From a2594fc3709984b26737c7121e898981709e3899 Mon Sep 17 00:00:00 2001 From: mboelen Date: Tue, 19 Apr 2016 12:37:40 +0200 Subject: [PATCH] [SSH-7408] Allow skipping some of the SSH tests --- include/tests_ssh | 148 +++++++++++++++++++++++----------------------- 1 file changed, 75 insertions(+), 73 deletions(-) diff --git a/include/tests_ssh b/include/tests_ssh index f1ee10d2..8c13ff51 100644 --- a/include/tests_ssh +++ b/include/tests_ssh @@ -143,87 +143,89 @@ WEAKVALUE=`echo ${I} | cut -d ':' -f2 | cut -d',' -f3` TESTTYPE=`echo ${I} | cut -d ':' -f3` RESULT="NONE" - # Get value and use the last occurrence - FOUNDVALUE=`awk -v OPT="${OPTIONNAME_LOWER}" 'index($0, OPT) == 1 { print toupper($2) }' ${SSH_OPTIONS_FILE} | tail -1` - LogText "Test: Checking ${OPTIONNAME} in ${SSH_OPTIONS_FILE}" - if [ ! "${FOUNDVALUE}" = "" ]; then - LogText "Result: Option ${OPTIONNAME} found" - LogText "Result: Option ${OPTIONNAME} value is ${FOUNDVALUE}" + if ! SkipAtomicTest "${TEST_NO}:${OPTIONNAME_LOWER}"; then + + # Get value and use the last occurrence + FOUNDVALUE=`awk -v OPT="${OPTIONNAME_LOWER}" 'index($0, OPT) == 1 { print toupper($2) }' ${SSH_OPTIONS_FILE} | tail -1` + LogText "Test: Checking ${OPTIONNAME} in ${SSH_OPTIONS_FILE}" + + if [ ! "${FOUNDVALUE}" = "" ]; then + LogText "Result: Option ${OPTIONNAME} found" + LogText "Result: Option ${OPTIONNAME} value is ${FOUNDVALUE}" + + if [ "${TESTTYPE}" = "=" ]; then + if [ "${FOUNDVALUE}" = "${EXPECTEDVALUE}" ]; then + RESULT="GOOD" + elif [ "${FOUNDVALUE}" = "${MEDIUMSCOREDVALUE}" ]; then + RESULT="MIDSCORED" + elif [ "${FOUNDVALUE}" = "${WEAKVALUE}" ]; then + RESULT="WEAK" + else + RESULT="UNKNOWN" + fi + + elif [ "${TESTTYPE}" = "<" ]; then + if [ "${FOUNDVALUE}" -ge "${WEAKVALUE}" -o "${FOUNDVALUE}" -gt "${MEDIUMSCOREDVALUE}" ]; then + RESULT="WEAK" + elif [ "${FOUNDVALUE}" -le "${MEDIUMSCOREDVALUE}" -a "${FOUNDVALUE}" -gt "${EXPECTEDVALUE}" ]; then + RESULT="MIDSCORED" + elif [ "${FOUNDVALUE}" -le "${EXPECTEDVALUE}" ]; then + RESULT="GOOD" + else + RESULT="UNKNOWN" + fi + + elif [ "${TESTTYPE}" = ">" ]; then + if [ "${FOUNDVALUE}" -le "${WEAKVALUE}" ]; then + RESULT="WEAK" + elif [ "${FOUNDVALUE}" -le "${WEAKVALUE}" -a "${FOUNDVALUE}" -ge "${MEDIUMSCOREDVALUE}" ]; then + RESULT="MIDSCORED" + elif [ "${FOUNDVALUE}" -ge "${EXPECTEDVALUE}" ]; then + RESULT="GOOD" + else + RESULT="UNKNOWN" + fi + + elif [ "${TESTTYPE}" = "!" ]; then + if [ "${FOUNDVALUE}" = "${WEAKVALUE}" ]; then + RESULT="WEAK" + elif [ ! "${FOUNDVALUE}" = "${WEAKVALUE}" ]; then + RESULT="GOOD" + else + RESULT="UNKNOWN" + fi - if [ "${TESTTYPE}" = "=" ]; then - if [ "${FOUNDVALUE}" = "${EXPECTEDVALUE}" ]; then - RESULT="GOOD" - elif [ "${FOUNDVALUE}" = "${MEDIUMSCOREDVALUE}" ]; then - RESULT="MIDSCORED" - elif [ "${FOUNDVALUE}" = "${WEAKVALUE}" ]; then - RESULT="WEAK" else - RESULT="UNKNOWN" - fi - - elif [ "${TESTTYPE}" = "<" ]; then - if [ "${FOUNDVALUE}" -ge "${WEAKVALUE}" -o "${FOUNDVALUE}" -gt "${MEDIUMSCOREDVALUE}" ]; then - RESULT="WEAK" - elif [ "${FOUNDVALUE}" -le "${MEDIUMSCOREDVALUE}" -a "${FOUNDVALUE}" -gt "${EXPECTEDVALUE}" ]; then - RESULT="MIDSCORED" - elif [ "${FOUNDVALUE}" -le "${EXPECTEDVALUE}" ]; then - RESULT="GOOD" - else - RESULT="UNKNOWN" - fi - - elif [ "${TESTTYPE}" = ">" ]; then - if [ "${FOUNDVALUE}" -le "${WEAKVALUE}" ]; then - RESULT="WEAK" - elif [ "${FOUNDVALUE}" -le "${WEAKVALUE}" -a "${FOUNDVALUE}" -ge "${MEDIUMSCOREDVALUE}" ]; then - RESULT="MIDSCORED" - elif [ "${FOUNDVALUE}" -ge "${EXPECTEDVALUE}" ]; then - RESULT="GOOD" - else - RESULT="UNKNOWN" - fi - - elif [ "${TESTTYPE}" = "!" ]; then - if [ "${FOUNDVALUE}" = "${WEAKVALUE}" ]; then - RESULT="WEAK" - elif [ ! "${FOUNDVALUE}" = "${WEAKVALUE}" ]; then - RESULT="GOOD" - else - RESULT="UNKNOWN" + RESULT="NONE" fi + fi + if [ "${RESULT}" = "GOOD" ]; then + LogText "Result: SSH option ${OPTIONNAME} is configured very well" + Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result OK --color GREEN + AddHP 3 3 + elif [ "${RESULT}" = "MIDSCORED" ]; then + LogText "Result: SSH option ${OPTIONNAME} is configured reasonably" + ReportSuggestion ${TEST_NO} "Consider hardening SSH configuration" "${OPTIONNAME} (${FOUNDVALUE} --> ${EXPECTEDVALUE})" "-" + ReportDetails --test "${TEST_NO}" --service "sshd" --field "${OPTIONNAME}" --value "${FOUNDVALUE}" --preferredvalue "${EXPECTEDVALUE}" --description "sshd option ${OPTIONNAME}" + Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result "MEDIUM" --color YELLOW + AddHP 1 3 + elif [ "${RESULT}" = "WEAK" ]; then + LogText "Result: SSH option ${OPTIONNAME} is in a weak configuration state and should be fixed" + ReportSuggestion ${TEST_NO} "Consider hardening SSH configuration" "${OPTIONNAME} (${FOUNDVALUE} --> ${EXPECTEDVALUE})" "-" + ReportDetails --test "${TEST_NO}" --service "sshd" --field "${OPTIONNAME}" --value "${FOUNDVALUE}" --preferredvalue "${EXPECTEDVALUE}" --description "sshd option ${OPTIONNAME}" + Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result WARNING --color RED + AddHP 0 3 + elif [ "${RESULT}" = "UNKNOWN" ]; then + LogText "Result: Value of SSH option ${OPTIONNAME} is unknown (not defined)" + Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result DEFAULT --color WHITE + Report "unknown_config_option[]=ssh|$SSH_DAEMON_CONFIG}|${OPTIONNAME}|" else - RESULT="NONE" + LogText "Result: Option ${OPTIONNAME} not found in output" + Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result "NOT FOUND" --color WHITE fi fi - - - if [ "${RESULT}" = "GOOD" ]; then - LogText "Result: SSH option ${OPTIONNAME} is configured very well" - Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result OK --color GREEN - AddHP 3 3 - elif [ "${RESULT}" = "MIDSCORED" ]; then - LogText "Result: SSH option ${OPTIONNAME} is configured reasonably" - ReportSuggestion ${TEST_NO} "Consider hardening SSH configuration" "${OPTIONNAME} (${FOUNDVALUE} --> ${EXPECTEDVALUE})" "-" - ReportDetails --test "${TEST_NO}" --service "sshd" --field "${OPTIONNAME}" --value "${FOUNDVALUE}" --preferredvalue "${EXPECTEDVALUE}" --description "sshd option ${OPTIONNAME}" - Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result "MEDIUM" --color YELLOW - AddHP 1 3 - elif [ "${RESULT}" = "WEAK" ]; then - LogText "Result: SSH option ${OPTIONNAME} is in a weak configuration state and should be fixed" - ReportSuggestion ${TEST_NO} "Consider hardening SSH configuration" "${OPTIONNAME} (${FOUNDVALUE} --> ${EXPECTEDVALUE})" "-" - ReportDetails --test "${TEST_NO}" --service "sshd" --field "${OPTIONNAME}" --value "${FOUNDVALUE}" --preferredvalue "${EXPECTEDVALUE}" --description "sshd option ${OPTIONNAME}" - Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result WARNING --color RED - AddHP 0 3 - elif [ "${RESULT}" = "UNKNOWN" ]; then - LogText "Result: Value of SSH option ${OPTIONNAME} is unknown (not defined)" - Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result DEFAULT --color WHITE - Report "unknown_config_option[]=ssh|$SSH_DAEMON_CONFIG}|${OPTIONNAME}|" - else - LogText "Result: Option ${OPTIONNAME} not found in output" - Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result "NOT FOUND" --color WHITE - fi - done fi #