diff options
| author | mboelen <michael@cisofy.com> | 2016-02-09 14:54:47 +0300 |
|---|---|---|
| committer | mboelen <michael@cisofy.com> | 2016-02-09 14:54:47 +0300 |
| commit | a3b47055088895d9072087daf18e4d54dfcccb6a (patch) | |
| tree | 1e1a1a713a5628ffa898e660af54e382cd54125d /include/tests_ssh | |
| parent | 66d8ea418f9e4a1435d4522862646dd10ed2fb7f (diff) | |
Reordered SSH options, added ServerAliveInterval, changed TCPKeepAlive suggestion
Diffstat (limited to 'include/tests_ssh')
| -rw-r--r-- | include/tests_ssh | 31 |
1 files changed, 16 insertions, 15 deletions
diff --git a/include/tests_ssh b/include/tests_ssh index 39e13eea..a1d79d3e 100644 --- a/include/tests_ssh +++ b/include/tests_ssh @@ -97,30 +97,31 @@ ## ## Example: ## PermitRootLogin:NO,WITHOUT-PASSWORD,YES,:= - SSHOPS="Compression:NO,DELAYED,YES:=\ + SSHOPS="AllowTcpForwarding:NO,LOCAL,YES:=\ + ClientAliveCountMax:2,4,16:<\ + ClientAliveInterval:300,600,900:<\ + Compression:NO,DELAYED,YES:=\ FingerprintHash:SHA256,MD5,:=\ + GatewayPorts:NO,,YES:=\ IgnoreRhosts:YES,,NO:=\ + LoginGraceTime:120,240,480:<\ LogLevel:VERBOSE,INFO,:=\ + MaxAuthTries:1,3,6:<\ + MaxStartups:4,8,16:<\ + MaxSessions:2,4,8:<\ PermitRootLogin:NO,WITHOUT-PASSWORD,YES:=\ + PermitUserEnvironment:NO,,YES:=\ + PermitTunnel:NO,,YES:=\ + Port:,,22:!\ PrintLastLog:YES,,NO:=\ Protocol:2,,1:=\ + ServerAliveInterval:,,0:>\ StrictModes:YES,,NO:=\ - TCPKeepAlive:YES,,NO:=\ + TCPKeepAlive:NO,,YES:=\ UseDNS:YES,,NO:=\ UsePrivilegeSeparation:SANDBOX,YES,NO:=\ VerifyReverseMapping:YES,,NO:=\ - X11Forwarding:NO,,YES:=\ - MaxAuthTries:1,3,6:<\ - ClientAliveCountMax:2,4,16:<\ - ClientAliveInterval:300,600,900:<\ - Port:,,22:!\ - LoginGraceTime:120,240,480:<\ - MaxStartups:4,8,16:<\ - MaxSessions:2,4,8:<\ - PermitUserEnvironment:NO,,YES:=\ - GatewayPorts:NO,,YES:=\ - PermitTunnel:NO,,YES:=\ - AllowTcpForwarding:NO,LOCAL,YES:=" + X11Forwarding:NO,,YES:=" for I in ${SSHOPS}; do OPTIONNAME=`echo ${I} | cut -d ':' -f1` @@ -194,7 +195,7 @@ Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result "MEDIUM" --color YELLOW AddHP 1 3 elif [ "${RESULT}" = "WEAK" ]; then - LogText "Result: SSH option ${OPTIONNAME} is in a weak configuruation state and should be fixed" + LogText "Result: SSH option ${OPTIONNAME} is in a weak configuration state and should be fixed" #ReportWarning ${TEST_NO} "M" "Unsafe configured SSH option: ${OPTIONNAME}" ReportSuggestion ${TEST_NO} "Consider hardening SSH configuration" "${OPTIONNAME} (${FOUNDVALUE} --> ${EXPECTEDVALUE})" "-" Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result WARNING --color RED |