diff options
Diffstat (limited to 'include/tests_ssh')
-rw-r--r-- | include/tests_ssh | 50 |
1 files changed, 25 insertions, 25 deletions
diff --git a/include/tests_ssh b/include/tests_ssh index b434d5fb..84fc1239 100644 --- a/include/tests_ssh +++ b/include/tests_ssh @@ -33,13 +33,13 @@ # Description : Check for a running SSH daemon Register --test-no SSH-7402 --weight L --network NO --description "Check for running SSH daemon" if [ ${SKIPTEST} -eq 0 ]; then - logtext "Test: Searching for a SSH daemon..." + logtext "Test: Searching for a SSH daemon" IsRunning sshd if [ ${RUNNING} -eq 1 ]; then SSH_DAEMON_RUNNING=1 - Display --indent 2 --text "- Checking running SSH daemon..." --result FOUND --color GREEN + Display --indent 2 --text "- Checking running SSH daemon" --result FOUND --color GREEN else - Display --indent 2 --text "- Checking running SSH daemon..." --result "NOT FOUND" --color WHITE + Display --indent 2 --text "- Checking running SSH daemon" --result "NOT FOUND" --color WHITE fi fi # @@ -70,11 +70,11 @@ done if [ "${SSH_DAEMON_CONFIG}" = "" ]; then logtext "Result: No sshd configuration found" - Display --indent 4 --text "- Searching SSH configuration..." --result "NOT FOUND" --color YELLOW + Display --indent 4 --text "- Searching SSH configuration" --result "NOT FOUND" --color YELLOW ReportException "${TEST_NO}:1" "SSH daemon is running, but no readable configuration file found" else logtext "Result: using last found configuration file: ${SSH_DAEMON_CONFIG}" - Display --indent 4 --text "- Searching SSH configuration..." --result FOUND --color GREEN + Display --indent 4 --text "- Searching SSH configuration" --result FOUND --color GREEN fi fi # @@ -85,16 +85,16 @@ # if [ ${SSH_DAEMON_RUNNING} -eq 1 -a ! "${SSH_DAEMON_CONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi # Register --test-no SSH-7406 --preqs-met ${PREQS_MET} --weight L --network NO --description "SSH daemon listening port" # if [ ${SKIPTEST} -eq 0 ]; then -# logtext "Test: Searching for a SSH daemon..." +# logtext "Test: Searching for a SSH daemon" # CheckOption "^Port " ${SSH_DAEMON_CONFIG} # if [ ${FOUND} -eq 1 ]; then # FIND=`echo ${FIND} | awk '{ if ($1=="Port") { print $2 }}'` # # Check if this output is numeric and usuable for later (e.g. in netstat output) -# Display --indent 2 --text "- Checking SSH listening port..." --result FOUND --color GREEN +# Display --indent 2 --text "- Checking SSH listening port" --result FOUND --color GREEN # logtext "Result: setting port number to ${FIND}" # SSH_DAEMON_PORT="${FIND}" # else -# Display --indent 2 --text "- Checking SSH listening port..." --result "NOT FOUND" --color WHITE +# Display --indent 2 --text "- Checking SSH listening port" --result "NOT FOUND" --color WHITE # logtext "Result: setting port to default number, as no other port has been configured" # SSH_DAEMON_PORT="22" # fi @@ -113,7 +113,7 @@ I=`echo ${I} | sed 's/!space!/ /g'` logtext "Found SSH option: ${I}" done - Display --indent 4 --text "- Checking defined SSH options..." --result "DONE" --color GREEN + Display --indent 4 --text "- Checking defined SSH options" --result "DONE" --color GREEN fi # ################################################################################# @@ -127,18 +127,18 @@ FIND=`cat ${SSH_DAEMON_CONFIG} | grep "^PermitRootLogin" | awk '{ print $2 }'` if [ "${FIND}" = "yes" -o "${FIND}" = "YES" -o "${FIND}" = "Yes" ]; then logtext "Result: PermitRootLogin is enabled, root can login directly" - Display --indent 4 --text "- SSH option: PermitRootLogin..." --result WARNING --color RED + Display --indent 4 --text "- SSH option: PermitRootLogin" --result WARNING --color RED ReportWarning ${TEST_NO} "M" "Root can directly login via SSH" AddHP 0 3 else # YYY add test for DenyUsers root if [ "${FIND}" = "no" -o "${FIND}" = "No" ]; then logtext "Result: PermitRootLogin is disabled. Root can't login directly" - Display --indent 4 --text "- SSH option: PermitRootLogin..." --result DISABLED --color GREEN + Display --indent 4 --text "- SSH option: PermitRootLogin" --result DISABLED --color GREEN AddHP 3 3 else logtext "Result: Value of PermitRootLogin is unknown (not defined)" - Display --indent 4 --text "- SSH option: PermitRootLogin..." --result DEFAULT --color WHITE + Display --indent 4 --text "- SSH option: PermitRootLogin" --result DEFAULT --color WHITE fi fi fi @@ -154,17 +154,17 @@ FIND=`cat ${SSH_DAEMON_CONFIG} | grep "^Protocol" | awk '{ print $2 }'` if [ "${FIND}" = "1" -o "${FIND}" = "2,1" -o "${FIND}" = "1,2" ]; then logtext "Result: Protocol option is set to allow SSH protocol version 1" - Display --indent 4 --text "- SSH option: Protocol..." --result WARNING --color RED + Display --indent 4 --text "- SSH option: Protocol" --result WARNING --color RED ReportWarning ${TEST_NO} "M" "SSH protocol version 1 is allowed" AddHP 0 3 else if [ "${FIND}" = "2" ]; then logtext "Result: only protocol 2 is allowed" - Display --indent 4 --text "- SSH option: Protocol..." --result OK --color GREEN + Display --indent 4 --text "- SSH option: Protocol" --result OK --color GREEN AddHP 3 3 else logtext "Result: value of Protocol is unknown (not defined)" - Display --indent 4 --text "- SSH option: Protocol..." --result DEFAULT --color WHITE + Display --indent 4 --text "- SSH option: Protocol" --result DEFAULT --color WHITE fi fi fi @@ -180,18 +180,18 @@ FIND=`cat ${SSH_DAEMON_CONFIG} | grep "^StrictModes" | awk '{ print $2 }'` if [ "${FIND}" = "no" -o "${FIND}" = "NO" -o "${FIND}" = "No" ]; then logtext "Result: StrictModes option is set to 'no', which means file permissions are NOT checked" - Display --indent 4 --text "- SSH option: StrictModes..." --result WARNING --color RED + Display --indent 4 --text "- SSH option: StrictModes" --result WARNING --color RED ReportWarning ${TEST_NO} "M" "StrictModes is turned off" ReportSuggestion ${TEST_NO} "Check StrictModes option in sshd_config" AddHP 0 3 else if [ "${FIND}" = "yes" -o "${FIND}" = "YES" -o "${FIND}" = "Yes" ]; then logtext "Result: StrictModes active, file permissions are checked" - Display --indent 4 --text "- SSH option: StrictModes..." --result OK --color GREEN + Display --indent 4 --text "- SSH option: StrictModes" --result OK --color GREEN AddHP 3 3 else logtext "Result: value of StrictModes is unknown (not defined)" - Display --indent 4 --text "- SSH option: StrictModes..." --result DEFAULT --color WHITE + Display --indent 4 --text "- SSH option: StrictModes" --result DEFAULT --color WHITE fi fi fi @@ -207,17 +207,17 @@ # FIND=`cat ${SSH_DAEMON_CONFIG} | grep "^Port" | awk '{ if ($2!="22") { print $2 } }'` # if [ "${FIND}" = "1" -o "${FIND}" = "2,1" -o "${FIND}" = "1,2" ]; then # logtext "Result: Protocol option is set to allow SSH protocol version 1" -# Display --indent 4 --text "- SSH option: Protocol..." --result WARNING --color RED +# Display --indent 4 --text "- SSH option: Protocol" --result WARNING --color RED # ReportWarning ${TEST_NO} "M" "SSH protocol version 1 is allowed" # AddHP 0 3 # else # if [ "${FIND}" = "2" ]; then # logtext "Result: only protocol 2 is allowed" -# Display --indent 4 --text "- SSH option: Protocol..." --result OK --color GREEN +# Display --indent 4 --text "- SSH option: Protocol" --result OK --color GREEN # AddHP 3 3 # else # logtext "Result: value of Protocol is unknown (not defined)" -# Display --indent 4 --text "- SSH option: Protocol..." --result DEFAULT --color WHITE +# Display --indent 4 --text "- SSH option: Protocol" --result DEFAULT --color WHITE # fi # fi # fi @@ -235,22 +235,22 @@ FIND=`egrep "^AllowUsers" ${SSH_DAEMON_CONFIG} | awk '{ print $2 }'` if [ ! "${FIND}" = "" ]; then logtext "Result: AllowUsers set, with value ${FIND}" - Display --indent 4 --text "- SSH option: AllowUsers..." --result FOUND --color GREEN + Display --indent 4 --text "- SSH option: AllowUsers" --result FOUND --color GREEN FOUND=1 else logtext "Result: AllowUsers is not set" - Display --indent 4 --text "- SSH option: AllowUsers..." --result "NOT FOUND" --color WHITE + Display --indent 4 --text "- SSH option: AllowUsers" --result "NOT FOUND" --color WHITE fi # AllowGroups FIND=`egrep "^AllowGroups" ${SSH_DAEMON_CONFIG} | awk '{ print $2 }'` if [ ! "${FIND}" = "" ]; then logtext "Result: AllowUsers set ${FIND}" - Display --indent 4 --text "- SSH option: AllowGroups..." --result FOUND --color GREEN + Display --indent 4 --text "- SSH option: AllowGroups" --result FOUND --color GREEN FOUND=1 else logtext "Result: AllowGroups is not set" - Display --indent 4 --text "- SSH option: AllowGroups..." --result "NOT FOUND" --color WHITE + Display --indent 4 --text "- SSH option: AllowGroups" --result "NOT FOUND" --color WHITE fi if [ ${FOUND} -eq 1 ]; then |