mirror of https://github.com/CISOfy/lynis.git
[SSH-7408] Allow skipping some of the SSH tests
This commit is contained in:
mboelen
parent
e9eae5b8b5
commit
a2594fc370
|
|
@ -143,87 +143,89 @@
|
|||
WEAKVALUE=`echo ${I} | cut -d ':' -f2 | cut -d',' -f3`
|
||||
TESTTYPE=`echo ${I} | cut -d ':' -f3`
|
||||
RESULT="NONE"
|
||||
# Get value and use the last occurrence
|
||||
FOUNDVALUE=`awk -v OPT="${OPTIONNAME_LOWER}" 'index($0, OPT) == 1 { print toupper($2) }' ${SSH_OPTIONS_FILE} | tail -1`
|
||||
LogText "Test: Checking ${OPTIONNAME} in ${SSH_OPTIONS_FILE}"
|
||||
|
||||
if [ ! "${FOUNDVALUE}" = "" ]; then
|
||||
LogText "Result: Option ${OPTIONNAME} found"
|
||||
LogText "Result: Option ${OPTIONNAME} value is ${FOUNDVALUE}"
|
||||
if ! SkipAtomicTest "${TEST_NO}:${OPTIONNAME_LOWER}"; then
|
||||
|
||||
# Get value and use the last occurrence
|
||||
FOUNDVALUE=`awk -v OPT="${OPTIONNAME_LOWER}" 'index($0, OPT) == 1 { print toupper($2) }' ${SSH_OPTIONS_FILE} | tail -1`
|
||||
LogText "Test: Checking ${OPTIONNAME} in ${SSH_OPTIONS_FILE}"
|
||||
|
||||
if [ ! "${FOUNDVALUE}" = "" ]; then
|
||||
LogText "Result: Option ${OPTIONNAME} found"
|
||||
LogText "Result: Option ${OPTIONNAME} value is ${FOUNDVALUE}"
|
||||
|
||||
if [ "${TESTTYPE}" = "=" ]; then
|
||||
if [ "${FOUNDVALUE}" = "${EXPECTEDVALUE}" ]; then
|
||||
RESULT="GOOD"
|
||||
elif [ "${FOUNDVALUE}" = "${MEDIUMSCOREDVALUE}" ]; then
|
||||
RESULT="MIDSCORED"
|
||||
elif [ "${FOUNDVALUE}" = "${WEAKVALUE}" ]; then
|
||||
RESULT="WEAK"
|
||||
else
|
||||
RESULT="UNKNOWN"
|
||||
fi
|
||||
|
||||
elif [ "${TESTTYPE}" = "<" ]; then
|
||||
if [ "${FOUNDVALUE}" -ge "${WEAKVALUE}" -o "${FOUNDVALUE}" -gt "${MEDIUMSCOREDVALUE}" ]; then
|
||||
RESULT="WEAK"
|
||||
elif [ "${FOUNDVALUE}" -le "${MEDIUMSCOREDVALUE}" -a "${FOUNDVALUE}" -gt "${EXPECTEDVALUE}" ]; then
|
||||
RESULT="MIDSCORED"
|
||||
elif [ "${FOUNDVALUE}" -le "${EXPECTEDVALUE}" ]; then
|
||||
RESULT="GOOD"
|
||||
else
|
||||
RESULT="UNKNOWN"
|
||||
fi
|
||||
|
||||
elif [ "${TESTTYPE}" = ">" ]; then
|
||||
if [ "${FOUNDVALUE}" -le "${WEAKVALUE}" ]; then
|
||||
RESULT="WEAK"
|
||||
elif [ "${FOUNDVALUE}" -le "${WEAKVALUE}" -a "${FOUNDVALUE}" -ge "${MEDIUMSCOREDVALUE}" ]; then
|
||||
RESULT="MIDSCORED"
|
||||
elif [ "${FOUNDVALUE}" -ge "${EXPECTEDVALUE}" ]; then
|
||||
RESULT="GOOD"
|
||||
else
|
||||
RESULT="UNKNOWN"
|
||||
fi
|
||||
|
||||
elif [ "${TESTTYPE}" = "!" ]; then
|
||||
if [ "${FOUNDVALUE}" = "${WEAKVALUE}" ]; then
|
||||
RESULT="WEAK"
|
||||
elif [ ! "${FOUNDVALUE}" = "${WEAKVALUE}" ]; then
|
||||
RESULT="GOOD"
|
||||
else
|
||||
RESULT="UNKNOWN"
|
||||
fi
|
||||
|
||||
if [ "${TESTTYPE}" = "=" ]; then
|
||||
if [ "${FOUNDVALUE}" = "${EXPECTEDVALUE}" ]; then
|
||||
RESULT="GOOD"
|
||||
elif [ "${FOUNDVALUE}" = "${MEDIUMSCOREDVALUE}" ]; then
|
||||
RESULT="MIDSCORED"
|
||||
elif [ "${FOUNDVALUE}" = "${WEAKVALUE}" ]; then
|
||||
RESULT="WEAK"
|
||||
else
|
||||
RESULT="UNKNOWN"
|
||||
fi
|
||||
|
||||
elif [ "${TESTTYPE}" = "<" ]; then
|
||||
if [ "${FOUNDVALUE}" -ge "${WEAKVALUE}" -o "${FOUNDVALUE}" -gt "${MEDIUMSCOREDVALUE}" ]; then
|
||||
RESULT="WEAK"
|
||||
elif [ "${FOUNDVALUE}" -le "${MEDIUMSCOREDVALUE}" -a "${FOUNDVALUE}" -gt "${EXPECTEDVALUE}" ]; then
|
||||
RESULT="MIDSCORED"
|
||||
elif [ "${FOUNDVALUE}" -le "${EXPECTEDVALUE}" ]; then
|
||||
RESULT="GOOD"
|
||||
else
|
||||
RESULT="UNKNOWN"
|
||||
fi
|
||||
|
||||
elif [ "${TESTTYPE}" = ">" ]; then
|
||||
if [ "${FOUNDVALUE}" -le "${WEAKVALUE}" ]; then
|
||||
RESULT="WEAK"
|
||||
elif [ "${FOUNDVALUE}" -le "${WEAKVALUE}" -a "${FOUNDVALUE}" -ge "${MEDIUMSCOREDVALUE}" ]; then
|
||||
RESULT="MIDSCORED"
|
||||
elif [ "${FOUNDVALUE}" -ge "${EXPECTEDVALUE}" ]; then
|
||||
RESULT="GOOD"
|
||||
else
|
||||
RESULT="UNKNOWN"
|
||||
fi
|
||||
|
||||
elif [ "${TESTTYPE}" = "!" ]; then
|
||||
if [ "${FOUNDVALUE}" = "${WEAKVALUE}" ]; then
|
||||
RESULT="WEAK"
|
||||
elif [ ! "${FOUNDVALUE}" = "${WEAKVALUE}" ]; then
|
||||
RESULT="GOOD"
|
||||
else
|
||||
RESULT="UNKNOWN"
|
||||
RESULT="NONE"
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ "${RESULT}" = "GOOD" ]; then
|
||||
LogText "Result: SSH option ${OPTIONNAME} is configured very well"
|
||||
Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result OK --color GREEN
|
||||
AddHP 3 3
|
||||
elif [ "${RESULT}" = "MIDSCORED" ]; then
|
||||
LogText "Result: SSH option ${OPTIONNAME} is configured reasonably"
|
||||
ReportSuggestion ${TEST_NO} "Consider hardening SSH configuration" "${OPTIONNAME} (${FOUNDVALUE} --> ${EXPECTEDVALUE})" "-"
|
||||
ReportDetails --test "${TEST_NO}" --service "sshd" --field "${OPTIONNAME}" --value "${FOUNDVALUE}" --preferredvalue "${EXPECTEDVALUE}" --description "sshd option ${OPTIONNAME}"
|
||||
Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result "MEDIUM" --color YELLOW
|
||||
AddHP 1 3
|
||||
elif [ "${RESULT}" = "WEAK" ]; then
|
||||
LogText "Result: SSH option ${OPTIONNAME} is in a weak configuration state and should be fixed"
|
||||
ReportSuggestion ${TEST_NO} "Consider hardening SSH configuration" "${OPTIONNAME} (${FOUNDVALUE} --> ${EXPECTEDVALUE})" "-"
|
||||
ReportDetails --test "${TEST_NO}" --service "sshd" --field "${OPTIONNAME}" --value "${FOUNDVALUE}" --preferredvalue "${EXPECTEDVALUE}" --description "sshd option ${OPTIONNAME}"
|
||||
Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result WARNING --color RED
|
||||
AddHP 0 3
|
||||
elif [ "${RESULT}" = "UNKNOWN" ]; then
|
||||
LogText "Result: Value of SSH option ${OPTIONNAME} is unknown (not defined)"
|
||||
Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result DEFAULT --color WHITE
|
||||
Report "unknown_config_option[]=ssh|$SSH_DAEMON_CONFIG}|${OPTIONNAME}|"
|
||||
else
|
||||
RESULT="NONE"
|
||||
LogText "Result: Option ${OPTIONNAME} not found in output"
|
||||
Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result "NOT FOUND" --color WHITE
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
if [ "${RESULT}" = "GOOD" ]; then
|
||||
LogText "Result: SSH option ${OPTIONNAME} is configured very well"
|
||||
Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result OK --color GREEN
|
||||
AddHP 3 3
|
||||
elif [ "${RESULT}" = "MIDSCORED" ]; then
|
||||
LogText "Result: SSH option ${OPTIONNAME} is configured reasonably"
|
||||
ReportSuggestion ${TEST_NO} "Consider hardening SSH configuration" "${OPTIONNAME} (${FOUNDVALUE} --> ${EXPECTEDVALUE})" "-"
|
||||
ReportDetails --test "${TEST_NO}" --service "sshd" --field "${OPTIONNAME}" --value "${FOUNDVALUE}" --preferredvalue "${EXPECTEDVALUE}" --description "sshd option ${OPTIONNAME}"
|
||||
Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result "MEDIUM" --color YELLOW
|
||||
AddHP 1 3
|
||||
elif [ "${RESULT}" = "WEAK" ]; then
|
||||
LogText "Result: SSH option ${OPTIONNAME} is in a weak configuration state and should be fixed"
|
||||
ReportSuggestion ${TEST_NO} "Consider hardening SSH configuration" "${OPTIONNAME} (${FOUNDVALUE} --> ${EXPECTEDVALUE})" "-"
|
||||
ReportDetails --test "${TEST_NO}" --service "sshd" --field "${OPTIONNAME}" --value "${FOUNDVALUE}" --preferredvalue "${EXPECTEDVALUE}" --description "sshd option ${OPTIONNAME}"
|
||||
Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result WARNING --color RED
|
||||
AddHP 0 3
|
||||
elif [ "${RESULT}" = "UNKNOWN" ]; then
|
||||
LogText "Result: Value of SSH option ${OPTIONNAME} is unknown (not defined)"
|
||||
Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result DEFAULT --color WHITE
|
||||
Report "unknown_config_option[]=ssh|$SSH_DAEMON_CONFIG}|${OPTIONNAME}|"
|
||||
else
|
||||
LogText "Result: Option ${OPTIONNAME} not found in output"
|
||||
Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result "NOT FOUND" --color WHITE
|
||||
fi
|
||||
|
||||
done
|
||||
fi
|
||||
#
|
||||
|
|
|
|||
Loading…
Reference in New Issue