Renum ssh config check 9.3.x to 5.2.x

Also renum 99.x checks that were included in CIS recommendations renamed: bin/hardening/9.3.8_disable_root_login.sh -> bin/hardening/5.2.10_disable_root_login.sh renamed: bin/hardening/9.3.9_disable_sshd_permitemptypasswords.sh -> bin/hardening/5.2.11_disable_sshd_permitemptypasswords.sh renamed: bin/hardening/9.3.10_disable_sshd_setenv.sh -> bin/hardening/5.2.12_disable_sshd_setenv.sh renamed: bin/hardening/9.3.11_sshd_ciphers.sh -> bin/hardening/5.2.13_sshd_ciphers.sh renamed: bin/hardening/99.5.2.2_ssh_cry_mac.sh -> bin/hardening/5.2.14_ssh_cry_mac.sh renamed: bin/hardening/99.5.2.1_ssh_cry_kex.sh -> bin/hardening/5.2.15_ssh_cry_kex.sh renamed: bin/hardening/9.3.12_sshd_idle_timeout.sh -> bin/hardening/5.2.16_sshd_idle_timeout.sh renamed: bin/hardening/9.3.13_sshd_limit_access.sh -> bin/hardening/5.2.18_sshd_limit_access.sh renamed: bin/hardening/9.3.14_ssh_banner.sh -> bin/hardening/5.2.19_ssh_banner.sh renamed: bin/hardening/9.3.3_sshd_conf_perm_ownership.sh -> bin/hardening/5.2.1_sshd_conf_perm_ownership.sh renamed: bin/hardening/9.3.1_sshd_protocol.sh -> bin/hardening/5.2.4_sshd_protocol.sh renamed: bin/hardening/9.3.2_sshd_loglevel.sh -> bin/hardening/5.2.5_sshd_loglevel.sh renamed: bin/hardening/9.3.4_disable_x11_forwarding.sh -> bin/hardening/5.2.6_disable_x11_forwarding.sh renamed: bin/hardening/9.3.5_sshd_maxauthtries.sh -> bin/hardening/5.2.7_sshd_maxauthtries.sh renamed: bin/hardening/9.3.6_enable_sshd_ignorerhosts.sh -> bin/hardening/5.2.8_enable_sshd_ignorerhosts.sh renamed: bin/hardening/9.3.7_disable_sshd_hostbasedauthentication.sh -> bin/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh renamed: tests/hardening/9.3.9_disable_sshd_permitemptypasswords.sh -> tests/hardening/5.2.10_disable_root_login.sh renamed: tests/hardening/9.3.8_disable_root_login.sh -> tests/hardening/5.2.11_disable_sshd_permitemptypasswords.sh renamed: tests/hardening/9.3.7_disable_sshd_hostbasedauthentication.sh -> tests/hardening/5.2.12_disable_sshd_setenv.sh renamed: tests/hardening/9.3.6_enable_sshd_ignorerhosts.sh -> tests/hardening/5.2.13_sshd_ciphers.sh renamed: tests/hardening/99.5.2.2_ssh_cry_mac.sh -> tests/hardening/5.2.14_ssh_cry_mac.sh renamed: tests/hardening/99.5.2.1_ssh_cry_kex.sh -> tests/hardening/5.2.15_ssh_cry_kex.sh renamed: tests/hardening/9.3.5_sshd_maxauthtries.sh -> tests/hardening/5.2.16_sshd_idle_timeout.sh renamed: tests/hardening/9.3.4_disable_x11_forwarding.sh -> tests/hardening/5.2.18_sshd_limit_access.sh renamed: tests/hardening/9.3.3_sshd_conf_perm_ownership.sh -> tests/hardening/5.2.19_ssh_banner.sh renamed: tests/hardening/9.3.1_sshd_protocol.sh -> tests/hardening/5.2.1_sshd_conf_perm_ownership.sh renamed: tests/hardening/9.3.14_ssh_banner.sh -> tests/hardening/5.2.4_sshd_protocol.sh renamed: tests/hardening/9.3.2_sshd_loglevel.sh -> tests/hardening/5.2.5_sshd_loglevel.sh renamed: tests/hardening/9.3.13_sshd_limit_access.sh -> tests/hardening/5.2.6_disable_x11_forwarding.sh renamed: tests/hardening/9.3.12_sshd_idle_timeout.sh -> tests/hardening/5.2.7_sshd_maxauthtries.sh renamed: tests/hardening/9.3.11_sshd_ciphers.sh -> tests/hardening/5.2.8_enable_sshd_ignorerhosts.sh renamed: tests/hardening/9.3.10_disable_sshd_setenv.sh -> tests/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh
2024-11-22 13:37:02 +01:00 · 2019-09-11 17:12:54 +02:00 · 2019-09-11 17:12:54 +02:00 · 9e61ca8367
commit 9e61ca8367
parent c863a01305
32 changed files with 17 additions and 17 deletions
--- a/bin/hardening/5.2.10_disable_root_login.sh
+++ b/bin/hardening/5.2.10_disable_root_login.sh
@ -5,7 +5,7 @@
 #
 #
-# 9.3.8 Disable SSH Root Login (Scored)
+# 5.2.10 Ensure SSH root login is disabled (Scored)
 #
 set -e # One error, it's over
--- a/bin/hardening/5.2.11_disable_sshd_permitemptypasswords.sh
+++ b/bin/hardening/5.2.11_disable_sshd_permitemptypasswords.sh
@ -5,7 +5,7 @@
 #
 #
-# 9.3.9 Set SSH PermitEmptyPasswords to No (Scored)
+# 5.2.11 Ensure SSH PermitEmptyPasswords is disabled (Scored)
 #
 set -e # One error, it's over
--- a/bin/hardening/5.2.12_disable_sshd_setenv.sh
+++ b/bin/hardening/5.2.12_disable_sshd_setenv.sh
@ -5,7 +5,7 @@
 #
 #
-# 9.3.10 Do Not Allow Users to Set Environment Options (Scored)
+# 5.2.12 Ensure SSH PermitUserEnvironment is disabled (Scored)
 #
 set -e # One error, it's over
--- a/bin/hardening/5.2.13_sshd_ciphers.sh
+++ b/bin/hardening/5.2.13_sshd_ciphers.sh
@ -5,7 +5,7 @@
 #
 #
-# 9.3.11 Use Only Approved Cipher in Counter Mode (Scored)
+# 5.2.13 Ensure only strong ciphers are used (Scored)
 #
 set -e # One error, it's over
--- a/bin/hardening/99.5.2.2_ssh_cry_mac.sh
+++ b/bin/hardening/99.5.2.2_ssh_cry_mac.sh
@ -6,7 +6,7 @@
 #
 #
-# Checking Message Authentication Code ciphers for preferred UMAC and SHA-256|512 with Encrypt-Then-Mac (etm) setting.
+# 5.2.14 Ensure only strong MAC algorithms are used (Scored)
 #
 set -e # One error, it's over
--- a/bin/hardening/99.5.2.1_ssh_cry_kex.sh
+++ b/bin/hardening/99.5.2.1_ssh_cry_kex.sh
@ -6,7 +6,7 @@
 #
 #
-# Checking key exchange ciphers.
+# 5.2.15 Ensure only strong Key Exchange algorithms are used (Scored)
 #
 set -e # One error, it's over
--- a/bin/hardening/5.2.16_sshd_idle_timeout.sh
+++ b/bin/hardening/5.2.16_sshd_idle_timeout.sh
@ -5,7 +5,7 @@
 #
 #
-# 9.3.12 Set Idle Timeout Interval for User Login (Scored)
+# 5.2.16 Ensure SSH Idle Timeout Interval is configured (Scored)
 # FIXME: the implementation of this script doesn't do what it says
 #
@ -76,7 +76,7 @@ create_config() {
 status=audit
 # In seconds, value of ClientAliveInterval, ClientAliveCountMax bedoing set to 0
 # Settles sshd idle timeout
-SSHD_TIMEOUT=900
+SSHD_TIMEOUT=300
 EOF
 }
--- a/bin/hardening/5.2.18_sshd_limit_access.sh
+++ b/bin/hardening/5.2.18_sshd_limit_access.sh
@ -5,7 +5,7 @@
 #
 #
-# 9.3.13 Limit Access via SSH (Scored)
+# 5.2.18 Ensure SSH access is limited (Scored)
 #
 set -e # One error, it's over
--- a/bin/hardening/5.2.19_ssh_banner.sh
+++ b/bin/hardening/5.2.19_ssh_banner.sh
@ -5,7 +5,7 @@
 #
 #
-# 9.3.14 Set SSH Banner (Scored)
+# 5.2.19 Ensure SSH warning banner is configured (Scored)
 #
 set -e # One error, it's over
--- a/bin/hardening/5.2.1_sshd_conf_perm_ownership.sh
+++ b/bin/hardening/5.2.1_sshd_conf_perm_ownership.sh
@ -5,7 +5,7 @@
 #
 #
-# 9.3.3 Set Permissions on /etc/ssh/sshd_config (Scored)
+# 5.2.1 Ensure permissions on /etc/ssh/sshd_config are configured (Scored)
 #
 set -e # One error, it's over
--- a/bin/hardening/5.2.4_sshd_protocol.sh
+++ b/bin/hardening/5.2.4_sshd_protocol.sh
@ -5,7 +5,7 @@
 #
 #
-# 9.3.1 Set SSH Protocol to 2 (Scored)
+# 5.2.4 Ensure SSH Protocol is set to 2 (Scored)
 #
 set -e # One error, it's over
--- a/bin/hardening/5.2.5_sshd_loglevel.sh
+++ b/bin/hardening/5.2.5_sshd_loglevel.sh
@ -6,7 +6,7 @@
 #
 #
-# 9.3.2 Set LogLevel to INFO (Scored)
+# 5.2.5 Ensure SSH LogLevel is appropriate (Scored)
 #
 set -e # One error, it's over
--- a/bin/hardening/5.2.6_disable_x11_forwarding.sh
+++ b/bin/hardening/5.2.6_disable_x11_forwarding.sh
@ -5,7 +5,7 @@
 #
 #
-# 9.3.4 Disable SSH X11 Forwarding (Scored)
+# 5.2.6 Ensure SSH X11 forwarding is disabled (Scored)
 #
 set -e # One error, it's over
--- a/bin/hardening/5.2.7_sshd_maxauthtries.sh
+++ b/bin/hardening/5.2.7_sshd_maxauthtries.sh
@ -5,7 +5,7 @@
 #
 #
-# 9.3.5 Set SSH MaxAuthTries to 4 or Less (Scored)
+# 5.2.7 Ensure SSH MaxAuthTries is set to 4 or less (Scored)
 #
 set -e # One error, it's over
--- a/bin/hardening/5.2.8_enable_sshd_ignorerhosts.sh
+++ b/bin/hardening/5.2.8_enable_sshd_ignorerhosts.sh
@ -5,7 +5,7 @@
 #
 #
-# 9.3.6 Set SSH IgnoreRhosts to Yes (Scored)
+# 5.2.8 Set SSH IgnoreRhosts to Yes (Scored)
 #
 set -e # One error, it's over
--- a/bin/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh
+++ b/bin/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh
@ -5,7 +5,7 @@
 #
 #
-# 9.3.7 Set SSH HostbasedAuthentication to No (Scored)
+# 5.2.9 Ensure SSH HostbasedAuthentication is disabled (Scored)
 #
 set -e # One error, it's over
--- a/tests/hardening/9.3.10_disable_sshd_setenv.sh
+++ b/tests/hardening/9.3.10_disable_sshd_setenv.sh
--- a/tests/hardening/5.2.11_disable_sshd_permitemptypasswords.sh
+++ b/tests/hardening/5.2.11_disable_sshd_permitemptypasswords.sh
--- a/tests/hardening/5.2.12_disable_sshd_setenv.sh
+++ b/tests/hardening/5.2.12_disable_sshd_setenv.sh
--- a/tests/hardening/9.3.13_sshd_limit_access.sh
+++ b/tests/hardening/9.3.13_sshd_limit_access.sh
--- a/tests/hardening/99.5.2.2_ssh_cry_mac.sh
+++ b/tests/hardening/99.5.2.2_ssh_cry_mac.sh
--- a/tests/hardening/99.5.2.1_ssh_cry_kex.sh
+++ b/tests/hardening/99.5.2.1_ssh_cry_kex.sh
--- a/tests/hardening/5.2.16_sshd_idle_timeout.sh
+++ b/tests/hardening/5.2.16_sshd_idle_timeout.sh
--- a/tests/hardening/5.2.18_sshd_limit_access.sh
+++ b/tests/hardening/5.2.18_sshd_limit_access.sh
--- a/tests/hardening/9.3.3_sshd_conf_perm_ownership.sh
+++ b/tests/hardening/9.3.3_sshd_conf_perm_ownership.sh
--- a/tests/hardening/5.2.1_sshd_conf_perm_ownership.sh
+++ b/tests/hardening/5.2.1_sshd_conf_perm_ownership.sh
--- a/tests/hardening/9.3.5_sshd_maxauthtries.sh
+++ b/tests/hardening/9.3.5_sshd_maxauthtries.sh
--- a/tests/hardening/5.2.5_sshd_loglevel.sh
+++ b/tests/hardening/5.2.5_sshd_loglevel.sh
--- a/tests/hardening/9.3.6_enable_sshd_ignorerhosts.sh
+++ b/tests/hardening/9.3.6_enable_sshd_ignorerhosts.sh
--- a/tests/hardening/9.3.7_disable_sshd_hostbasedauthentication.sh
+++ b/tests/hardening/9.3.7_disable_sshd_hostbasedauthentication.sh
--- a/tests/hardening/5.2.8_enable_sshd_ignorerhosts.sh
+++ b/tests/hardening/5.2.8_enable_sshd_ignorerhosts.sh
--- a/tests/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh
+++ b/tests/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh