From 8031c388c64ae7059d32486deddf06f4a9425ee8 Mon Sep 17 00:00:00 2001
From: Charles Herlin <charles.herlin@corp.ovh.com>
Date: Mon, 25 Feb 2019 15:16:02 +0100
Subject: [PATCH] IMP(9.3.2): Comply with Debian9 guide: verbose ssh loglevel

---
 bin/hardening/9.3.2_sshd_loglevel.sh   | 10 ++++++----
 tests/hardening/9.3.2_sshd_loglevel.sh |  2 +-
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/bin/hardening/9.3.2_sshd_loglevel.sh b/bin/hardening/9.3.2_sshd_loglevel.sh
index e835ea7..1ab98a1 100755
--- a/bin/hardening/9.3.2_sshd_loglevel.sh
+++ b/bin/hardening/9.3.2_sshd_loglevel.sh
@@ -19,6 +19,7 @@ DESCRIPTION="Set LogLevel to INFO for SSH."
 
 PACKAGE='openssh-server'
 OPTIONS=''
+OPTIONS_TO_APPLY=''
 FILE='/etc/ssh/sshd_config'
 
 # This function will be called if the script status is on enabled / audit mode
@@ -32,7 +33,7 @@ audit () {
             SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
             SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
             PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
-            does_pattern_exist_in_file $FILE "$PATTERN"
+            does_pattern_exist_in_file_nocase $FILE "$PATTERN"
             if [ "$FNRET" = 0 ]; then
                 ok "$PATTERN is present in $FILE"
             else
@@ -51,11 +52,11 @@ apply () {
         crit "$PACKAGE is absent, installing it"
         apt_install $PACKAGE
     fi
-    for SSH_OPTION in $OPTIONS; do
+    for SSH_OPTION in $OPTIONS_TO_APPLY; do
             SSH_PARAM=$(echo $SSH_OPTION | cut -d= -f 1)
             SSH_VALUE=$(echo $SSH_OPTION | cut -d= -f 2)
             PATTERN="^$SSH_PARAM[[:space:]]*$SSH_VALUE"
-            does_pattern_exist_in_file $FILE "$PATTERN"
+            does_pattern_exist_in_file_nocase $FILE "$PATTERN"
             if [ "$FNRET" = 0 ]; then
                 ok "$PATTERN is present in $FILE"
             else
@@ -78,7 +79,8 @@ create_config() {
 # shellcheck disable=2034
 status=audit
 # Put here your loglevel for ssh
-OPTIONS='LogLevel=INFO'
+OPTIONS='LogLevel=(INFO|VERBOSE)'
+OPTIONS_TO_APPLY='LogLevel=VERBOSE'
 EOF
 }
 
diff --git a/tests/hardening/9.3.2_sshd_loglevel.sh b/tests/hardening/9.3.2_sshd_loglevel.sh
index a12356a..0f6a4ca 100644
--- a/tests/hardening/9.3.2_sshd_loglevel.sh
+++ b/tests/hardening/9.3.2_sshd_loglevel.sh
@@ -14,7 +14,7 @@ test_audit() {
     run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
 
     echo "OPTIONS='LogLevel=DEBUG'" >> /opt/debian-cis/etc/conf.d/"${script}".cfg
-    sed -i 's/LogLevel INFO/LogLevel DEBUG/' /etc/ssh/sshd_config
+    sed -i 's/LogLevel VERBOSE/LogLevel DEBUG/' /etc/ssh/sshd_config
 
     describe Checking custom conf
     register_test retvalshouldbe 0