mirror of
https://github.com/ovh/debian-cis.git
synced 2025-06-22 02:33:42 +02:00
FIX(99.5.4): fix regex to allow other authkey options than "from"
This commit is contained in:
@ -19,22 +19,26 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
run emptyauthkey /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
ssh-keygen -t ed25519 -f /tmp/key1
|
||||
ssh-keygen -N "" -t ed25519 -f /tmp/key1
|
||||
cat /tmp/key1.pub >> /home/secaudit/.ssh/authorized_keys2
|
||||
describe Key without from field
|
||||
register_test retvalshouldbe 1
|
||||
run keynofrom /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
echo -n 'from="127.0.0.1" ' > /home/secaudit/.ssh/authorized_keys2
|
||||
cat /tmp/key1.pub >> /home/secaudit/.ssh/authorized_keys2
|
||||
{
|
||||
echo -n 'from="127.0.0.1" ';
|
||||
cat /tmp/key1.pub;
|
||||
} > /home/secaudit/.ssh/authorized_keys2
|
||||
describe Key with from, no ip check
|
||||
register_test retvalshouldbe 0
|
||||
run keyfrom /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
# shellcheck disable=2016
|
||||
echo 'ALLOWED_IPS="$ALLOWED_IPS 127.0.0.1"' >> /opt/debian-cis/etc/conf.d/"${script}".cfg
|
||||
echo -n 'from="10.0.1.2" ' >> /home/secaudit/.ssh/authorized_keys2
|
||||
cat /tmp/key1.pub >> /home/secaudit/.ssh/authorized_keys2
|
||||
{
|
||||
echo -n 'from="10.0.1.2" ';
|
||||
cat /tmp/key1.pub;
|
||||
} >> /home/secaudit/.ssh/authorized_keys2
|
||||
describe Key with from, filled allowed IPs, one bad ip
|
||||
register_test retvalshouldbe 1
|
||||
run badfromip /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
@ -45,6 +49,18 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
run allwdfromip /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
# shellcheck disable=2016
|
||||
echo 'ALLOWED_IPS="$ALLOWED_IPS 127.0.0.1,10.2.3.1"' >> /opt/debian-cis/etc/conf.d/"${script}".cfg
|
||||
{
|
||||
echo -n 'from="10.0.1.2",command="echo bla" ';
|
||||
cat /tmp/key1.pub;
|
||||
echo -n 'command="echo bla,from="10.0.1.2,10.2.3.1"" ';
|
||||
cat /tmp/key1.pub;
|
||||
} >> /home/secaudit/.ssh/authorized_keys2
|
||||
describe Key with from and command options
|
||||
register_test retvalshouldbe 0
|
||||
run keyfromcommand /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
useradd -s /bin/bash -m jeantest2
|
||||
# shellcheck disable=2016
|
||||
echo 'USERS_TO_CHECK="jeantest2 secaudit"' >> /opt/debian-cis/etc/conf.d/"${script}".cfg
|
||||
|
Reference in New Issue
Block a user