fix ssh related tests

As letting sshd active will mess with others scripts later
2025-08-31 11:54:07 +02:00 · 2025-08-05 15:09:10 +02:00
parent f0075600e1
commit d587fc3e97
25 changed files with 50 additions and 0 deletions
--- a/tests/hardening/configure_ssh_max_startups.sh
+++ b/tests/hardening/configure_ssh_max_startups.sh
@@ -19,4 +19,6 @@ test_audit() {
    register_test retvalshouldbe 0
    register_test contain "[ OK ] ^maxstartups[[:space:]]*10:30:60 is present in /etc/ssh/sshd_config"
    run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
+    describe Clean test
+    pkill -9 sshd
 }
--- a/tests/hardening/disable_root_login.sh
+++ b/tests/hardening/disable_root_login.sh
@@ -19,4 +19,6 @@ test_audit() {
    register_test retvalshouldbe 0
    register_test contain "[ OK ] ^PermitRootLogin[[:space:]]*no is present in /etc/ssh/sshd_config"
    run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
+    describe Clean test
+    pkill -9 sshd
 }
--- a/tests/hardening/disable_ssh_allow_tcp_forwarding.sh
+++ b/tests/hardening/disable_ssh_allow_tcp_forwarding.sh
@@ -19,4 +19,6 @@ test_audit() {
    register_test retvalshouldbe 0
    register_test contain "[ OK ] ^AllowTCPForwarding[[:space:]]*no is present in /etc/ssh/sshd_config"
    run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
+    describe Clean test
+    pkill -9 sshd
 }
--- a/tests/hardening/disable_sshd_hostbasedauthentication.sh
+++ b/tests/hardening/disable_sshd_hostbasedauthentication.sh
@@ -19,4 +19,6 @@ test_audit() {
    register_test retvalshouldbe 0
    register_test contain "[ OK ] ^HostbasedAuthentication[[:space:]]*no is present in /etc/ssh/sshd_config"
    run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
+    describe Clean test
+    pkill -9 sshd
 }
--- a/tests/hardening/disable_sshd_permitemptypasswords.sh
+++ b/tests/hardening/disable_sshd_permitemptypasswords.sh
@@ -19,4 +19,6 @@ test_audit() {
    register_test retvalshouldbe 0
    register_test contain "[ OK ] ^PermitEmptyPasswords[[:space:]]*no is present in /etc/ssh/sshd_config"
    run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
+    describe Clean test
+    pkill -9 sshd
 }
--- a/tests/hardening/disable_sshd_setenv.sh
+++ b/tests/hardening/disable_sshd_setenv.sh
@@ -19,4 +19,6 @@ test_audit() {
    register_test retvalshouldbe 0
    register_test contain "[ OK ] ^PermitUserEnvironment[[:space:]]*no is present in /etc/ssh/sshd_config"
    run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
+    describe Clean test
+    pkill -9 sshd
 }
--- a/tests/hardening/disable_x11_forwarding.sh
+++ b/tests/hardening/disable_x11_forwarding.sh
@@ -19,4 +19,6 @@ test_audit() {
    register_test retvalshouldbe 0
    register_test contain "[ OK ] ^X11Forwarding[[:space:]]*no is present in /etc/ssh/sshd_config"
    run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
+    describe Clean test
+    pkill -9 sshd
 }
--- a/tests/hardening/enable_ssh_pam.sh
+++ b/tests/hardening/enable_ssh_pam.sh
@@ -19,4 +19,6 @@ test_audit() {
    register_test retvalshouldbe 0
    register_test contain "[ OK ] ^usepam[[:space:]]*yes is present in /etc/ssh/sshd_config"
    run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
+    describe Clean test
+    pkill -9 sshd
 }
--- a/tests/hardening/enable_sshd_ignorerhosts.sh
+++ b/tests/hardening/enable_sshd_ignorerhosts.sh
@@ -19,4 +19,6 @@ test_audit() {
    register_test retvalshouldbe 0
    register_test contain "[ OK ] ^IgnoreRhosts[[:space:]]*yes is present in /etc/ssh/sshd_config"
    run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
+    describe Clean test
+    pkill -9 sshd
 }
--- a/tests/hardening/limit_ssh_max_sessions.sh
+++ b/tests/hardening/limit_ssh_max_sessions.sh
@@ -35,4 +35,6 @@ test_audit() {
    register_test retvalshouldbe 0
    register_test contain "[ OK ] ^maxsessions[[:space:]]*10 is present in /etc/ssh/sshd_config"
    run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
+    describe Clean test
+    pkill -9 sshd
 }
--- a/tests/hardening/ssh_auth_pubk_only.sh
+++ b/tests/hardening/ssh_auth_pubk_only.sh
@@ -26,4 +26,6 @@ test_audit() {
    register_test contain "[ OK ] ^GSSAPIAuthentication[[:space:]]+no is present in /etc/ssh/sshd_config"
    register_test contain "[ OK ] ^GSSAPIKeyExchange[[:space:]]+no is present in /etc/ssh/sshd_config"
    run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
+    describe Clean test
+    pkill -9 sshd
 }
--- a/tests/hardening/ssh_banner.sh
+++ b/tests/hardening/ssh_banner.sh
@@ -19,4 +19,6 @@ test_audit() {
    register_test retvalshouldbe 0
    register_test contain "[ OK ] ^Banner[[:space:]]* is present in /etc/ssh/sshd_config"
    run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
+    describe Clean test
+    pkill -9 sshd
 }
--- a/tests/hardening/ssh_cry_kex.sh
+++ b/tests/hardening/ssh_cry_kex.sh
@@ -26,4 +26,6 @@ test_audit() {
    describe Checking resolved state
    register_test retvalshouldbe 0
    run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
+    describe Clean test
+    pkill -9 sshd
 }
--- a/tests/hardening/ssh_cry_mac.sh
+++ b/tests/hardening/ssh_cry_mac.sh
@@ -19,4 +19,6 @@ test_audit() {
    register_test retvalshouldbe 0
    register_test contain "[ OK ] ^MACs[[:space:]]*hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256 is present in /etc/ssh/sshd_config"
    run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
+    describe Clean test
+    pkill -9 sshd
 }
--- a/tests/hardening/ssh_cry_rekey.sh
+++ b/tests/hardening/ssh_cry_rekey.sh
@@ -19,4 +19,6 @@ test_audit() {
    register_test retvalshouldbe 0
    register_test contain "[ OK ] ^RekeyLimit[[:space:]]*512M\s+6h is present in /etc/ssh/sshd_config"
    run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
+    describe Clean test
+    pkill -9 sshd
 }
--- a/tests/hardening/ssh_disable_features.sh
+++ b/tests/hardening/ssh_disable_features.sh
@@ -25,4 +25,6 @@ test_audit() {
    register_test contain "[ OK ] ^PermitUserRC[[:space:]]*no is present in /etc/ssh/sshd_config"
    register_test contain "[ OK ] ^GatewayPorts[[:space:]]*no is present in /etc/ssh/sshd_config"
    run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
+    describe Clean test
+    pkill -9 sshd
 }
--- a/tests/hardening/ssh_strict_modes.sh
+++ b/tests/hardening/ssh_strict_modes.sh
@@ -20,4 +20,6 @@ test_audit() {
    register_test retvalshouldbe 0
    register_test contain "[ OK ] ^StrictModes[[:space:]]*yes is present in /etc/ssh/sshd_config"
    run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
+    describe Clean test
+    pkill -9 sshd
 }
--- a/tests/hardening/ssh_sys_accept_env.sh
+++ b/tests/hardening/ssh_sys_accept_env.sh
@@ -26,4 +26,6 @@ test_audit() {
    register_test retvalshouldbe 0
    register_test contain "[ OK ] ^\s*AcceptEnv\s+LANG LC_\* is present in /etc/ssh/sshd_config"
    run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
+    describe Clean test
+    pkill -9 sshd
 }
--- a/tests/hardening/sshd_ciphers.sh
+++ b/tests/hardening/sshd_ciphers.sh
@@ -19,4 +19,6 @@ test_audit() {
    register_test retvalshouldbe 0
    register_test contain "[ OK ] ^Ciphers[[:space:]]*chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr is present in /etc/ssh/sshd_config"
    run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
+    describe Clean test
+    pkill -9 sshd
 }
--- a/tests/hardening/sshd_idle_timeout.sh
+++ b/tests/hardening/sshd_idle_timeout.sh
@@ -20,4 +20,6 @@ test_audit() {
    register_test contain "[ OK ] ^ClientAliveInterval[[:space:]]*300 is present in /etc/ssh/sshd_config"
    register_test contain "[ OK ] ^ClientAliveCountMax[[:space:]]*0 is present in /etc/ssh/sshd_config"
    run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
+    describe Clean test
+    pkill -9 sshd
 }
--- a/tests/hardening/sshd_limit_access.sh
+++ b/tests/hardening/sshd_limit_access.sh
@@ -127,4 +127,6 @@ test_audit() {
    userdel janeallow
    userdel peterdeny
    userdel marrydeny
+    describe Clean test
+    pkill -9 sshd
 }
--- a/tests/hardening/sshd_login_grace_time.sh
+++ b/tests/hardening/sshd_login_grace_time.sh
@@ -19,4 +19,6 @@ test_audit() {
    register_test retvalshouldbe 0
    register_test contain "[ OK ] ^LoginGraceTime[[:space:]]*60 is present in /etc/ssh/sshd_config"
    run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
+    describe Clean test
+    pkill -9 sshd
 }
--- a/tests/hardening/sshd_loglevel.sh
+++ b/tests/hardening/sshd_loglevel.sh
@@ -25,4 +25,6 @@ test_audit() {
    describe Checking custom conf
    register_test retvalshouldbe 0
    run customconf "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
+    describe Clean test
+    pkill -9 sshd
 }
--- a/tests/hardening/sshd_maxauthtries.sh
+++ b/tests/hardening/sshd_maxauthtries.sh
@@ -35,4 +35,6 @@ test_audit() {
    register_test retvalshouldbe 0
    register_test contain "[ OK ] ^MaxAuthTries[[:space:]]*4 is present in /etc/ssh/sshd_config"
    run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
+    describe Clean test
+    pkill -9 sshd
 }
--- a/tests/hardening/sshd_protocol.sh
+++ b/tests/hardening/sshd_protocol.sh
@@ -20,4 +20,6 @@ test_audit() {
    register_test contain "[ OK ] ^Protocol[[:space:]]*2 is present in /etc/ssh/sshd_config"
    run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all

+    describe clean test
+    pkill -9 sshd
 }