Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/CISOfy/lynis.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/include/tests_ssh
diff options
context:
space:
mode:
Diffstat (limited to 'include/tests_ssh')
-rw-r--r--include/tests_ssh50
1 files changed, 25 insertions, 25 deletions
diff --git a/include/tests_ssh b/include/tests_ssh
index b434d5fb..84fc1239 100644
--- a/include/tests_ssh
+++ b/include/tests_ssh
@@ -33,13 +33,13 @@
# Description : Check for a running SSH daemon
Register --test-no SSH-7402 --weight L --network NO --description "Check for running SSH daemon"
if [ ${SKIPTEST} -eq 0 ]; then
- logtext "Test: Searching for a SSH daemon..."
+ logtext "Test: Searching for a SSH daemon"
IsRunning sshd
if [ ${RUNNING} -eq 1 ]; then
SSH_DAEMON_RUNNING=1
- Display --indent 2 --text "- Checking running SSH daemon..." --result FOUND --color GREEN
+ Display --indent 2 --text "- Checking running SSH daemon" --result FOUND --color GREEN
else
- Display --indent 2 --text "- Checking running SSH daemon..." --result "NOT FOUND" --color WHITE
+ Display --indent 2 --text "- Checking running SSH daemon" --result "NOT FOUND" --color WHITE
fi
fi
#
@@ -70,11 +70,11 @@
done
if [ "${SSH_DAEMON_CONFIG}" = "" ]; then
logtext "Result: No sshd configuration found"
- Display --indent 4 --text "- Searching SSH configuration..." --result "NOT FOUND" --color YELLOW
+ Display --indent 4 --text "- Searching SSH configuration" --result "NOT FOUND" --color YELLOW
ReportException "${TEST_NO}:1" "SSH daemon is running, but no readable configuration file found"
else
logtext "Result: using last found configuration file: ${SSH_DAEMON_CONFIG}"
- Display --indent 4 --text "- Searching SSH configuration..." --result FOUND --color GREEN
+ Display --indent 4 --text "- Searching SSH configuration" --result FOUND --color GREEN
fi
fi
#
@@ -85,16 +85,16 @@
# if [ ${SSH_DAEMON_RUNNING} -eq 1 -a ! "${SSH_DAEMON_CONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
# Register --test-no SSH-7406 --preqs-met ${PREQS_MET} --weight L --network NO --description "SSH daemon listening port"
# if [ ${SKIPTEST} -eq 0 ]; then
-# logtext "Test: Searching for a SSH daemon..."
+# logtext "Test: Searching for a SSH daemon"
# CheckOption "^Port " ${SSH_DAEMON_CONFIG}
# if [ ${FOUND} -eq 1 ]; then
# FIND=`echo ${FIND} | awk '{ if ($1=="Port") { print $2 }}'`
# # Check if this output is numeric and usuable for later (e.g. in netstat output)
-# Display --indent 2 --text "- Checking SSH listening port..." --result FOUND --color GREEN
+# Display --indent 2 --text "- Checking SSH listening port" --result FOUND --color GREEN
# logtext "Result: setting port number to ${FIND}"
# SSH_DAEMON_PORT="${FIND}"
# else
-# Display --indent 2 --text "- Checking SSH listening port..." --result "NOT FOUND" --color WHITE
+# Display --indent 2 --text "- Checking SSH listening port" --result "NOT FOUND" --color WHITE
# logtext "Result: setting port to default number, as no other port has been configured"
# SSH_DAEMON_PORT="22"
# fi
@@ -113,7 +113,7 @@
I=`echo ${I} | sed 's/!space!/ /g'`
logtext "Found SSH option: ${I}"
done
- Display --indent 4 --text "- Checking defined SSH options..." --result "DONE" --color GREEN
+ Display --indent 4 --text "- Checking defined SSH options" --result "DONE" --color GREEN
fi
#
#################################################################################
@@ -127,18 +127,18 @@
FIND=`cat ${SSH_DAEMON_CONFIG} | grep "^PermitRootLogin" | awk '{ print $2 }'`
if [ "${FIND}" = "yes" -o "${FIND}" = "YES" -o "${FIND}" = "Yes" ]; then
logtext "Result: PermitRootLogin is enabled, root can login directly"
- Display --indent 4 --text "- SSH option: PermitRootLogin..." --result WARNING --color RED
+ Display --indent 4 --text "- SSH option: PermitRootLogin" --result WARNING --color RED
ReportWarning ${TEST_NO} "M" "Root can directly login via SSH"
AddHP 0 3
else
# YYY add test for DenyUsers root
if [ "${FIND}" = "no" -o "${FIND}" = "No" ]; then
logtext "Result: PermitRootLogin is disabled. Root can't login directly"
- Display --indent 4 --text "- SSH option: PermitRootLogin..." --result DISABLED --color GREEN
+ Display --indent 4 --text "- SSH option: PermitRootLogin" --result DISABLED --color GREEN
AddHP 3 3
else
logtext "Result: Value of PermitRootLogin is unknown (not defined)"
- Display --indent 4 --text "- SSH option: PermitRootLogin..." --result DEFAULT --color WHITE
+ Display --indent 4 --text "- SSH option: PermitRootLogin" --result DEFAULT --color WHITE
fi
fi
fi
@@ -154,17 +154,17 @@
FIND=`cat ${SSH_DAEMON_CONFIG} | grep "^Protocol" | awk '{ print $2 }'`
if [ "${FIND}" = "1" -o "${FIND}" = "2,1" -o "${FIND}" = "1,2" ]; then
logtext "Result: Protocol option is set to allow SSH protocol version 1"
- Display --indent 4 --text "- SSH option: Protocol..." --result WARNING --color RED
+ Display --indent 4 --text "- SSH option: Protocol" --result WARNING --color RED
ReportWarning ${TEST_NO} "M" "SSH protocol version 1 is allowed"
AddHP 0 3
else
if [ "${FIND}" = "2" ]; then
logtext "Result: only protocol 2 is allowed"
- Display --indent 4 --text "- SSH option: Protocol..." --result OK --color GREEN
+ Display --indent 4 --text "- SSH option: Protocol" --result OK --color GREEN
AddHP 3 3
else
logtext "Result: value of Protocol is unknown (not defined)"
- Display --indent 4 --text "- SSH option: Protocol..." --result DEFAULT --color WHITE
+ Display --indent 4 --text "- SSH option: Protocol" --result DEFAULT --color WHITE
fi
fi
fi
@@ -180,18 +180,18 @@
FIND=`cat ${SSH_DAEMON_CONFIG} | grep "^StrictModes" | awk '{ print $2 }'`
if [ "${FIND}" = "no" -o "${FIND}" = "NO" -o "${FIND}" = "No" ]; then
logtext "Result: StrictModes option is set to 'no', which means file permissions are NOT checked"
- Display --indent 4 --text "- SSH option: StrictModes..." --result WARNING --color RED
+ Display --indent 4 --text "- SSH option: StrictModes" --result WARNING --color RED
ReportWarning ${TEST_NO} "M" "StrictModes is turned off"
ReportSuggestion ${TEST_NO} "Check StrictModes option in sshd_config"
AddHP 0 3
else
if [ "${FIND}" = "yes" -o "${FIND}" = "YES" -o "${FIND}" = "Yes" ]; then
logtext "Result: StrictModes active, file permissions are checked"
- Display --indent 4 --text "- SSH option: StrictModes..." --result OK --color GREEN
+ Display --indent 4 --text "- SSH option: StrictModes" --result OK --color GREEN
AddHP 3 3
else
logtext "Result: value of StrictModes is unknown (not defined)"
- Display --indent 4 --text "- SSH option: StrictModes..." --result DEFAULT --color WHITE
+ Display --indent 4 --text "- SSH option: StrictModes" --result DEFAULT --color WHITE
fi
fi
fi
@@ -207,17 +207,17 @@
# FIND=`cat ${SSH_DAEMON_CONFIG} | grep "^Port" | awk '{ if ($2!="22") { print $2 } }'`
# if [ "${FIND}" = "1" -o "${FIND}" = "2,1" -o "${FIND}" = "1,2" ]; then
# logtext "Result: Protocol option is set to allow SSH protocol version 1"
-# Display --indent 4 --text "- SSH option: Protocol..." --result WARNING --color RED
+# Display --indent 4 --text "- SSH option: Protocol" --result WARNING --color RED
# ReportWarning ${TEST_NO} "M" "SSH protocol version 1 is allowed"
# AddHP 0 3
# else
# if [ "${FIND}" = "2" ]; then
# logtext "Result: only protocol 2 is allowed"
-# Display --indent 4 --text "- SSH option: Protocol..." --result OK --color GREEN
+# Display --indent 4 --text "- SSH option: Protocol" --result OK --color GREEN
# AddHP 3 3
# else
# logtext "Result: value of Protocol is unknown (not defined)"
-# Display --indent 4 --text "- SSH option: Protocol..." --result DEFAULT --color WHITE
+# Display --indent 4 --text "- SSH option: Protocol" --result DEFAULT --color WHITE
# fi
# fi
# fi
@@ -235,22 +235,22 @@
FIND=`egrep "^AllowUsers" ${SSH_DAEMON_CONFIG} | awk '{ print $2 }'`
if [ ! "${FIND}" = "" ]; then
logtext "Result: AllowUsers set, with value ${FIND}"
- Display --indent 4 --text "- SSH option: AllowUsers..." --result FOUND --color GREEN
+ Display --indent 4 --text "- SSH option: AllowUsers" --result FOUND --color GREEN
FOUND=1
else
logtext "Result: AllowUsers is not set"
- Display --indent 4 --text "- SSH option: AllowUsers..." --result "NOT FOUND" --color WHITE
+ Display --indent 4 --text "- SSH option: AllowUsers" --result "NOT FOUND" --color WHITE
fi
# AllowGroups
FIND=`egrep "^AllowGroups" ${SSH_DAEMON_CONFIG} | awk '{ print $2 }'`
if [ ! "${FIND}" = "" ]; then
logtext "Result: AllowUsers set ${FIND}"
- Display --indent 4 --text "- SSH option: AllowGroups..." --result FOUND --color GREEN
+ Display --indent 4 --text "- SSH option: AllowGroups" --result FOUND --color GREEN
FOUND=1
else
logtext "Result: AllowGroups is not set"
- Display --indent 4 --text "- SSH option: AllowGroups..." --result "NOT FOUND" --color WHITE
+ Display --indent 4 --text "- SSH option: AllowGroups" --result "NOT FOUND" --color WHITE
fi
if [ ${FOUND} -eq 1 ]; then
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-29 23:32:19 +0300