412] into [SSH-7408].
This commit is contained in:
Kamil Boratyński
parent
dcd8f89256
commit
a07c7ae4f9
|
|
@ -90,7 +90,8 @@
|
||||||
## <OptionName>:<ExpectedValue>,<MediumScoreValue>,<WrongValue>
|
## <OptionName>:<ExpectedValue>,<MediumScoreValue>,<WrongValue>
|
||||||
## Example:
|
## Example:
|
||||||
## PermitRootLogin:NO,WITHOUT-PASSWORD,YES
|
## PermitRootLogin:NO,WITHOUT-PASSWORD,YES
|
||||||
SSHOPS="Protocol:2,,1"
|
SSHOPS="Protocol:2,,1\
|
||||||
|
PermitRootLogin:NO,WITHOUT-PASSWORD,YES"
|
||||||
|
|
||||||
for I in ${SSHOPS};
|
for I in ${SSHOPS};
|
||||||
do
|
do
|
||||||
|
|
@ -139,38 +140,6 @@
|
||||||
fi
|
fi
|
||||||
#
|
#
|
||||||
#################################################################################
|
#################################################################################
|
||||||
#
|
|
||||||
# Test : SSH-7412
|
|
||||||
# Description : Check SSH PermitRootLogin option
|
|
||||||
if [ ${SSH_DAEMON_RUNNING} -eq 1 -a ! "${SSH_DAEMON_CONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
|
|
||||||
Register --test-no SSH-7412 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check SSH option: PermitRootLogin"
|
|
||||||
if [ ${SKIPTEST} -eq 0 ]; then
|
|
||||||
logtext "Test: check PermitRootLogin option"
|
|
||||||
FIND=`awk '/^PermitRootLogin/ { print $2 }' ${SSH_DAEMON_CONFIG}`
|
|
||||||
if [ "${FIND}" = "yes" -o "${FIND}" = "YES" -o "${FIND}" = "Yes" ]; then
|
|
||||||
logtext "Result: PermitRootLogin is enabled, root can login directly"
|
|
||||||
Display --indent 4 --text "- SSH option: PermitRootLogin" --result WARNING --color RED
|
|
||||||
ReportWarning ${TEST_NO} "M" "Root can directly login via SSH"
|
|
||||||
AddHP 0 3
|
|
||||||
else
|
|
||||||
# YYY add test for DenyUsers root
|
|
||||||
if [ "${FIND}" = "no" -o "${FIND}" = "No" ]; then
|
|
||||||
logtext "Result: PermitRootLogin is disabled. Root can't login directly"
|
|
||||||
Display --indent 4 --text "- SSH option: PermitRootLogin" --result DISABLED --color GREEN
|
|
||||||
AddHP 3 3
|
|
||||||
elif [ "${FIND}" = "without-password" ]; then
|
|
||||||
# Check if password authentication is disabled for root user, so this option is used properly
|
|
||||||
logtext "Result: PermitRootLogin is disabled. Root can't login directly"
|
|
||||||
Display --indent 4 --text "- SSH option: PermitRootLogin (without-password)" --result OK --color GREEN
|
|
||||||
AddHP 3 3
|
|
||||||
else
|
|
||||||
logtext "Result: Value of PermitRootLogin is unknown (not defined)"
|
|
||||||
Display --indent 4 --text "- SSH option: PermitRootLogin" --result DEFAULT --color WHITE
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
#
|
|
||||||
#################################################################################
|
|
||||||
#
|
#
|
||||||
# Test : SSH-7416
|
# Test : SSH-7416
|
||||||
# Description : Check SSH StrictModes option
|
# Description : Check SSH StrictModes option
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue