Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/CISOfy/lynis.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/include/tests_ssh
diff options
context:
space:
mode:
authormboelen <michael@cisofy.com>2016-04-19 13:37:40 +0300
committermboelen <michael@cisofy.com>2016-04-19 13:37:40 +0300
commita2594fc3709984b26737c7121e898981709e3899 (patch)
treed010ddaf5aace9776e5614cdcc73f98f391edf22 /include/tests_ssh
parente9eae5b8b53d9a4b2bb3ee7048a1f27b4dc3e027 (diff)
[SSH-7408] Allow skipping some of the SSH tests
Diffstat (limited to 'include/tests_ssh')
-rw-r--r--include/tests_ssh142
1 files changed, 72 insertions, 70 deletions
diff --git a/include/tests_ssh b/include/tests_ssh
index f1ee10d2..8c13ff51 100644
--- a/include/tests_ssh
+++ b/include/tests_ssh
@@ -143,87 +143,89 @@
WEAKVALUE=`echo ${I} | cut -d ':' -f2 | cut -d',' -f3`
TESTTYPE=`echo ${I} | cut -d ':' -f3`
RESULT="NONE"
- # Get value and use the last occurrence
- FOUNDVALUE=`awk -v OPT="${OPTIONNAME_LOWER}" 'index($0, OPT) == 1 { print toupper($2) }' ${SSH_OPTIONS_FILE} | tail -1`
- LogText "Test: Checking ${OPTIONNAME} in ${SSH_OPTIONS_FILE}"
- if [ ! "${FOUNDVALUE}" = "" ]; then
- LogText "Result: Option ${OPTIONNAME} found"
- LogText "Result: Option ${OPTIONNAME} value is ${FOUNDVALUE}"
+ if ! SkipAtomicTest "${TEST_NO}:${OPTIONNAME_LOWER}"; then
- if [ "${TESTTYPE}" = "=" ]; then
- if [ "${FOUNDVALUE}" = "${EXPECTEDVALUE}" ]; then
- RESULT="GOOD"
- elif [ "${FOUNDVALUE}" = "${MEDIUMSCOREDVALUE}" ]; then
- RESULT="MIDSCORED"
- elif [ "${FOUNDVALUE}" = "${WEAKVALUE}" ]; then
- RESULT="WEAK"
- else
- RESULT="UNKNOWN"
- fi
+ # Get value and use the last occurrence
+ FOUNDVALUE=`awk -v OPT="${OPTIONNAME_LOWER}" 'index($0, OPT) == 1 { print toupper($2) }' ${SSH_OPTIONS_FILE} | tail -1`
+ LogText "Test: Checking ${OPTIONNAME} in ${SSH_OPTIONS_FILE}"
- elif [ "${TESTTYPE}" = "<" ]; then
- if [ "${FOUNDVALUE}" -ge "${WEAKVALUE}" -o "${FOUNDVALUE}" -gt "${MEDIUMSCOREDVALUE}" ]; then
- RESULT="WEAK"
- elif [ "${FOUNDVALUE}" -le "${MEDIUMSCOREDVALUE}" -a "${FOUNDVALUE}" -gt "${EXPECTEDVALUE}" ]; then
- RESULT="MIDSCORED"
- elif [ "${FOUNDVALUE}" -le "${EXPECTEDVALUE}" ]; then
- RESULT="GOOD"
- else
- RESULT="UNKNOWN"
- fi
+ if [ ! "${FOUNDVALUE}" = "" ]; then
+ LogText "Result: Option ${OPTIONNAME} found"
+ LogText "Result: Option ${OPTIONNAME} value is ${FOUNDVALUE}"
- elif [ "${TESTTYPE}" = ">" ]; then
- if [ "${FOUNDVALUE}" -le "${WEAKVALUE}" ]; then
- RESULT="WEAK"
- elif [ "${FOUNDVALUE}" -le "${WEAKVALUE}" -a "${FOUNDVALUE}" -ge "${MEDIUMSCOREDVALUE}" ]; then
- RESULT="MIDSCORED"
- elif [ "${FOUNDVALUE}" -ge "${EXPECTEDVALUE}" ]; then
- RESULT="GOOD"
- else
- RESULT="UNKNOWN"
- fi
+ if [ "${TESTTYPE}" = "=" ]; then
+ if [ "${FOUNDVALUE}" = "${EXPECTEDVALUE}" ]; then
+ RESULT="GOOD"
+ elif [ "${FOUNDVALUE}" = "${MEDIUMSCOREDVALUE}" ]; then
+ RESULT="MIDSCORED"
+ elif [ "${FOUNDVALUE}" = "${WEAKVALUE}" ]; then
+ RESULT="WEAK"
+ else
+ RESULT="UNKNOWN"
+ fi
+
+ elif [ "${TESTTYPE}" = "<" ]; then
+ if [ "${FOUNDVALUE}" -ge "${WEAKVALUE}" -o "${FOUNDVALUE}" -gt "${MEDIUMSCOREDVALUE}" ]; then
+ RESULT="WEAK"
+ elif [ "${FOUNDVALUE}" -le "${MEDIUMSCOREDVALUE}" -a "${FOUNDVALUE}" -gt "${EXPECTEDVALUE}" ]; then
+ RESULT="MIDSCORED"
+ elif [ "${FOUNDVALUE}" -le "${EXPECTEDVALUE}" ]; then
+ RESULT="GOOD"
+ else
+ RESULT="UNKNOWN"
+ fi
+
+ elif [ "${TESTTYPE}" = ">" ]; then
+ if [ "${FOUNDVALUE}" -le "${WEAKVALUE}" ]; then
+ RESULT="WEAK"
+ elif [ "${FOUNDVALUE}" -le "${WEAKVALUE}" -a "${FOUNDVALUE}" -ge "${MEDIUMSCOREDVALUE}" ]; then
+ RESULT="MIDSCORED"
+ elif [ "${FOUNDVALUE}" -ge "${EXPECTEDVALUE}" ]; then
+ RESULT="GOOD"
+ else
+ RESULT="UNKNOWN"
+ fi
+
+ elif [ "${TESTTYPE}" = "!" ]; then
+ if [ "${FOUNDVALUE}" = "${WEAKVALUE}" ]; then
+ RESULT="WEAK"
+ elif [ ! "${FOUNDVALUE}" = "${WEAKVALUE}" ]; then
+ RESULT="GOOD"
+ else
+ RESULT="UNKNOWN"
+ fi
- elif [ "${TESTTYPE}" = "!" ]; then
- if [ "${FOUNDVALUE}" = "${WEAKVALUE}" ]; then
- RESULT="WEAK"
- elif [ ! "${FOUNDVALUE}" = "${WEAKVALUE}" ]; then
- RESULT="GOOD"
else
- RESULT="UNKNOWN"
+ RESULT="NONE"
fi
+ fi
+ if [ "${RESULT}" = "GOOD" ]; then
+ LogText "Result: SSH option ${OPTIONNAME} is configured very well"
+ Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result OK --color GREEN
+ AddHP 3 3
+ elif [ "${RESULT}" = "MIDSCORED" ]; then
+ LogText "Result: SSH option ${OPTIONNAME} is configured reasonably"
+ ReportSuggestion ${TEST_NO} "Consider hardening SSH configuration" "${OPTIONNAME} (${FOUNDVALUE} --> ${EXPECTEDVALUE})" "-"
+ ReportDetails --test "${TEST_NO}" --service "sshd" --field "${OPTIONNAME}" --value "${FOUNDVALUE}" --preferredvalue "${EXPECTEDVALUE}" --description "sshd option ${OPTIONNAME}"
+ Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result "MEDIUM" --color YELLOW
+ AddHP 1 3
+ elif [ "${RESULT}" = "WEAK" ]; then
+ LogText "Result: SSH option ${OPTIONNAME} is in a weak configuration state and should be fixed"
+ ReportSuggestion ${TEST_NO} "Consider hardening SSH configuration" "${OPTIONNAME} (${FOUNDVALUE} --> ${EXPECTEDVALUE})" "-"
+ ReportDetails --test "${TEST_NO}" --service "sshd" --field "${OPTIONNAME}" --value "${FOUNDVALUE}" --preferredvalue "${EXPECTEDVALUE}" --description "sshd option ${OPTIONNAME}"
+ Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result WARNING --color RED
+ AddHP 0 3
+ elif [ "${RESULT}" = "UNKNOWN" ]; then
+ LogText "Result: Value of SSH option ${OPTIONNAME} is unknown (not defined)"
+ Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result DEFAULT --color WHITE
+ Report "unknown_config_option[]=ssh|$SSH_DAEMON_CONFIG}|${OPTIONNAME}|"
else
- RESULT="NONE"
+ LogText "Result: Option ${OPTIONNAME} not found in output"
+ Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result "NOT FOUND" --color WHITE
fi
fi
-
-
- if [ "${RESULT}" = "GOOD" ]; then
- LogText "Result: SSH option ${OPTIONNAME} is configured very well"
- Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result OK --color GREEN
- AddHP 3 3
- elif [ "${RESULT}" = "MIDSCORED" ]; then
- LogText "Result: SSH option ${OPTIONNAME} is configured reasonably"
- ReportSuggestion ${TEST_NO} "Consider hardening SSH configuration" "${OPTIONNAME} (${FOUNDVALUE} --> ${EXPECTEDVALUE})" "-"
- ReportDetails --test "${TEST_NO}" --service "sshd" --field "${OPTIONNAME}" --value "${FOUNDVALUE}" --preferredvalue "${EXPECTEDVALUE}" --description "sshd option ${OPTIONNAME}"
- Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result "MEDIUM" --color YELLOW
- AddHP 1 3
- elif [ "${RESULT}" = "WEAK" ]; then
- LogText "Result: SSH option ${OPTIONNAME} is in a weak configuration state and should be fixed"
- ReportSuggestion ${TEST_NO} "Consider hardening SSH configuration" "${OPTIONNAME} (${FOUNDVALUE} --> ${EXPECTEDVALUE})" "-"
- ReportDetails --test "${TEST_NO}" --service "sshd" --field "${OPTIONNAME}" --value "${FOUNDVALUE}" --preferredvalue "${EXPECTEDVALUE}" --description "sshd option ${OPTIONNAME}"
- Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result WARNING --color RED
- AddHP 0 3
- elif [ "${RESULT}" = "UNKNOWN" ]; then
- LogText "Result: Value of SSH option ${OPTIONNAME} is unknown (not defined)"
- Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result DEFAULT --color WHITE
- Report "unknown_config_option[]=ssh|$SSH_DAEMON_CONFIG}|${OPTIONNAME}|"
- else
- LogText "Result: Option ${OPTIONNAME} not found in output"
- Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result "NOT FOUND" --color WHITE
- fi
-
done
fi
#
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-19 05:35:32 +0300