Made adjustments to run in non-privileged scans

1 files changed, 95 insertions, 89 deletions

diff --git a/include/tests_ssh b/include/tests_ssh
index 91da5f0d..8905511b 100644
--- a/include/tests_ssh
+++ b/include/tests_ssh
@@ -59,17 +59,23 @@
                   ReportException "${TEST_NO}:01"
                   logtext "Result: we already had found another sshd_config file. Using this new file then."
               fi
-              FOUND=1
-	      SSH_DAEMON_CONFIG="${I}/sshd_config"
-	    fi
-	done
-	if [ "${SSH_DAEMON_CONFIG}" = "" ]; then
-	    logtext "Result: No sshd configuration found"
-	    Display --indent 4 --text "- Searching SSH configuration..." --result "NOT FOUND" --color YELLOW
-	  else
-	    logtext "Result: using last found configuration file: ${SSH_DAEMON_CONFIG}"
-	    Display --indent 4 --text "- Searching SSH configuration..." --result FOUND --color GREEN
-	fi
+              FileIsReadable ${I}/sshd_config
+              if [ ${CANREAD} -eq 1 ]; then
+                  FOUND=1
+                  SSH_DAEMON_CONFIG="${I}/sshd_config"
+                else
+                  logtext "Warning: can not read ${I}/sshd_config file"
+              fi
+            fi
+        done
+        if [ "${SSH_DAEMON_CONFIG}" = "" ]; then
+            logtext "Result: No sshd configuration found"
+            Display --indent 4 --text "- Searching SSH configuration..." --result "NOT FOUND" --color YELLOW
+            ReportException "${TEST_NO}:1" "SSH daemon is running, but no readable configuration file found"
+          else
+            logtext "Result: using last found configuration file: ${SSH_DAEMON_CONFIG}"
+            Display --indent 4 --text "- Searching SSH configuration..." --result FOUND --color GREEN
+        fi
     fi
 #
 #################################################################################
@@ -117,24 +123,24 @@
     if [ ${SSH_DAEMON_RUNNING} -eq 1 -a ! "${SSH_DAEMON_CONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
     Register --test-no SSH-7412 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check SSH option: PermitRootLogin"
     if [ ${SKIPTEST} -eq 0 ]; then
-	logtext "Test: check PermitRootLogin option"
-	FIND=`cat ${SSH_DAEMON_CONFIG} | grep "^PermitRootLogin" | awk '{ print $2 }'`
-	if [ "${FIND}" = "yes" -o "${FIND}" = "YES" -o "${FIND}" = "Yes" ]; then
-	    logtext "Result: PermitRootLogin is enabled, root can login directly"
-	    Display --indent 4 --text "- SSH option: PermitRootLogin..." --result WARNING --color RED
+        logtext "Test: check PermitRootLogin option"
+        FIND=`cat ${SSH_DAEMON_CONFIG} | grep "^PermitRootLogin" | awk '{ print $2 }'`
+        if [ "${FIND}" = "yes" -o "${FIND}" = "YES" -o "${FIND}" = "Yes" ]; then
+            logtext "Result: PermitRootLogin is enabled, root can login directly"
+            Display --indent 4 --text "- SSH option: PermitRootLogin..." --result WARNING --color RED
             ReportWarning ${TEST_NO} "M" "Root can directly login via SSH"
-	    AddHP 0 3
-	  else
-	    # YYY add test for DenyUsers root
-	    if [ "${FIND}" = "no" -o "${FIND}" = "No" ]; then
-	        logtext "Result: PermitRootLogin is disabled. Root can't login directly"
-	        Display --indent 4 --text "- SSH option: PermitRootLogin..." --result DISABLED --color GREEN
-		AddHP 3 3
-	      else	
-	        logtext "Result: Value of PermitRootLogin is unknown (not defined)"
-	        Display --indent 4 --text "- SSH option: PermitRootLogin..." --result DEFAULT --color WHITE
-	    fi
-	fi
+            AddHP 0 3
+          else
+            # YYY add test for DenyUsers root
+            if [ "${FIND}" = "no" -o "${FIND}" = "No" ]; then
+                logtext "Result: PermitRootLogin is disabled. Root can't login directly"
+                Display --indent 4 --text "- SSH option: PermitRootLogin..." --result DISABLED --color GREEN
+                AddHP 3 3
+              else
+                logtext "Result: Value of PermitRootLogin is unknown (not defined)"
+                Display --indent 4 --text "- SSH option: PermitRootLogin..." --result DEFAULT --color WHITE
+            fi
+        fi
     fi
 #
 #################################################################################
@@ -144,23 +150,23 @@
     if [ ${SSH_DAEMON_RUNNING} -eq 1 -a ! "${SSH_DAEMON_CONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
     Register --test-no SSH-7414 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check SSH option: Protocol"
     if [ ${SKIPTEST} -eq 0 ]; then
-	logtext "Test: check allowed SSH protocol versions"
-	FIND=`cat ${SSH_DAEMON_CONFIG} | grep "^Protocol" | awk '{ print $2 }'`
-	if [ "${FIND}" = "1" -o "${FIND}" = "2,1" -o "${FIND}" = "1,2" ]; then
-	    logtext "Result: Protocol option is set to allow SSH protocol version 1"
-	    Display --indent 4 --text "- SSH option: Protocol..." --result WARNING --color RED
+        logtext "Test: check allowed SSH protocol versions"
+        FIND=`cat ${SSH_DAEMON_CONFIG} | grep "^Protocol" | awk '{ print $2 }'`
+        if [ "${FIND}" = "1" -o "${FIND}" = "2,1" -o "${FIND}" = "1,2" ]; then
+            logtext "Result: Protocol option is set to allow SSH protocol version 1"
+            Display --indent 4 --text "- SSH option: Protocol..." --result WARNING --color RED
             ReportWarning ${TEST_NO} "M" "SSH protocol version 1 is allowed"
-	    AddHP 0 3
-	  else
-	    if [ "${FIND}" = "2" ]; then
-	        logtext "Result: only protocol 2 is allowed"
-	        Display --indent 4 --text "- SSH option: Protocol..." --result OK --color GREEN
-		AddHP 3 3
-	      else	
-	        logtext "Result: value of Protocol is unknown (not defined)"
-	        Display --indent 4 --text "- SSH option: Protocol..." --result DEFAULT --color WHITE
-	    fi
-	fi
+            AddHP 0 3
+          else
+            if [ "${FIND}" = "2" ]; then
+                logtext "Result: only protocol 2 is allowed"
+                Display --indent 4 --text "- SSH option: Protocol..." --result OK --color GREEN
+                AddHP 3 3
+              else
+                logtext "Result: value of Protocol is unknown (not defined)"
+                Display --indent 4 --text "- SSH option: Protocol..." --result DEFAULT --color WHITE
+            fi
+        fi
     fi
 #
 #################################################################################
@@ -170,24 +176,24 @@
     if [ ${SSH_DAEMON_RUNNING} -eq 1 -a ! "${SSH_DAEMON_CONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
     Register --test-no SSH-7416 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check SSH option: StrictModes"
     if [ ${SKIPTEST} -eq 0 ]; then
-	logtext "Test: Check configured StrictModes option"
-	FIND=`cat ${SSH_DAEMON_CONFIG} | grep "^StrictModes" | awk '{ print $2 }'`
-	if [ "${FIND}" = "no" -o "${FIND}" = "NO" -o "${FIND}" = "No" ]; then
-	    logtext "Result: StrictModes option is set to 'no', which means file permissions are NOT checked"
-	    Display --indent 4 --text "- SSH option: StrictModes..." --result WARNING --color RED
+        logtext "Test: Check configured StrictModes option"
+        FIND=`cat ${SSH_DAEMON_CONFIG} | grep "^StrictModes" | awk '{ print $2 }'`
+        if [ "${FIND}" = "no" -o "${FIND}" = "NO" -o "${FIND}" = "No" ]; then
+            logtext "Result: StrictModes option is set to 'no', which means file permissions are NOT checked"
+            Display --indent 4 --text "- SSH option: StrictModes..." --result WARNING --color RED
             ReportWarning ${TEST_NO} "M" "StrictModes is turned off"
-	    ReportSuggestion ${TEST_NO} "Check StrictModes option in sshd_config"
-	    AddHP 0 3
-	  else
-	    if [ "${FIND}" = "yes" -o "${FIND}" = "YES" -o "${FIND}" = "Yes" ]; then
-	        logtext "Result: StrictModes active, file permissions are checked"
-	        Display --indent 4 --text "- SSH option: StrictModes..." --result OK --color GREEN
-		AddHP 3 3
-	      else	
-	        logtext "Result: value of StrictModes is unknown (not defined)"
-	        Display --indent 4 --text "- SSH option: StrictModes..." --result DEFAULT --color WHITE
-	    fi
-	fi
+            ReportSuggestion ${TEST_NO} "Check StrictModes option in sshd_config"
+            AddHP 0 3
+          else
+            if [ "${FIND}" = "yes" -o "${FIND}" = "YES" -o "${FIND}" = "Yes" ]; then
+                logtext "Result: StrictModes active, file permissions are checked"
+                Display --indent 4 --text "- SSH option: StrictModes..." --result OK --color GREEN
+                AddHP 3 3
+              else
+                logtext "Result: value of StrictModes is unknown (not defined)"
+                Display --indent 4 --text "- SSH option: StrictModes..." --result DEFAULT --color WHITE
+            fi
+        fi
     fi
 #
 #################################################################################
@@ -225,35 +231,35 @@
     Register --test-no SSH-7440 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check SSH option: AllowUsers and AllowGroups"
     if [ ${SKIPTEST} -eq 0 ]; then
         FOUND=0
-	# AllowUsers
-	FIND=`egrep "^AllowUsers" ${SSH_DAEMON_CONFIG} | awk '{ print $2 }'`
-	if [ ! "${FIND}" = "" ]; then
-	    logtext "Result: AllowUsers set, with value ${FIND}"
-	    Display --indent 4 --text "- SSH option: AllowUsers..." --result FOUND --color GREEN
-	    FOUND=1
-	  else
-	    logtext "Result: AllowUsers is not set"
-	    Display --indent 4 --text "- SSH option: AllowUsers..." --result "NOT FOUND" --color WHITE
-	fi
-    
-	# AllowGroups
-	FIND=`egrep "^AllowGroups" ${SSH_DAEMON_CONFIG} | awk '{ print $2 }'`
-	if [ ! "${FIND}" = "" ]; then
-	    logtext "Result: AllowUsers set ${FIND}"
-	    Display --indent 4 --text "- SSH option: AllowGroups..." --result FOUND --color GREEN
-	    FOUND=1
-	  else
-	    logtext "Result: AllowGroups is not set"
-	    Display --indent 4 --text "- SSH option: AllowGroups..." --result "NOT FOUND" --color WHITE
-	fi
+        # AllowUsers
+        FIND=`egrep "^AllowUsers" ${SSH_DAEMON_CONFIG} | awk '{ print $2 }'`
+        if [ ! "${FIND}" = "" ]; then
+            logtext "Result: AllowUsers set, with value ${FIND}"
+            Display --indent 4 --text "- SSH option: AllowUsers..." --result FOUND --color GREEN
+            FOUND=1
+          else
+            logtext "Result: AllowUsers is not set"
+            Display --indent 4 --text "- SSH option: AllowUsers..." --result "NOT FOUND" --color WHITE
+        fi
+
+        # AllowGroups
+        FIND=`egrep "^AllowGroups" ${SSH_DAEMON_CONFIG} | awk '{ print $2 }'`
+        if [ ! "${FIND}" = "" ]; then
+            logtext "Result: AllowUsers set ${FIND}"
+            Display --indent 4 --text "- SSH option: AllowGroups..." --result FOUND --color GREEN
+            FOUND=1
+          else
+            logtext "Result: AllowGroups is not set"
+            Display --indent 4 --text "- SSH option: AllowGroups..." --result "NOT FOUND" --color WHITE
+        fi
 
-	if [ ${FOUND} -eq 1 ]; then
-	    logtext "Result: SSH is limited to a specific set of users, which is good"
-	    AddHP 2 2
-	  else
-	    logtext "Result: SSH has no specific user or group limitation. Most likely all valid users can SSH to this machine."
-	    AddHP 0 1
-	fi
+        if [ ${FOUND} -eq 1 ]; then
+            logtext "Result: SSH is limited to a specific set of users, which is good"
+            AddHP 2 2
+          else
+            logtext "Result: SSH has no specific user or group limitation. Most likely all valid users can SSH to this machine."
+            AddHP 0 1
+        fi
     fi
 #
 #################################################################################