diff options
| author | mboelen <michael@cisofy.com> | 2016-04-27 17:51:12 +0300 |
|---|---|---|
| committer | mboelen <michael@cisofy.com> | 2016-04-27 17:51:12 +0300 |
| commit | f109c318d9f03be9adad9067c31b93640401a903 (patch) | |
| tree | 37137b32ec37950397de5d6cafd16b9180fc6eed /include | |
| parent | 1825d91c852cf11c4ca52855cd2777a4f20593e3 (diff) | |
Detect when weak protocols are used, simplify nginx test
Diffstat (limited to 'include')
| -rw-r--r-- | include/consts | 1 | ||||
| -rw-r--r-- | include/functions | 22 | ||||
| -rw-r--r-- | include/tests_webservers | 3 |
3 files changed, 17 insertions, 9 deletions
diff --git a/include/consts b/include/consts index 4dd60428..6fba69b4 100644 --- a/include/consts +++ b/include/consts @@ -123,6 +123,7 @@ unset LANG NGINX_SSL_PROTOCOLS=0 NGINX_RETURN_FOUND=0 NGINX_ROOT_FOUND=0 + NGINX_WEAK_SSL_PROTOCOL_FOUND=0 NTPD_ROLE="" ORACLE_RUNNING=0 OS=""; OS_MODE="" diff --git a/include/functions b/include/functions index 83346f50..1e24813a 100644 --- a/include/functions +++ b/include/functions @@ -1415,6 +1415,12 @@ NGINX_SSL_PROTOCOLS=1 VALUE=`echo ${VALUE} | sed 's/;$//' | tr '[:upper:]' '[:lower:]'` for ITEM in ${VALUE}; do + LogText "Result: found protocol ${ITEM}" + case ${ITEM} in + "sslv2" | "sslv3") + NGINX_WEAK_SSL_PROTOCOL_FOUND=1 + ;; + esac Report "ssl_tls_protocol_enabled[]=${ITEM}" ReportDetails --service nginx --field protocol --value "${ITEM}" done @@ -1746,24 +1752,24 @@ case $1 in --description) shift - TEST_DESCRIPTION=$1 + TEST_DESCRIPTION="desc:$1;" ;; --field) shift - TEST_FIELD=$1 + TEST_FIELD="field:$1;" ;; --preferredvalue|--preferred-value) shift - TEST_PREFERRED_VALUE=$1 + TEST_PREFERRED_VALUE="prefval:$1;" ;; # Other details --other) shift - TEST_OTHER=$1 + TEST_OTHER="other:$1;" ;; --service) shift - TEST_SERVICE=$1 + TEST_SERVICE="service:$1;" ;; --test) shift @@ -1771,7 +1777,7 @@ ;; --value) shift - TEST_VALUE=$1 + TEST_VALUE="value:$1;" ;; *) @@ -1781,7 +1787,9 @@ esac shift # Go to next parameter done - Report "details[]=${TEST_ID}|service:${TEST_SERVICE}|desc:${TEST_DESCRIPTION};field:${TEST_FIELD};prefval:${TEST_PREFERRED_VALUE};value:${TEST_VALUE};other:${TEST_OTHER}|" + if [ "${TEST_ID}" = "" ]; then TEST_ID="-"; fi + if [ "${TEST_SERVICE}" = "" ]; then TEST_SERVICE="-"; fi + Report "details[]=${TEST_ID}|${TEST_SERVICE}|${TEST_DESCRIPTION}${TEST_FIELD}${TEST_PREFERRED_VALUE}${TEST_VALUE}${TEST_OTHER}|" } # Log exceptions diff --git a/include/tests_webservers b/include/tests_webservers index 7d0b3840..5f1fc101 100644 --- a/include/tests_webservers +++ b/include/tests_webservers @@ -504,8 +504,7 @@ if [ ${NGINX_SSL_PROTOCOLS} -eq 1 ]; then Display --indent 8 --text "- Protocols configured" --result "YES" --color GREEN - FIND=`${GREPBINARY} "ssl_protocols" ${NGINX_CONF_LOCATION} | ${GREPBINARY} "SSLv[123]"` - if [ "${FIND}" = "" ]; then + if [ ${NGINX_WEAK_SSL_PROTOCOL_FOUND} -eq 0 ]; then Display --indent 10 --text "- Insecure protocols found" --result "NO" --color GREEN else Display --indent 10 --text "- Insecure protocols found" --result "YES" --color RED |