mirror of
https://github.com/ovh/debian-cis.git
synced 2024-11-22 05:27:01 +01:00
Renum ssh config check 9.3.x to 5.2.x
Also renum 99.x checks that were included in CIS recommendations renamed: bin/hardening/9.3.8_disable_root_login.sh -> bin/hardening/5.2.10_disable_root_login.sh renamed: bin/hardening/9.3.9_disable_sshd_permitemptypasswords.sh -> bin/hardening/5.2.11_disable_sshd_permitemptypasswords.sh renamed: bin/hardening/9.3.10_disable_sshd_setenv.sh -> bin/hardening/5.2.12_disable_sshd_setenv.sh renamed: bin/hardening/9.3.11_sshd_ciphers.sh -> bin/hardening/5.2.13_sshd_ciphers.sh renamed: bin/hardening/99.5.2.2_ssh_cry_mac.sh -> bin/hardening/5.2.14_ssh_cry_mac.sh renamed: bin/hardening/99.5.2.1_ssh_cry_kex.sh -> bin/hardening/5.2.15_ssh_cry_kex.sh renamed: bin/hardening/9.3.12_sshd_idle_timeout.sh -> bin/hardening/5.2.16_sshd_idle_timeout.sh renamed: bin/hardening/9.3.13_sshd_limit_access.sh -> bin/hardening/5.2.18_sshd_limit_access.sh renamed: bin/hardening/9.3.14_ssh_banner.sh -> bin/hardening/5.2.19_ssh_banner.sh renamed: bin/hardening/9.3.3_sshd_conf_perm_ownership.sh -> bin/hardening/5.2.1_sshd_conf_perm_ownership.sh renamed: bin/hardening/9.3.1_sshd_protocol.sh -> bin/hardening/5.2.4_sshd_protocol.sh renamed: bin/hardening/9.3.2_sshd_loglevel.sh -> bin/hardening/5.2.5_sshd_loglevel.sh renamed: bin/hardening/9.3.4_disable_x11_forwarding.sh -> bin/hardening/5.2.6_disable_x11_forwarding.sh renamed: bin/hardening/9.3.5_sshd_maxauthtries.sh -> bin/hardening/5.2.7_sshd_maxauthtries.sh renamed: bin/hardening/9.3.6_enable_sshd_ignorerhosts.sh -> bin/hardening/5.2.8_enable_sshd_ignorerhosts.sh renamed: bin/hardening/9.3.7_disable_sshd_hostbasedauthentication.sh -> bin/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh renamed: tests/hardening/9.3.9_disable_sshd_permitemptypasswords.sh -> tests/hardening/5.2.10_disable_root_login.sh renamed: tests/hardening/9.3.8_disable_root_login.sh -> tests/hardening/5.2.11_disable_sshd_permitemptypasswords.sh renamed: tests/hardening/9.3.7_disable_sshd_hostbasedauthentication.sh -> tests/hardening/5.2.12_disable_sshd_setenv.sh renamed: tests/hardening/9.3.6_enable_sshd_ignorerhosts.sh -> tests/hardening/5.2.13_sshd_ciphers.sh renamed: tests/hardening/99.5.2.2_ssh_cry_mac.sh -> tests/hardening/5.2.14_ssh_cry_mac.sh renamed: tests/hardening/99.5.2.1_ssh_cry_kex.sh -> tests/hardening/5.2.15_ssh_cry_kex.sh renamed: tests/hardening/9.3.5_sshd_maxauthtries.sh -> tests/hardening/5.2.16_sshd_idle_timeout.sh renamed: tests/hardening/9.3.4_disable_x11_forwarding.sh -> tests/hardening/5.2.18_sshd_limit_access.sh renamed: tests/hardening/9.3.3_sshd_conf_perm_ownership.sh -> tests/hardening/5.2.19_ssh_banner.sh renamed: tests/hardening/9.3.1_sshd_protocol.sh -> tests/hardening/5.2.1_sshd_conf_perm_ownership.sh renamed: tests/hardening/9.3.14_ssh_banner.sh -> tests/hardening/5.2.4_sshd_protocol.sh renamed: tests/hardening/9.3.2_sshd_loglevel.sh -> tests/hardening/5.2.5_sshd_loglevel.sh renamed: tests/hardening/9.3.13_sshd_limit_access.sh -> tests/hardening/5.2.6_disable_x11_forwarding.sh renamed: tests/hardening/9.3.12_sshd_idle_timeout.sh -> tests/hardening/5.2.7_sshd_maxauthtries.sh renamed: tests/hardening/9.3.11_sshd_ciphers.sh -> tests/hardening/5.2.8_enable_sshd_ignorerhosts.sh renamed: tests/hardening/9.3.10_disable_sshd_setenv.sh -> tests/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh
This commit is contained in:
Charles Herlin
Thibault Ayanides
parent
c863a01305
commit
9e61ca8367
@ -5,7 +5,7 @@
|
||||
#
|
||||
|
||||
#
|
||||
# 9.3.8 Disable SSH Root Login (Scored)
|
||||
# 5.2.10 Ensure SSH root login is disabled (Scored)
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
||||
@ -5,7 +5,7 @@
|
||||
#
|
||||
|
||||
#
|
||||
# 9.3.9 Set SSH PermitEmptyPasswords to No (Scored)
|
||||
# 5.2.11 Ensure SSH PermitEmptyPasswords is disabled (Scored)
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
||||
@ -5,7 +5,7 @@
|
||||
#
|
||||
|
||||
#
|
||||
# 9.3.10 Do Not Allow Users to Set Environment Options (Scored)
|
||||
# 5.2.12 Ensure SSH PermitUserEnvironment is disabled (Scored)
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
||||
@ -5,7 +5,7 @@
|
||||
#
|
||||
|
||||
#
|
||||
# 9.3.11 Use Only Approved Cipher in Counter Mode (Scored)
|
||||
# 5.2.13 Ensure only strong ciphers are used (Scored)
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
||||
@ -6,7 +6,7 @@
|
||||
#
|
||||
|
||||
#
|
||||
# Checking Message Authentication Code ciphers for preferred UMAC and SHA-256|512 with Encrypt-Then-Mac (etm) setting.
|
||||
# 5.2.14 Ensure only strong MAC algorithms are used (Scored)
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
||||
@ -6,7 +6,7 @@
|
||||
#
|
||||
|
||||
#
|
||||
# Checking key exchange ciphers.
|
||||
# 5.2.15 Ensure only strong Key Exchange algorithms are used (Scored)
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
||||
@ -5,7 +5,7 @@
|
||||
#
|
||||
|
||||
#
|
||||
# 9.3.12 Set Idle Timeout Interval for User Login (Scored)
|
||||
# 5.2.16 Ensure SSH Idle Timeout Interval is configured (Scored)
|
||||
# FIXME: the implementation of this script doesn't do what it says
|
||||
#
|
||||
|
||||
@ -76,7 +76,7 @@ create_config() {
|
||||
status=audit
|
||||
# In seconds, value of ClientAliveInterval, ClientAliveCountMax bedoing set to 0
|
||||
# Settles sshd idle timeout
|
||||
SSHD_TIMEOUT=900
|
||||
SSHD_TIMEOUT=300
|
||||
EOF
|
||||
}
|
||||
|
||||
@ -5,7 +5,7 @@
|
||||
#
|
||||
|
||||
#
|
||||
# 9.3.13 Limit Access via SSH (Scored)
|
||||
# 5.2.18 Ensure SSH access is limited (Scored)
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
||||
@ -5,7 +5,7 @@
|
||||
#
|
||||
|
||||
#
|
||||
# 9.3.14 Set SSH Banner (Scored)
|
||||
# 5.2.19 Ensure SSH warning banner is configured (Scored)
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
||||
@ -5,7 +5,7 @@
|
||||
#
|
||||
|
||||
#
|
||||
# 9.3.3 Set Permissions on /etc/ssh/sshd_config (Scored)
|
||||
# 5.2.1 Ensure permissions on /etc/ssh/sshd_config are configured (Scored)
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
||||
@ -5,7 +5,7 @@
|
||||
#
|
||||
|
||||
#
|
||||
# 9.3.1 Set SSH Protocol to 2 (Scored)
|
||||
# 5.2.4 Ensure SSH Protocol is set to 2 (Scored)
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
||||
@ -6,7 +6,7 @@
|
||||
#
|
||||
|
||||
#
|
||||
# 9.3.2 Set LogLevel to INFO (Scored)
|
||||
# 5.2.5 Ensure SSH LogLevel is appropriate (Scored)
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
||||
@ -5,7 +5,7 @@
|
||||
#
|
||||
|
||||
#
|
||||
# 9.3.4 Disable SSH X11 Forwarding (Scored)
|
||||
# 5.2.6 Ensure SSH X11 forwarding is disabled (Scored)
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
||||
@ -5,7 +5,7 @@
|
||||
#
|
||||
|
||||
#
|
||||
# 9.3.5 Set SSH MaxAuthTries to 4 or Less (Scored)
|
||||
# 5.2.7 Ensure SSH MaxAuthTries is set to 4 or less (Scored)
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
||||
@ -5,7 +5,7 @@
|
||||
#
|
||||
|
||||
#
|
||||
# 9.3.6 Set SSH IgnoreRhosts to Yes (Scored)
|
||||
# 5.2.8 Set SSH IgnoreRhosts to Yes (Scored)
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
||||
@ -5,7 +5,7 @@
|
||||
#
|
||||
|
||||
#
|
||||
# 9.3.7 Set SSH HostbasedAuthentication to No (Scored)
|
||||
# 5.2.9 Ensure SSH HostbasedAuthentication is disabled (Scored)
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
||||
Loading…
Reference in New Issue
Block a user