elie/debian-cis
1
0
Fork 0
mirror of https://github.com/ovh/debian-cis.git synced 2024-11-22 13:37:02 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix ovh/debian-cis:#25 (#28)

Browse Source 
Co-authored-by: Jeremy Denoun <jeremy.denoun@iguanesolutions.com>
This commit is contained in:
jeremydenoun 2021-01-21 16:01:34 +01:00 committed by GitHub
parent 4a652a94c6
commit 1c2e171655
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
26 changed files with 26 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bin/hardening/5.2.10_disable_root_login.sh
View File

@ -25,7 +25,7 @@ FILE='/etc/ssh/sshd_config'
audit() { audit() {
is_pkg_installed "$PACKAGE" is_pkg_installed "$PACKAGE"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
crit "$PACKAGE is not installed!" ok "$PACKAGE is not installed!"
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do

2
bin/hardening/5.2.11_disable_sshd_permitemptypasswords.sh
View File

@ -25,7 +25,7 @@ FILE='/etc/ssh/sshd_config'
audit() { audit() {
is_pkg_installed "$PACKAGE" is_pkg_installed "$PACKAGE"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
crit "$PACKAGE is not installed!" ok "$PACKAGE is not installed!"
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do

2
bin/hardening/5.2.12_disable_sshd_setenv.sh
View File

@ -25,7 +25,7 @@ FILE='/etc/ssh/sshd_config'
audit() { audit() {
is_pkg_installed "$PACKAGE" is_pkg_installed "$PACKAGE"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
crit "$PACKAGE is not installed!" ok "$PACKAGE is not installed!"
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do

2
bin/hardening/5.2.13_sshd_ciphers.sh
View File

@ -25,7 +25,7 @@ FILE='/etc/ssh/sshd_config'
audit() { audit() {
is_pkg_installed "$PACKAGE" is_pkg_installed "$PACKAGE"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
crit "$PACKAGE is not installed!" ok "$PACKAGE is not installed!"
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do

2
bin/hardening/5.2.14_ssh_cry_mac.sh
View File

@ -25,7 +25,7 @@ FILE='/etc/ssh/sshd_config'
audit() { audit() {
is_pkg_installed "$PACKAGE" is_pkg_installed "$PACKAGE"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
crit "$PACKAGE is not installed!" ok "$PACKAGE is not installed!"
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do

2
bin/hardening/5.2.15_ssh_cry_kex.sh
View File

@ -25,7 +25,7 @@ FILE='/etc/ssh/sshd_config'
audit() { audit() {
is_pkg_installed "$PACKAGE" is_pkg_installed "$PACKAGE"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
crit "$PACKAGE is not installed!" ok "$PACKAGE is not installed!"
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do

2
bin/hardening/5.2.16_sshd_idle_timeout.sh
View File

@ -25,7 +25,7 @@ FILE='/etc/ssh/sshd_config'
audit() { audit() {
is_pkg_installed "$PACKAGE" is_pkg_installed "$PACKAGE"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
crit "$PACKAGE is not installed!" ok "$PACKAGE is not installed!"
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do

2
bin/hardening/5.2.17_sshd_login_grace_time.sh
View File

@ -25,7 +25,7 @@ FILE='/etc/ssh/sshd_config'
audit() { audit() {
is_pkg_installed "$PACKAGE" is_pkg_installed "$PACKAGE"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
crit "$PACKAGE is not installed!" ok "$PACKAGE is not installed!"
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do

2
bin/hardening/5.2.18_sshd_limit_access.sh
View File

@ -25,7 +25,7 @@ audit() {
OPTIONS="AllowUsers='$ALLOWED_USERS' AllowGroups='$ALLOWED_GROUPS' DenyUsers='$DENIED_USERS' DenyGroups='$DENIED_GROUPS'" OPTIONS="AllowUsers='$ALLOWED_USERS' AllowGroups='$ALLOWED_GROUPS' DenyUsers='$DENIED_USERS' DenyGroups='$DENIED_GROUPS'"
is_pkg_installed "$PACKAGE" is_pkg_installed "$PACKAGE"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
crit "$PACKAGE is not installed!" ok "$PACKAGE is not installed!"
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do

2
bin/hardening/5.2.19_ssh_banner.sh
View File

@ -25,7 +25,7 @@ audit() {
OPTIONS="Banner=$BANNER_FILE" OPTIONS="Banner=$BANNER_FILE"
is_pkg_installed "$PACKAGE" is_pkg_installed "$PACKAGE"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
crit "$PACKAGE is not installed!" ok "$PACKAGE is not installed!"
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do

2
bin/hardening/5.2.20_enable_ssh_pam.sh
View File

@ -25,7 +25,7 @@ FILE='/etc/ssh/sshd_config'
audit() { audit() {
is_pkg_installed "$PACKAGE" is_pkg_installed "$PACKAGE"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
crit "$PACKAGE is not installed!" ok "$PACKAGE is not installed!"
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do

2
bin/hardening/5.2.21_disable_ssh_allow_tcp_forwarding.sh
View File

@ -25,7 +25,7 @@ FILE='/etc/ssh/sshd_config'
audit() { audit() {
is_pkg_installed "$PACKAGE" is_pkg_installed "$PACKAGE"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
crit "$PACKAGE is not installed!" ok "$PACKAGE is not installed!"
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do

2
bin/hardening/5.2.22_configure_ssh_max_startups.sh
View File

@ -25,7 +25,7 @@ FILE='/etc/ssh/sshd_config'
audit() { audit() {
is_pkg_installed "$PACKAGE" is_pkg_installed "$PACKAGE"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
crit "$PACKAGE is not installed!" ok "$PACKAGE is not installed!"
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do

2
bin/hardening/5.2.23_limit_ssh_max_sessions.sh
View File

@ -25,7 +25,7 @@ FILE='/etc/ssh/sshd_config'
audit() { audit() {
is_pkg_installed "$PACKAGE" is_pkg_installed "$PACKAGE"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
crit "$PACKAGE is not installed!" ok "$PACKAGE is not installed!"
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do

2
bin/hardening/5.2.4_sshd_protocol.sh
View File

@ -25,7 +25,7 @@ FILE='/etc/ssh/sshd_config'
audit() { audit() {
is_pkg_installed "$PACKAGE" is_pkg_installed "$PACKAGE"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
crit "$PACKAGE is not installed!" ok "$PACKAGE is not installed!"
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do

2
bin/hardening/5.2.5_sshd_loglevel.sh
View File

@ -26,7 +26,7 @@ FILE='/etc/ssh/sshd_config'
audit() { audit() {
is_pkg_installed "$PACKAGE" is_pkg_installed "$PACKAGE"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
crit "$PACKAGE is not installed!" ok "$PACKAGE is not installed!"
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do

2
bin/hardening/5.2.6_disable_x11_forwarding.sh
View File

@ -25,7 +25,7 @@ FILE='/etc/ssh/sshd_config'
audit() { audit() {
is_pkg_installed "$PACKAGE" is_pkg_installed "$PACKAGE"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
crit "$PACKAGE is not installed!" ok "$PACKAGE is not installed!"
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do

2
bin/hardening/5.2.7_sshd_maxauthtries.sh
View File

@ -25,7 +25,7 @@ FILE='/etc/ssh/sshd_config'
audit() { audit() {
is_pkg_installed "$PACKAGE" is_pkg_installed "$PACKAGE"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
crit "$PACKAGE is not installed!" ok "$PACKAGE is not installed!"
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do

2
bin/hardening/5.2.8_enable_sshd_ignorerhosts.sh
View File

@ -25,7 +25,7 @@ FILE='/etc/ssh/sshd_config'
audit() { audit() {
is_pkg_installed "$PACKAGE" is_pkg_installed "$PACKAGE"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
crit "$PACKAGE is not installed!" ok "$PACKAGE is not installed!"
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do

2
bin/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh
View File

@ -25,7 +25,7 @@ FILE='/etc/ssh/sshd_config'
audit() { audit() {
is_pkg_installed "$PACKAGE" is_pkg_installed "$PACKAGE"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
crit "$PACKAGE is not installed!" ok "$PACKAGE is not installed!"
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do

2
bin/hardening/99.5.2.1_ssh_auth_pubk_only.sh
View File

@ -25,7 +25,7 @@ OPTIONS='PubkeyAuthentication=yes PasswordAuthentication=no KbdInteractiveAuthen
audit() { audit() {
is_pkg_installed "$PACKAGE" is_pkg_installed "$PACKAGE"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
crit "$PACKAGE is not installed!" ok "$PACKAGE is not installed!"
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do

2
bin/hardening/99.5.2.2_ssh_cry_rekey.sh
View File

@ -40,7 +40,7 @@ audit() {
set -u set -u
is_pkg_installed "$PACKAGE" is_pkg_installed "$PACKAGE"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
crit "$PACKAGE is not installed!" ok "$PACKAGE is not installed!"
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do

2
bin/hardening/99.5.2.3_ssh_disable_features.sh
View File

@ -24,7 +24,7 @@ OPTIONS='AllowAgentForwarding=no AllowTcpForwarding=no AllowStreamLocalForwardin
audit() { audit() {
is_pkg_installed "$PACKAGE" is_pkg_installed "$PACKAGE"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
crit "$PACKAGE is not installed!" ok "$PACKAGE is not installed!"
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do

2
bin/hardening/99.5.2.5_ssh_strict_modes.sh
View File

@ -23,7 +23,7 @@ FILE='/etc/ssh/sshd_config'
audit() { audit() {
is_pkg_installed "$PACKAGE" is_pkg_installed "$PACKAGE"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
crit "$PACKAGE is not installed!" ok "$PACKAGE is not installed!"
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do

2
bin/hardening/99.5.2.6_ssh_sys_accept_env.sh
View File

@ -25,7 +25,7 @@ FILE='/etc/ssh/sshd_config'
audit() { audit() {
is_pkg_installed "$PACKAGE" is_pkg_installed "$PACKAGE"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
crit "$PACKAGE is not installed!" ok "$PACKAGE is not installed!"
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
does_pattern_exist_in_file_nocase "$FILE" "$PATTERN" does_pattern_exist_in_file_nocase "$FILE" "$PATTERN"

2
bin/hardening/99.5.2.8_ssh_sys_sandbox.sh
View File

@ -25,7 +25,7 @@ FILE='/etc/ssh/sshd_config'
audit() { audit() {
is_pkg_installed "$PACKAGE" is_pkg_installed "$PACKAGE"
if [ "$FNRET" != 0 ]; then if [ "$FNRET" != 0 ]; then
crit "$PACKAGE is not installed!" ok "$PACKAGE is not installed!"
else else
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
for SSH_OPTION in $OPTIONS; do for SSH_OPTION in $OPTIONS; do