From a3b47055088895d9072087daf18e4d54dfcccb6a Mon Sep 17 00:00:00 2001
From: mboelen <michael@cisofy.com>
Date: Tue, 9 Feb 2016 12:54:47 +0100
Subject: Reordered SSH options, added ServerAliveInterval, changed
 TCPKeepAlive suggestion

---
 include/tests_ssh | 31 ++++++++++++++++---------------
 1 file changed, 16 insertions(+), 15 deletions(-)

(limited to 'include/tests_ssh')

diff --git a/include/tests_ssh b/include/tests_ssh
index 39e13eea..a1d79d3e 100644
--- a/include/tests_ssh
+++ b/include/tests_ssh
@@ -97,30 +97,31 @@
         ##
         ##      Example:
         ##      PermitRootLogin:NO,WITHOUT-PASSWORD,YES,:=
-        SSHOPS="Compression:NO,DELAYED,YES:=\
+        SSHOPS="AllowTcpForwarding:NO,LOCAL,YES:=\
+                ClientAliveCountMax:2,4,16:<\
+                ClientAliveInterval:300,600,900:<\
+                Compression:NO,DELAYED,YES:=\
                 FingerprintHash:SHA256,MD5,:=\
+                GatewayPorts:NO,,YES:=\
                 IgnoreRhosts:YES,,NO:=\
+                LoginGraceTime:120,240,480:<\
                 LogLevel:VERBOSE,INFO,:=\
+                MaxAuthTries:1,3,6:<\
+                MaxStartups:4,8,16:<\
+                MaxSessions:2,4,8:<\
                 PermitRootLogin:NO,WITHOUT-PASSWORD,YES:=\
+                PermitUserEnvironment:NO,,YES:=\
+                PermitTunnel:NO,,YES:=\
+                Port:,,22:!\
                 PrintLastLog:YES,,NO:=\
                 Protocol:2,,1:=\
+                ServerAliveInterval:,,0:>\
                 StrictModes:YES,,NO:=\
-                TCPKeepAlive:YES,,NO:=\
+                TCPKeepAlive:NO,,YES:=\
                 UseDNS:YES,,NO:=\
                 UsePrivilegeSeparation:SANDBOX,YES,NO:=\
                 VerifyReverseMapping:YES,,NO:=\
-                X11Forwarding:NO,,YES:=\
-                MaxAuthTries:1,3,6:<\
-                ClientAliveCountMax:2,4,16:<\
-                ClientAliveInterval:300,600,900:<\
-                Port:,,22:!\
-                LoginGraceTime:120,240,480:<\
-                MaxStartups:4,8,16:<\
-                MaxSessions:2,4,8:<\
-                PermitUserEnvironment:NO,,YES:=\
-                GatewayPorts:NO,,YES:=\
-                PermitTunnel:NO,,YES:=\
-                AllowTcpForwarding:NO,LOCAL,YES:="
+                X11Forwarding:NO,,YES:="
 
         for I in ${SSHOPS}; do
             OPTIONNAME=`echo ${I} | cut -d ':' -f1`
@@ -194,7 +195,7 @@
                 Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result "MEDIUM" --color YELLOW
                 AddHP 1 3
             elif [ "${RESULT}" = "WEAK" ]; then
-                LogText "Result: SSH option ${OPTIONNAME} is in a weak configuruation state and should be fixed"
+                LogText "Result: SSH option ${OPTIONNAME} is in a weak configuration state and should be fixed"
                 #ReportWarning ${TEST_NO} "M" "Unsafe configured SSH option: ${OPTIONNAME}"
                 ReportSuggestion ${TEST_NO} "Consider hardening SSH configuration" "${OPTIONNAME} (${FOUNDVALUE} --> ${EXPECTEDVALUE})" "-"
                 Display --indent 4 --text "- SSH option: ${OPTIONNAME}" --result WARNING --color RED
-- 
cgit v1.2.3