From 9e61ca8367dd5b20c7b1be602771c4f2249336da Mon Sep 17 00:00:00 2001
From: Charles Herlin <charles.herlin@corp.ovh.com>
Date: Wed, 11 Sep 2019 17:12:54 +0200
Subject: [PATCH] Renum ssh config check 9.3.x to 5.2.x

Also renum 99.x checks that were included in CIS recommendations

	renamed:    bin/hardening/9.3.8_disable_root_login.sh -> bin/hardening/5.2.10_disable_root_login.sh
	renamed:    bin/hardening/9.3.9_disable_sshd_permitemptypasswords.sh -> bin/hardening/5.2.11_disable_sshd_permitemptypasswords.sh
	renamed:    bin/hardening/9.3.10_disable_sshd_setenv.sh -> bin/hardening/5.2.12_disable_sshd_setenv.sh
	renamed:    bin/hardening/9.3.11_sshd_ciphers.sh -> bin/hardening/5.2.13_sshd_ciphers.sh
	renamed:    bin/hardening/99.5.2.2_ssh_cry_mac.sh -> bin/hardening/5.2.14_ssh_cry_mac.sh
	renamed:    bin/hardening/99.5.2.1_ssh_cry_kex.sh -> bin/hardening/5.2.15_ssh_cry_kex.sh
	renamed:    bin/hardening/9.3.12_sshd_idle_timeout.sh -> bin/hardening/5.2.16_sshd_idle_timeout.sh
	renamed:    bin/hardening/9.3.13_sshd_limit_access.sh -> bin/hardening/5.2.18_sshd_limit_access.sh
	renamed:    bin/hardening/9.3.14_ssh_banner.sh -> bin/hardening/5.2.19_ssh_banner.sh
	renamed:    bin/hardening/9.3.3_sshd_conf_perm_ownership.sh -> bin/hardening/5.2.1_sshd_conf_perm_ownership.sh
	renamed:    bin/hardening/9.3.1_sshd_protocol.sh -> bin/hardening/5.2.4_sshd_protocol.sh
	renamed:    bin/hardening/9.3.2_sshd_loglevel.sh -> bin/hardening/5.2.5_sshd_loglevel.sh
	renamed:    bin/hardening/9.3.4_disable_x11_forwarding.sh -> bin/hardening/5.2.6_disable_x11_forwarding.sh
	renamed:    bin/hardening/9.3.5_sshd_maxauthtries.sh -> bin/hardening/5.2.7_sshd_maxauthtries.sh
	renamed:    bin/hardening/9.3.6_enable_sshd_ignorerhosts.sh -> bin/hardening/5.2.8_enable_sshd_ignorerhosts.sh
	renamed:    bin/hardening/9.3.7_disable_sshd_hostbasedauthentication.sh -> bin/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh
	renamed:    tests/hardening/9.3.9_disable_sshd_permitemptypasswords.sh -> tests/hardening/5.2.10_disable_root_login.sh
	renamed:    tests/hardening/9.3.8_disable_root_login.sh -> tests/hardening/5.2.11_disable_sshd_permitemptypasswords.sh
	renamed:    tests/hardening/9.3.7_disable_sshd_hostbasedauthentication.sh -> tests/hardening/5.2.12_disable_sshd_setenv.sh
	renamed:    tests/hardening/9.3.6_enable_sshd_ignorerhosts.sh -> tests/hardening/5.2.13_sshd_ciphers.sh
	renamed:    tests/hardening/99.5.2.2_ssh_cry_mac.sh -> tests/hardening/5.2.14_ssh_cry_mac.sh
	renamed:    tests/hardening/99.5.2.1_ssh_cry_kex.sh -> tests/hardening/5.2.15_ssh_cry_kex.sh
	renamed:    tests/hardening/9.3.5_sshd_maxauthtries.sh -> tests/hardening/5.2.16_sshd_idle_timeout.sh
	renamed:    tests/hardening/9.3.4_disable_x11_forwarding.sh -> tests/hardening/5.2.18_sshd_limit_access.sh
	renamed:    tests/hardening/9.3.3_sshd_conf_perm_ownership.sh -> tests/hardening/5.2.19_ssh_banner.sh
	renamed:    tests/hardening/9.3.1_sshd_protocol.sh -> tests/hardening/5.2.1_sshd_conf_perm_ownership.sh
	renamed:    tests/hardening/9.3.14_ssh_banner.sh -> tests/hardening/5.2.4_sshd_protocol.sh
	renamed:    tests/hardening/9.3.2_sshd_loglevel.sh -> tests/hardening/5.2.5_sshd_loglevel.sh
	renamed:    tests/hardening/9.3.13_sshd_limit_access.sh -> tests/hardening/5.2.6_disable_x11_forwarding.sh
	renamed:    tests/hardening/9.3.12_sshd_idle_timeout.sh -> tests/hardening/5.2.7_sshd_maxauthtries.sh
	renamed:    tests/hardening/9.3.11_sshd_ciphers.sh -> tests/hardening/5.2.8_enable_sshd_ignorerhosts.sh
	renamed:    tests/hardening/9.3.10_disable_sshd_setenv.sh -> tests/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh
---
 ...3.8_disable_root_login.sh => 5.2.10_disable_root_login.sh} | 2 +-
 ...sswords.sh => 5.2.11_disable_sshd_permitemptypasswords.sh} | 2 +-
 ...0_disable_sshd_setenv.sh => 5.2.12_disable_sshd_setenv.sh} | 2 +-
 .../{9.3.11_sshd_ciphers.sh => 5.2.13_sshd_ciphers.sh}        | 2 +-
 .../{99.5.2.2_ssh_cry_mac.sh => 5.2.14_ssh_cry_mac.sh}        | 2 +-
 .../{99.5.2.1_ssh_cry_kex.sh => 5.2.15_ssh_cry_kex.sh}        | 2 +-
 ....3.12_sshd_idle_timeout.sh => 5.2.16_sshd_idle_timeout.sh} | 4 ++--
 ....3.13_sshd_limit_access.sh => 5.2.18_sshd_limit_access.sh} | 2 +-
 bin/hardening/{9.3.14_ssh_banner.sh => 5.2.19_ssh_banner.sh}  | 2 +-
 ...nf_perm_ownership.sh => 5.2.1_sshd_conf_perm_ownership.sh} | 2 +-
 .../{9.3.1_sshd_protocol.sh => 5.2.4_sshd_protocol.sh}        | 2 +-
 .../{9.3.2_sshd_loglevel.sh => 5.2.5_sshd_loglevel.sh}        | 2 +-
 ...able_x11_forwarding.sh => 5.2.6_disable_x11_forwarding.sh} | 2 +-
 ...{9.3.5_sshd_maxauthtries.sh => 5.2.7_sshd_maxauthtries.sh} | 2 +-
 ...sshd_ignorerhosts.sh => 5.2.8_enable_sshd_ignorerhosts.sh} | 2 +-
 ...ation.sh => 5.2.9_disable_sshd_hostbasedauthentication.sh} | 2 +-
 ...10_disable_sshd_setenv.sh => 5.2.10_disable_root_login.sh} | 0
 ...ciphers.sh => 5.2.11_disable_sshd_permitemptypasswords.sh} | 0
 ....12_sshd_idle_timeout.sh => 5.2.12_disable_sshd_setenv.sh} | 0
 .../{9.3.13_sshd_limit_access.sh => 5.2.13_sshd_ciphers.sh}   | 0
 .../{99.5.2.2_ssh_cry_mac.sh => 5.2.14_ssh_cry_mac.sh}        | 0
 .../{99.5.2.1_ssh_cry_kex.sh => 5.2.15_ssh_cry_kex.sh}        | 0
 .../{9.3.14_ssh_banner.sh => 5.2.16_sshd_idle_timeout.sh}     | 0
 .../{9.3.1_sshd_protocol.sh => 5.2.18_sshd_limit_access.sh}   | 0
 ...9.3.3_sshd_conf_perm_ownership.sh => 5.2.19_ssh_banner.sh} | 0
 ...le_x11_forwarding.sh => 5.2.1_sshd_conf_perm_ownership.sh} | 0
 .../{9.3.5_sshd_maxauthtries.sh => 5.2.4_sshd_protocol.sh}    | 0
 .../{9.3.2_sshd_loglevel.sh => 5.2.5_sshd_loglevel.sh}        | 0
 ...e_sshd_ignorerhosts.sh => 5.2.6_disable_x11_forwarding.sh} | 0
 ..._hostbasedauthentication.sh => 5.2.7_sshd_maxauthtries.sh} | 0
 ...isable_root_login.sh => 5.2.8_enable_sshd_ignorerhosts.sh} | 0
 ...words.sh => 5.2.9_disable_sshd_hostbasedauthentication.sh} | 0
 32 files changed, 17 insertions(+), 17 deletions(-)
 rename bin/hardening/{9.3.8_disable_root_login.sh => 5.2.10_disable_root_login.sh} (98%)
 rename bin/hardening/{9.3.9_disable_sshd_permitemptypasswords.sh => 5.2.11_disable_sshd_permitemptypasswords.sh} (97%)
 rename bin/hardening/{9.3.10_disable_sshd_setenv.sh => 5.2.12_disable_sshd_setenv.sh} (97%)
 rename bin/hardening/{9.3.11_sshd_ciphers.sh => 5.2.13_sshd_ciphers.sh} (98%)
 rename bin/hardening/{99.5.2.2_ssh_cry_mac.sh => 5.2.14_ssh_cry_mac.sh} (96%)
 rename bin/hardening/{99.5.2.1_ssh_cry_kex.sh => 5.2.15_ssh_cry_kex.sh} (98%)
 rename bin/hardening/{9.3.12_sshd_idle_timeout.sh => 5.2.16_sshd_idle_timeout.sh} (97%)
 rename bin/hardening/{9.3.13_sshd_limit_access.sh => 5.2.18_sshd_limit_access.sh} (98%)
 rename bin/hardening/{9.3.14_ssh_banner.sh => 5.2.19_ssh_banner.sh} (98%)
 rename bin/hardening/{9.3.3_sshd_conf_perm_ownership.sh => 5.2.1_sshd_conf_perm_ownership.sh} (96%)
 rename bin/hardening/{9.3.1_sshd_protocol.sh => 5.2.4_sshd_protocol.sh} (98%)
 rename bin/hardening/{9.3.2_sshd_loglevel.sh => 5.2.5_sshd_loglevel.sh} (98%)
 rename bin/hardening/{9.3.4_disable_x11_forwarding.sh => 5.2.6_disable_x11_forwarding.sh} (98%)
 rename bin/hardening/{9.3.5_sshd_maxauthtries.sh => 5.2.7_sshd_maxauthtries.sh} (97%)
 rename bin/hardening/{9.3.6_enable_sshd_ignorerhosts.sh => 5.2.8_enable_sshd_ignorerhosts.sh} (98%)
 rename bin/hardening/{9.3.7_disable_sshd_hostbasedauthentication.sh => 5.2.9_disable_sshd_hostbasedauthentication.sh} (97%)
 rename tests/hardening/{9.3.10_disable_sshd_setenv.sh => 5.2.10_disable_root_login.sh} (100%)
 rename tests/hardening/{9.3.11_sshd_ciphers.sh => 5.2.11_disable_sshd_permitemptypasswords.sh} (100%)
 rename tests/hardening/{9.3.12_sshd_idle_timeout.sh => 5.2.12_disable_sshd_setenv.sh} (100%)
 rename tests/hardening/{9.3.13_sshd_limit_access.sh => 5.2.13_sshd_ciphers.sh} (100%)
 rename tests/hardening/{99.5.2.2_ssh_cry_mac.sh => 5.2.14_ssh_cry_mac.sh} (100%)
 rename tests/hardening/{99.5.2.1_ssh_cry_kex.sh => 5.2.15_ssh_cry_kex.sh} (100%)
 rename tests/hardening/{9.3.14_ssh_banner.sh => 5.2.16_sshd_idle_timeout.sh} (100%)
 rename tests/hardening/{9.3.1_sshd_protocol.sh => 5.2.18_sshd_limit_access.sh} (100%)
 rename tests/hardening/{9.3.3_sshd_conf_perm_ownership.sh => 5.2.19_ssh_banner.sh} (100%)
 rename tests/hardening/{9.3.4_disable_x11_forwarding.sh => 5.2.1_sshd_conf_perm_ownership.sh} (100%)
 rename tests/hardening/{9.3.5_sshd_maxauthtries.sh => 5.2.4_sshd_protocol.sh} (100%)
 rename tests/hardening/{9.3.2_sshd_loglevel.sh => 5.2.5_sshd_loglevel.sh} (100%)
 rename tests/hardening/{9.3.6_enable_sshd_ignorerhosts.sh => 5.2.6_disable_x11_forwarding.sh} (100%)
 rename tests/hardening/{9.3.7_disable_sshd_hostbasedauthentication.sh => 5.2.7_sshd_maxauthtries.sh} (100%)
 rename tests/hardening/{9.3.8_disable_root_login.sh => 5.2.8_enable_sshd_ignorerhosts.sh} (100%)
 rename tests/hardening/{9.3.9_disable_sshd_permitemptypasswords.sh => 5.2.9_disable_sshd_hostbasedauthentication.sh} (100%)

diff --git a/bin/hardening/9.3.8_disable_root_login.sh b/bin/hardening/5.2.10_disable_root_login.sh
similarity index 98%
rename from bin/hardening/9.3.8_disable_root_login.sh
rename to bin/hardening/5.2.10_disable_root_login.sh
index 1de2668..3b01009 100755
--- a/bin/hardening/9.3.8_disable_root_login.sh
+++ b/bin/hardening/5.2.10_disable_root_login.sh
@@ -5,7 +5,7 @@
 #
 
 #
-# 9.3.8 Disable SSH Root Login (Scored)
+# 5.2.10 Ensure SSH root login is disabled (Scored)
 #
 
 set -e # One error, it's over
diff --git a/bin/hardening/9.3.9_disable_sshd_permitemptypasswords.sh b/bin/hardening/5.2.11_disable_sshd_permitemptypasswords.sh
similarity index 97%
rename from bin/hardening/9.3.9_disable_sshd_permitemptypasswords.sh
rename to bin/hardening/5.2.11_disable_sshd_permitemptypasswords.sh
index 1ebe36a..39bbb1a 100755
--- a/bin/hardening/9.3.9_disable_sshd_permitemptypasswords.sh
+++ b/bin/hardening/5.2.11_disable_sshd_permitemptypasswords.sh
@@ -5,7 +5,7 @@
 #
 
 #
-# 9.3.9 Set SSH PermitEmptyPasswords to No (Scored)
+# 5.2.11 Ensure SSH PermitEmptyPasswords is disabled (Scored)
 #
 
 set -e # One error, it's over
diff --git a/bin/hardening/9.3.10_disable_sshd_setenv.sh b/bin/hardening/5.2.12_disable_sshd_setenv.sh
similarity index 97%
rename from bin/hardening/9.3.10_disable_sshd_setenv.sh
rename to bin/hardening/5.2.12_disable_sshd_setenv.sh
index 6af3e84..514c222 100755
--- a/bin/hardening/9.3.10_disable_sshd_setenv.sh
+++ b/bin/hardening/5.2.12_disable_sshd_setenv.sh
@@ -5,7 +5,7 @@
 #
 
 #
-# 9.3.10 Do Not Allow Users to Set Environment Options (Scored)
+# 5.2.12 Ensure SSH PermitUserEnvironment is disabled (Scored)
 #
 
 set -e # One error, it's over
diff --git a/bin/hardening/9.3.11_sshd_ciphers.sh b/bin/hardening/5.2.13_sshd_ciphers.sh
similarity index 98%
rename from bin/hardening/9.3.11_sshd_ciphers.sh
rename to bin/hardening/5.2.13_sshd_ciphers.sh
index 2713c6e..8c16860 100755
--- a/bin/hardening/9.3.11_sshd_ciphers.sh
+++ b/bin/hardening/5.2.13_sshd_ciphers.sh
@@ -5,7 +5,7 @@
 #
 
 #
-# 9.3.11 Use Only Approved Cipher in Counter Mode (Scored)
+# 5.2.13 Ensure only strong ciphers are used (Scored)
 #
 
 set -e # One error, it's over
diff --git a/bin/hardening/99.5.2.2_ssh_cry_mac.sh b/bin/hardening/5.2.14_ssh_cry_mac.sh
similarity index 96%
rename from bin/hardening/99.5.2.2_ssh_cry_mac.sh
rename to bin/hardening/5.2.14_ssh_cry_mac.sh
index bf6e0b9..eb96b9e 100755
--- a/bin/hardening/99.5.2.2_ssh_cry_mac.sh
+++ b/bin/hardening/5.2.14_ssh_cry_mac.sh
@@ -6,7 +6,7 @@
 #
 
 #
-# Checking Message Authentication Code ciphers for preferred UMAC and SHA-256|512 with Encrypt-Then-Mac (etm) setting.
+# 5.2.14 Ensure only strong MAC algorithms are used (Scored)
 #
 
 set -e # One error, it's over
diff --git a/bin/hardening/99.5.2.1_ssh_cry_kex.sh b/bin/hardening/5.2.15_ssh_cry_kex.sh
similarity index 98%
rename from bin/hardening/99.5.2.1_ssh_cry_kex.sh
rename to bin/hardening/5.2.15_ssh_cry_kex.sh
index faa1bae..99e155b 100755
--- a/bin/hardening/99.5.2.1_ssh_cry_kex.sh
+++ b/bin/hardening/5.2.15_ssh_cry_kex.sh
@@ -6,7 +6,7 @@
 #
 
 #
-# Checking key exchange ciphers.
+# 5.2.15 Ensure only strong Key Exchange algorithms are used (Scored)
 #
 
 set -e # One error, it's over
diff --git a/bin/hardening/9.3.12_sshd_idle_timeout.sh b/bin/hardening/5.2.16_sshd_idle_timeout.sh
similarity index 97%
rename from bin/hardening/9.3.12_sshd_idle_timeout.sh
rename to bin/hardening/5.2.16_sshd_idle_timeout.sh
index 98aaa4d..3588e12 100755
--- a/bin/hardening/9.3.12_sshd_idle_timeout.sh
+++ b/bin/hardening/5.2.16_sshd_idle_timeout.sh
@@ -5,7 +5,7 @@
 #
 
 #
-# 9.3.12 Set Idle Timeout Interval for User Login (Scored)
+# 5.2.16 Ensure SSH Idle Timeout Interval is configured (Scored)
 # FIXME: the implementation of this script doesn't do what it says
 #
 
@@ -76,7 +76,7 @@ create_config() {
 status=audit
 # In seconds, value of ClientAliveInterval, ClientAliveCountMax bedoing set to 0
 # Settles sshd idle timeout
-SSHD_TIMEOUT=900
+SSHD_TIMEOUT=300
 EOF
 }
 
diff --git a/bin/hardening/9.3.13_sshd_limit_access.sh b/bin/hardening/5.2.18_sshd_limit_access.sh
similarity index 98%
rename from bin/hardening/9.3.13_sshd_limit_access.sh
rename to bin/hardening/5.2.18_sshd_limit_access.sh
index a4d75ad..58be24a 100755
--- a/bin/hardening/9.3.13_sshd_limit_access.sh
+++ b/bin/hardening/5.2.18_sshd_limit_access.sh
@@ -5,7 +5,7 @@
 #
 
 #
-# 9.3.13 Limit Access via SSH (Scored)
+# 5.2.18 Ensure SSH access is limited (Scored)
 #
 
 set -e # One error, it's over
diff --git a/bin/hardening/9.3.14_ssh_banner.sh b/bin/hardening/5.2.19_ssh_banner.sh
similarity index 98%
rename from bin/hardening/9.3.14_ssh_banner.sh
rename to bin/hardening/5.2.19_ssh_banner.sh
index 5f52511..8158cf0 100755
--- a/bin/hardening/9.3.14_ssh_banner.sh
+++ b/bin/hardening/5.2.19_ssh_banner.sh
@@ -5,7 +5,7 @@
 #
 
 #
-# 9.3.14 Set SSH Banner (Scored)
+# 5.2.19 Ensure SSH warning banner is configured (Scored)
 #
 
 set -e # One error, it's over
diff --git a/bin/hardening/9.3.3_sshd_conf_perm_ownership.sh b/bin/hardening/5.2.1_sshd_conf_perm_ownership.sh
similarity index 96%
rename from bin/hardening/9.3.3_sshd_conf_perm_ownership.sh
rename to bin/hardening/5.2.1_sshd_conf_perm_ownership.sh
index c0687cf..cb2e24c 100755
--- a/bin/hardening/9.3.3_sshd_conf_perm_ownership.sh
+++ b/bin/hardening/5.2.1_sshd_conf_perm_ownership.sh
@@ -5,7 +5,7 @@
 #
 
 #
-# 9.3.3 Set Permissions on /etc/ssh/sshd_config (Scored)
+# 5.2.1 Ensure permissions on /etc/ssh/sshd_config are configured (Scored)
 #
 
 set -e # One error, it's over
diff --git a/bin/hardening/9.3.1_sshd_protocol.sh b/bin/hardening/5.2.4_sshd_protocol.sh
similarity index 98%
rename from bin/hardening/9.3.1_sshd_protocol.sh
rename to bin/hardening/5.2.4_sshd_protocol.sh
index 3d7d031..1e57c18 100755
--- a/bin/hardening/9.3.1_sshd_protocol.sh
+++ b/bin/hardening/5.2.4_sshd_protocol.sh
@@ -5,7 +5,7 @@
 #
 
 #
-# 9.3.1 Set SSH Protocol to 2 (Scored)
+# 5.2.4 Ensure SSH Protocol is set to 2 (Scored)
 #
 
 set -e # One error, it's over
diff --git a/bin/hardening/9.3.2_sshd_loglevel.sh b/bin/hardening/5.2.5_sshd_loglevel.sh
similarity index 98%
rename from bin/hardening/9.3.2_sshd_loglevel.sh
rename to bin/hardening/5.2.5_sshd_loglevel.sh
index 1ab98a1..c4eb31e 100755
--- a/bin/hardening/9.3.2_sshd_loglevel.sh
+++ b/bin/hardening/5.2.5_sshd_loglevel.sh
@@ -6,7 +6,7 @@
 #
 
 #
-# 9.3.2 Set LogLevel to INFO (Scored)
+# 5.2.5 Ensure SSH LogLevel is appropriate (Scored)
 #
 
 set -e # One error, it's over
diff --git a/bin/hardening/9.3.4_disable_x11_forwarding.sh b/bin/hardening/5.2.6_disable_x11_forwarding.sh
similarity index 98%
rename from bin/hardening/9.3.4_disable_x11_forwarding.sh
rename to bin/hardening/5.2.6_disable_x11_forwarding.sh
index dadc1c0..98e59e8 100755
--- a/bin/hardening/9.3.4_disable_x11_forwarding.sh
+++ b/bin/hardening/5.2.6_disable_x11_forwarding.sh
@@ -5,7 +5,7 @@
 #
 
 #
-# 9.3.4 Disable SSH X11 Forwarding (Scored)
+# 5.2.6 Ensure SSH X11 forwarding is disabled (Scored)
 #
 
 set -e # One error, it's over
diff --git a/bin/hardening/9.3.5_sshd_maxauthtries.sh b/bin/hardening/5.2.7_sshd_maxauthtries.sh
similarity index 97%
rename from bin/hardening/9.3.5_sshd_maxauthtries.sh
rename to bin/hardening/5.2.7_sshd_maxauthtries.sh
index 5e4e6ae..f0e90f7 100755
--- a/bin/hardening/9.3.5_sshd_maxauthtries.sh
+++ b/bin/hardening/5.2.7_sshd_maxauthtries.sh
@@ -5,7 +5,7 @@
 #
 
 #
-# 9.3.5 Set SSH MaxAuthTries to 4 or Less (Scored)
+# 5.2.7 Ensure SSH MaxAuthTries is set to 4 or less (Scored)
 #
 
 set -e # One error, it's over
diff --git a/bin/hardening/9.3.6_enable_sshd_ignorerhosts.sh b/bin/hardening/5.2.8_enable_sshd_ignorerhosts.sh
similarity index 98%
rename from bin/hardening/9.3.6_enable_sshd_ignorerhosts.sh
rename to bin/hardening/5.2.8_enable_sshd_ignorerhosts.sh
index dbed72b..380f092 100755
--- a/bin/hardening/9.3.6_enable_sshd_ignorerhosts.sh
+++ b/bin/hardening/5.2.8_enable_sshd_ignorerhosts.sh
@@ -5,7 +5,7 @@
 #
 
 #
-# 9.3.6 Set SSH IgnoreRhosts to Yes (Scored)
+# 5.2.8 Set SSH IgnoreRhosts to Yes (Scored)
 #
 
 set -e # One error, it's over
diff --git a/bin/hardening/9.3.7_disable_sshd_hostbasedauthentication.sh b/bin/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh
similarity index 97%
rename from bin/hardening/9.3.7_disable_sshd_hostbasedauthentication.sh
rename to bin/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh
index 4d2fc87..5e5c7e6 100755
--- a/bin/hardening/9.3.7_disable_sshd_hostbasedauthentication.sh
+++ b/bin/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh
@@ -5,7 +5,7 @@
 #
 
 #
-# 9.3.7 Set SSH HostbasedAuthentication to No (Scored)
+# 5.2.9 Ensure SSH HostbasedAuthentication is disabled (Scored)
 #
 
 set -e # One error, it's over
diff --git a/tests/hardening/9.3.10_disable_sshd_setenv.sh b/tests/hardening/5.2.10_disable_root_login.sh
similarity index 100%
rename from tests/hardening/9.3.10_disable_sshd_setenv.sh
rename to tests/hardening/5.2.10_disable_root_login.sh
diff --git a/tests/hardening/9.3.11_sshd_ciphers.sh b/tests/hardening/5.2.11_disable_sshd_permitemptypasswords.sh
similarity index 100%
rename from tests/hardening/9.3.11_sshd_ciphers.sh
rename to tests/hardening/5.2.11_disable_sshd_permitemptypasswords.sh
diff --git a/tests/hardening/9.3.12_sshd_idle_timeout.sh b/tests/hardening/5.2.12_disable_sshd_setenv.sh
similarity index 100%
rename from tests/hardening/9.3.12_sshd_idle_timeout.sh
rename to tests/hardening/5.2.12_disable_sshd_setenv.sh
diff --git a/tests/hardening/9.3.13_sshd_limit_access.sh b/tests/hardening/5.2.13_sshd_ciphers.sh
similarity index 100%
rename from tests/hardening/9.3.13_sshd_limit_access.sh
rename to tests/hardening/5.2.13_sshd_ciphers.sh
diff --git a/tests/hardening/99.5.2.2_ssh_cry_mac.sh b/tests/hardening/5.2.14_ssh_cry_mac.sh
similarity index 100%
rename from tests/hardening/99.5.2.2_ssh_cry_mac.sh
rename to tests/hardening/5.2.14_ssh_cry_mac.sh
diff --git a/tests/hardening/99.5.2.1_ssh_cry_kex.sh b/tests/hardening/5.2.15_ssh_cry_kex.sh
similarity index 100%
rename from tests/hardening/99.5.2.1_ssh_cry_kex.sh
rename to tests/hardening/5.2.15_ssh_cry_kex.sh
diff --git a/tests/hardening/9.3.14_ssh_banner.sh b/tests/hardening/5.2.16_sshd_idle_timeout.sh
similarity index 100%
rename from tests/hardening/9.3.14_ssh_banner.sh
rename to tests/hardening/5.2.16_sshd_idle_timeout.sh
diff --git a/tests/hardening/9.3.1_sshd_protocol.sh b/tests/hardening/5.2.18_sshd_limit_access.sh
similarity index 100%
rename from tests/hardening/9.3.1_sshd_protocol.sh
rename to tests/hardening/5.2.18_sshd_limit_access.sh
diff --git a/tests/hardening/9.3.3_sshd_conf_perm_ownership.sh b/tests/hardening/5.2.19_ssh_banner.sh
similarity index 100%
rename from tests/hardening/9.3.3_sshd_conf_perm_ownership.sh
rename to tests/hardening/5.2.19_ssh_banner.sh
diff --git a/tests/hardening/9.3.4_disable_x11_forwarding.sh b/tests/hardening/5.2.1_sshd_conf_perm_ownership.sh
similarity index 100%
rename from tests/hardening/9.3.4_disable_x11_forwarding.sh
rename to tests/hardening/5.2.1_sshd_conf_perm_ownership.sh
diff --git a/tests/hardening/9.3.5_sshd_maxauthtries.sh b/tests/hardening/5.2.4_sshd_protocol.sh
similarity index 100%
rename from tests/hardening/9.3.5_sshd_maxauthtries.sh
rename to tests/hardening/5.2.4_sshd_protocol.sh
diff --git a/tests/hardening/9.3.2_sshd_loglevel.sh b/tests/hardening/5.2.5_sshd_loglevel.sh
similarity index 100%
rename from tests/hardening/9.3.2_sshd_loglevel.sh
rename to tests/hardening/5.2.5_sshd_loglevel.sh
diff --git a/tests/hardening/9.3.6_enable_sshd_ignorerhosts.sh b/tests/hardening/5.2.6_disable_x11_forwarding.sh
similarity index 100%
rename from tests/hardening/9.3.6_enable_sshd_ignorerhosts.sh
rename to tests/hardening/5.2.6_disable_x11_forwarding.sh
diff --git a/tests/hardening/9.3.7_disable_sshd_hostbasedauthentication.sh b/tests/hardening/5.2.7_sshd_maxauthtries.sh
similarity index 100%
rename from tests/hardening/9.3.7_disable_sshd_hostbasedauthentication.sh
rename to tests/hardening/5.2.7_sshd_maxauthtries.sh
diff --git a/tests/hardening/9.3.8_disable_root_login.sh b/tests/hardening/5.2.8_enable_sshd_ignorerhosts.sh
similarity index 100%
rename from tests/hardening/9.3.8_disable_root_login.sh
rename to tests/hardening/5.2.8_enable_sshd_ignorerhosts.sh
diff --git a/tests/hardening/9.3.9_disable_sshd_permitemptypasswords.sh b/tests/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh
similarity index 100%
rename from tests/hardening/9.3.9_disable_sshd_permitemptypasswords.sh
rename to tests/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh