Renum ssh config check 9.3.x to 5.2.x

Also renum 99.x checks that were included in CIS recommendations

	renamed:    bin/hardening/9.3.8_disable_root_login.sh -> bin/hardening/5.2.10_disable_root_login.sh
	renamed:    bin/hardening/9.3.9_disable_sshd_permitemptypasswords.sh -> bin/hardening/5.2.11_disable_sshd_permitemptypasswords.sh
	renamed:    bin/hardening/9.3.10_disable_sshd_setenv.sh -> bin/hardening/5.2.12_disable_sshd_setenv.sh
	renamed:    bin/hardening/9.3.11_sshd_ciphers.sh -> bin/hardening/5.2.13_sshd_ciphers.sh
	renamed:    bin/hardening/99.5.2.2_ssh_cry_mac.sh -> bin/hardening/5.2.14_ssh_cry_mac.sh
	renamed:    bin/hardening/99.5.2.1_ssh_cry_kex.sh -> bin/hardening/5.2.15_ssh_cry_kex.sh
	renamed:    bin/hardening/9.3.12_sshd_idle_timeout.sh -> bin/hardening/5.2.16_sshd_idle_timeout.sh
	renamed:    bin/hardening/9.3.13_sshd_limit_access.sh -> bin/hardening/5.2.18_sshd_limit_access.sh
	renamed:    bin/hardening/9.3.14_ssh_banner.sh -> bin/hardening/5.2.19_ssh_banner.sh
	renamed:    bin/hardening/9.3.3_sshd_conf_perm_ownership.sh -> bin/hardening/5.2.1_sshd_conf_perm_ownership.sh
	renamed:    bin/hardening/9.3.1_sshd_protocol.sh -> bin/hardening/5.2.4_sshd_protocol.sh
	renamed:    bin/hardening/9.3.2_sshd_loglevel.sh -> bin/hardening/5.2.5_sshd_loglevel.sh
	renamed:    bin/hardening/9.3.4_disable_x11_forwarding.sh -> bin/hardening/5.2.6_disable_x11_forwarding.sh
	renamed:    bin/hardening/9.3.5_sshd_maxauthtries.sh -> bin/hardening/5.2.7_sshd_maxauthtries.sh
	renamed:    bin/hardening/9.3.6_enable_sshd_ignorerhosts.sh -> bin/hardening/5.2.8_enable_sshd_ignorerhosts.sh
	renamed:    bin/hardening/9.3.7_disable_sshd_hostbasedauthentication.sh -> bin/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh
	renamed:    tests/hardening/9.3.9_disable_sshd_permitemptypasswords.sh -> tests/hardening/5.2.10_disable_root_login.sh
	renamed:    tests/hardening/9.3.8_disable_root_login.sh -> tests/hardening/5.2.11_disable_sshd_permitemptypasswords.sh
	renamed:    tests/hardening/9.3.7_disable_sshd_hostbasedauthentication.sh -> tests/hardening/5.2.12_disable_sshd_setenv.sh
	renamed:    tests/hardening/9.3.6_enable_sshd_ignorerhosts.sh -> tests/hardening/5.2.13_sshd_ciphers.sh
	renamed:    tests/hardening/99.5.2.2_ssh_cry_mac.sh -> tests/hardening/5.2.14_ssh_cry_mac.sh
	renamed:    tests/hardening/99.5.2.1_ssh_cry_kex.sh -> tests/hardening/5.2.15_ssh_cry_kex.sh
	renamed:    tests/hardening/9.3.5_sshd_maxauthtries.sh -> tests/hardening/5.2.16_sshd_idle_timeout.sh
	renamed:    tests/hardening/9.3.4_disable_x11_forwarding.sh -> tests/hardening/5.2.18_sshd_limit_access.sh
	renamed:    tests/hardening/9.3.3_sshd_conf_perm_ownership.sh -> tests/hardening/5.2.19_ssh_banner.sh
	renamed:    tests/hardening/9.3.1_sshd_protocol.sh -> tests/hardening/5.2.1_sshd_conf_perm_ownership.sh
	renamed:    tests/hardening/9.3.14_ssh_banner.sh -> tests/hardening/5.2.4_sshd_protocol.sh
	renamed:    tests/hardening/9.3.2_sshd_loglevel.sh -> tests/hardening/5.2.5_sshd_loglevel.sh
	renamed:    tests/hardening/9.3.13_sshd_limit_access.sh -> tests/hardening/5.2.6_disable_x11_forwarding.sh
	renamed:    tests/hardening/9.3.12_sshd_idle_timeout.sh -> tests/hardening/5.2.7_sshd_maxauthtries.sh
	renamed:    tests/hardening/9.3.11_sshd_ciphers.sh -> tests/hardening/5.2.8_enable_sshd_ignorerhosts.sh
	renamed:    tests/hardening/9.3.10_disable_sshd_setenv.sh -> tests/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh
This commit is contained in:
Charles Herlin 2019-09-11 17:12:54 +02:00 committed by Thibault Ayanides
parent c863a01305
commit 9e61ca8367
32 changed files with 17 additions and 17 deletions

View File

@ -5,7 +5,7 @@
#
#
# 9.3.8 Disable SSH Root Login (Scored)
# 5.2.10 Ensure SSH root login is disabled (Scored)
#
set -e # One error, it's over

View File

@ -5,7 +5,7 @@
#
#
# 9.3.9 Set SSH PermitEmptyPasswords to No (Scored)
# 5.2.11 Ensure SSH PermitEmptyPasswords is disabled (Scored)
#
set -e # One error, it's over

View File

@ -5,7 +5,7 @@
#
#
# 9.3.10 Do Not Allow Users to Set Environment Options (Scored)
# 5.2.12 Ensure SSH PermitUserEnvironment is disabled (Scored)
#
set -e # One error, it's over

View File

@ -5,7 +5,7 @@
#
#
# 9.3.11 Use Only Approved Cipher in Counter Mode (Scored)
# 5.2.13 Ensure only strong ciphers are used (Scored)
#
set -e # One error, it's over

View File

@ -6,7 +6,7 @@
#
#
# Checking Message Authentication Code ciphers for preferred UMAC and SHA-256|512 with Encrypt-Then-Mac (etm) setting.
# 5.2.14 Ensure only strong MAC algorithms are used (Scored)
#
set -e # One error, it's over

View File

@ -6,7 +6,7 @@
#
#
# Checking key exchange ciphers.
# 5.2.15 Ensure only strong Key Exchange algorithms are used (Scored)
#
set -e # One error, it's over

View File

@ -5,7 +5,7 @@
#
#
# 9.3.12 Set Idle Timeout Interval for User Login (Scored)
# 5.2.16 Ensure SSH Idle Timeout Interval is configured (Scored)
# FIXME: the implementation of this script doesn't do what it says
#
@ -76,7 +76,7 @@ create_config() {
status=audit
# In seconds, value of ClientAliveInterval, ClientAliveCountMax bedoing set to 0
# Settles sshd idle timeout
SSHD_TIMEOUT=900
SSHD_TIMEOUT=300
EOF
}

View File

@ -5,7 +5,7 @@
#
#
# 9.3.13 Limit Access via SSH (Scored)
# 5.2.18 Ensure SSH access is limited (Scored)
#
set -e # One error, it's over

View File

@ -5,7 +5,7 @@
#
#
# 9.3.14 Set SSH Banner (Scored)
# 5.2.19 Ensure SSH warning banner is configured (Scored)
#
set -e # One error, it's over

View File

@ -5,7 +5,7 @@
#
#
# 9.3.3 Set Permissions on /etc/ssh/sshd_config (Scored)
# 5.2.1 Ensure permissions on /etc/ssh/sshd_config are configured (Scored)
#
set -e # One error, it's over

View File

@ -5,7 +5,7 @@
#
#
# 9.3.1 Set SSH Protocol to 2 (Scored)
# 5.2.4 Ensure SSH Protocol is set to 2 (Scored)
#
set -e # One error, it's over

View File

@ -6,7 +6,7 @@
#
#
# 9.3.2 Set LogLevel to INFO (Scored)
# 5.2.5 Ensure SSH LogLevel is appropriate (Scored)
#
set -e # One error, it's over

View File

@ -5,7 +5,7 @@
#
#
# 9.3.4 Disable SSH X11 Forwarding (Scored)
# 5.2.6 Ensure SSH X11 forwarding is disabled (Scored)
#
set -e # One error, it's over

View File

@ -5,7 +5,7 @@
#
#
# 9.3.5 Set SSH MaxAuthTries to 4 or Less (Scored)
# 5.2.7 Ensure SSH MaxAuthTries is set to 4 or less (Scored)
#
set -e # One error, it's over

View File

@ -5,7 +5,7 @@
#
#
# 9.3.6 Set SSH IgnoreRhosts to Yes (Scored)
# 5.2.8 Set SSH IgnoreRhosts to Yes (Scored)
#
set -e # One error, it's over

View File

@ -5,7 +5,7 @@
#
#
# 9.3.7 Set SSH HostbasedAuthentication to No (Scored)
# 5.2.9 Ensure SSH HostbasedAuthentication is disabled (Scored)
#
set -e # One error, it's over