tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-27 07:44:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Reordered SSH options, added ServerAliveInterval, changed TCPKeepAlive suggestion

Browse Source
This commit is contained in:
mboelen 2016-02-09 12:54:47 +01:00
parent 66d8ea418f
commit a3b4705508
1 changed files with 16 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
include/tests_ssh
View File

@ -97,30 +97,31 @@
## ##
## Example: ## Example:
## PermitRootLogin:NO,WITHOUT-PASSWORD,YES,:= ## PermitRootLogin:NO,WITHOUT-PASSWORD,YES,:=
SSHOPS="Compression:NO,DELAYED,YES:=\ SSHOPS="AllowTcpForwarding:NO,LOCAL,YES:=\
ClientAliveCountMax:2,4,16:<\
ClientAliveInterval:300,600,900:<\
Compression:NO,DELAYED,YES:=\
FingerprintHash:SHA256,MD5,:=\ FingerprintHash:SHA256,MD5,:=\
GatewayPorts:NO,,YES:=\
IgnoreRhosts:YES,,NO:=\ IgnoreRhosts:YES,,NO:=\
LoginGraceTime:120,240,480:<\
LogLevel:VERBOSE,INFO,:=\ LogLevel:VERBOSE,INFO,:=\
MaxAuthTries:1,3,6:<\
MaxStartups:4,8,16:<\
MaxSessions:2,4,8:<\
PermitRootLogin:NO,WITHOUT-PASSWORD,YES:=\ PermitRootLogin:NO,WITHOUT-PASSWORD,YES:=\
PermitUserEnvironment:NO,,YES:=\
PermitTunnel:NO,,YES:=\
Port:,,22:!\
PrintLastLog:YES,,NO:=\ PrintLastLog:YES,,NO:=\
Protocol:2,,1:=\ Protocol:2,,1:=\
ServerAliveInterval:,,0:>\
StrictModes:YES,,NO:=\ StrictModes:YES,,NO:=\
TCPKeepAlive:YES,,NO:=\ TCPKeepAlive:NO,,YES:=\
UseDNS:YES,,NO:=\ UseDNS:YES,,NO:=\
UsePrivilegeSeparation:SANDBOX,YES,NO:=\ UsePrivilegeSeparation:SANDBOX,YES,NO:=\
VerifyReverseMapping:YES,,NO:=\ VerifyReverseMapping:YES,,NO:=\
X11Forwarding:NO,,YES:=\ X11Forwarding:NO,,YES:="
MaxAuthTries:1,3,6:<\
ClientAliveCountMax:2,4,16:<\
ClientAliveInterval:300,600,900:<\
Port:,,22:!\
LoginGraceTime:120,240,480:<\
MaxStartups:4,8,16:<\
MaxSessions:2,4,8:<\
PermitUserEnvironment:NO,,YES:=\
GatewayPorts:NO,,YES:=\
PermitTunnel:NO,,YES:=\
AllowTcpForwarding:NO,LOCAL,YES:="
for I in ${SSHOPS}; do for I in ${SSHOPS}; do
OPTIONNAME=`echo ${I} | cut -d ':' -f1` OPTIONNAME=`echo ${I} | cut -d ':' -f1`
@ -194,7 +195,7 @@
Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result "MEDIUM" --color YELLOW Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result "MEDIUM" --color YELLOW
AddHP 1 3 AddHP 1 3
elif [ "${RESULT}" = "WEAK" ]; then elif [ "${RESULT}" = "WEAK" ]; then
LogText "Result: SSH option ${OPTIONNAME} is in a weak configuruation state and should be fixed" LogText "Result: SSH option ${OPTIONNAME} is in a weak configuration state and should be fixed"
#ReportWarning ${TEST_NO} "M" "Unsafe configured SSH option: ${OPTIONNAME}" #ReportWarning ${TEST_NO} "M" "Unsafe configured SSH option: ${OPTIONNAME}"
ReportSuggestion ${TEST_NO} "Consider hardening SSH configuration" "${OPTIONNAME} (${FOUNDVALUE} --> ${EXPECTEDVALUE})" "-" ReportSuggestion ${TEST_NO} "Consider hardening SSH configuration" "${OPTIONNAME} (${FOUNDVALUE} --> ${EXPECTEDVALUE})" "-"
Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result WARNING --color RED Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result WARNING --color RED