elie/debian-cis
1
0
Fork 0
mirror of https://github.com/ovh/debian-cis.git synced 2025-06-21 18:23:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

Allow multiple exception users to be defined for 99.5.2.4_ssh_keys_from (#221)

Browse Source 
* allow multiple exception users for 99.5.2.4
This commit is contained in:
lgaida
2023-12-27 13:42:10 +01:00
committed by GitHub
parent 73616af4eb
commit 5313799193
2 changed files with 27 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
bin/hardening/99.5.2.4_ssh_keys_from.sh
View File

@ -26,7 +26,7 @@ AUTHKEYFILE_PATTERN_DEFAULT=".ssh/authorized_keys .ssh/authorized_keys2"
ALLOWED_IPS=""
USERS_TO_CHECK=""
EXCEPTION_USER=""
EXCEPTION_USERS=""
ALLOWED_NOLOGIN_SHELLS="/bin/false /usr/sbin/nologin"
@ -137,7 +137,10 @@ audit() {
continue
else
info "User $user has a valid shell ($shell)."
if [ "$user" = "root" ] && [ "$user" != "$EXCEPTION_USER" ]; then
if grep -qw "$user" <<<"$EXCEPTION_USERS"; then
info "User $user is named in EXEPTION_USERS and is thus skipped from check."
continue
elif [ "$user" = "root" ]; then
check_dir /root
continue
elif $SUDO_CMD [ ! -d /home/"$user" ]; then
@ -164,7 +167,7 @@ status=audit
# Put authorized IPs you want to allow in "from" field of authorized_keys
ALLOWED_IPS=""
USERS_TO_CHECK=""
EXCEPTION_USER=""
EXCEPTION_USERS=""
EOF
}