Reordered SSH options, added ServerAliveInterval, changed TCPKeepAlive suggestion

2025-04-08 17:15:25 +02:00 · 2016-02-09 12:54:47 +01:00 · 2016-02-09 12:54:47 +01:00 · a3b4705508
commit a3b4705508
parent 66d8ea418f
1 changed files with 16 additions and 15 deletions
--- a/include/tests_ssh
+++ b/include/tests_ssh
@ -97,30 +97,31 @@
        ##
        ##      Example:
        ##      PermitRootLogin:NO,WITHOUT-PASSWORD,YES,:=
-        SSHOPS="Compression:NO,DELAYED,YES:=\
+        SSHOPS="AllowTcpForwarding:NO,LOCAL,YES:=\
+                ClientAliveCountMax:2,4,16:<\
+                ClientAliveInterval:300,600,900:<\
+                Compression:NO,DELAYED,YES:=\
                FingerprintHash:SHA256,MD5,:=\
+                GatewayPorts:NO,,YES:=\
                IgnoreRhosts:YES,,NO:=\
+                LoginGraceTime:120,240,480:<\
                LogLevel:VERBOSE,INFO,:=\
+                MaxAuthTries:1,3,6:<\
+                MaxStartups:4,8,16:<\
+                MaxSessions:2,4,8:<\
                PermitRootLogin:NO,WITHOUT-PASSWORD,YES:=\
+                PermitUserEnvironment:NO,,YES:=\
+                PermitTunnel:NO,,YES:=\
+                Port:,,22:!\
                PrintLastLog:YES,,NO:=\
                Protocol:2,,1:=\
+                ServerAliveInterval:,,0:>\
                StrictModes:YES,,NO:=\
-                TCPKeepAlive:YES,,NO:=\
+                TCPKeepAlive:NO,,YES:=\
                UseDNS:YES,,NO:=\
                UsePrivilegeSeparation:SANDBOX,YES,NO:=\
                VerifyReverseMapping:YES,,NO:=\
-                X11Forwarding:NO,,YES:=\
-                MaxAuthTries:1,3,6:<\
-                ClientAliveCountMax:2,4,16:<\
-                ClientAliveInterval:300,600,900:<\
-                Port:,,22:!\
-                LoginGraceTime:120,240,480:<\
-                MaxStartups:4,8,16:<\
-                MaxSessions:2,4,8:<\
-                PermitUserEnvironment:NO,,YES:=\
-                GatewayPorts:NO,,YES:=\
-                PermitTunnel:NO,,YES:=\
-                AllowTcpForwarding:NO,LOCAL,YES:="
+                X11Forwarding:NO,,YES:="

        for I in ${SSHOPS}; do
            OPTIONNAME=`echo ${I} | cut -d ':' -f1`
@ -194,7 +195,7 @@
                Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result "MEDIUM" --color YELLOW
                AddHP 1 3
            elif [ "${RESULT}" = "WEAK" ]; then
-                LogText "Result: SSH option ${OPTIONNAME} is in a weak configuruation state and should be fixed"
+                LogText "Result: SSH option ${OPTIONNAME} is in a weak configuration state and should be fixed"
                #ReportWarning ${TEST_NO} "M" "Unsafe configured SSH option: ${OPTIONNAME}"
                ReportSuggestion ${TEST_NO} "Consider hardening SSH configuration" "${OPTIONNAME} (${FOUNDVALUE} --> ${EXPECTEDVALUE})" "-"
                Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result WARNING --color RED