diff --git a/tests/hardening/configure_ssh_max_startups.sh b/tests/hardening/configure_ssh_max_startups.sh index be8886f..6654718 100644 --- a/tests/hardening/configure_ssh_max_startups.sh +++ b/tests/hardening/configure_ssh_max_startups.sh @@ -19,4 +19,6 @@ test_audit() { register_test retvalshouldbe 0 register_test contain "[ OK ] ^maxstartups[[:space:]]*10:30:60 is present in /etc/ssh/sshd_config" run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all + describe Clean test + pkill -9 sshd } diff --git a/tests/hardening/disable_root_login.sh b/tests/hardening/disable_root_login.sh index 0070772..f0d226a 100644 --- a/tests/hardening/disable_root_login.sh +++ b/tests/hardening/disable_root_login.sh @@ -19,4 +19,6 @@ test_audit() { register_test retvalshouldbe 0 register_test contain "[ OK ] ^PermitRootLogin[[:space:]]*no is present in /etc/ssh/sshd_config" run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all + describe Clean test + pkill -9 sshd } diff --git a/tests/hardening/disable_ssh_allow_tcp_forwarding.sh b/tests/hardening/disable_ssh_allow_tcp_forwarding.sh index fe0d360..2a641c3 100644 --- a/tests/hardening/disable_ssh_allow_tcp_forwarding.sh +++ b/tests/hardening/disable_ssh_allow_tcp_forwarding.sh @@ -19,4 +19,6 @@ test_audit() { register_test retvalshouldbe 0 register_test contain "[ OK ] ^AllowTCPForwarding[[:space:]]*no is present in /etc/ssh/sshd_config" run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all + describe Clean test + pkill -9 sshd } diff --git a/tests/hardening/disable_sshd_hostbasedauthentication.sh b/tests/hardening/disable_sshd_hostbasedauthentication.sh index ebb2c14..ce3ad57 100644 --- a/tests/hardening/disable_sshd_hostbasedauthentication.sh +++ b/tests/hardening/disable_sshd_hostbasedauthentication.sh @@ -19,4 +19,6 @@ test_audit() { register_test retvalshouldbe 0 register_test contain "[ OK ] ^HostbasedAuthentication[[:space:]]*no is present in /etc/ssh/sshd_config" run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all + describe Clean test + pkill -9 sshd } diff --git a/tests/hardening/disable_sshd_permitemptypasswords.sh b/tests/hardening/disable_sshd_permitemptypasswords.sh index 33b7aa0..0d5ea8f 100644 --- a/tests/hardening/disable_sshd_permitemptypasswords.sh +++ b/tests/hardening/disable_sshd_permitemptypasswords.sh @@ -19,4 +19,6 @@ test_audit() { register_test retvalshouldbe 0 register_test contain "[ OK ] ^PermitEmptyPasswords[[:space:]]*no is present in /etc/ssh/sshd_config" run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all + describe Clean test + pkill -9 sshd } diff --git a/tests/hardening/disable_sshd_setenv.sh b/tests/hardening/disable_sshd_setenv.sh index 09b6026..41e3a44 100644 --- a/tests/hardening/disable_sshd_setenv.sh +++ b/tests/hardening/disable_sshd_setenv.sh @@ -19,4 +19,6 @@ test_audit() { register_test retvalshouldbe 0 register_test contain "[ OK ] ^PermitUserEnvironment[[:space:]]*no is present in /etc/ssh/sshd_config" run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all + describe Clean test + pkill -9 sshd } diff --git a/tests/hardening/disable_x11_forwarding.sh b/tests/hardening/disable_x11_forwarding.sh index b19b513..1b60374 100644 --- a/tests/hardening/disable_x11_forwarding.sh +++ b/tests/hardening/disable_x11_forwarding.sh @@ -19,4 +19,6 @@ test_audit() { register_test retvalshouldbe 0 register_test contain "[ OK ] ^X11Forwarding[[:space:]]*no is present in /etc/ssh/sshd_config" run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all + describe Clean test + pkill -9 sshd } diff --git a/tests/hardening/enable_ssh_pam.sh b/tests/hardening/enable_ssh_pam.sh index f2bb810..bdf1403 100644 --- a/tests/hardening/enable_ssh_pam.sh +++ b/tests/hardening/enable_ssh_pam.sh @@ -19,4 +19,6 @@ test_audit() { register_test retvalshouldbe 0 register_test contain "[ OK ] ^usepam[[:space:]]*yes is present in /etc/ssh/sshd_config" run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all + describe Clean test + pkill -9 sshd } diff --git a/tests/hardening/enable_sshd_ignorerhosts.sh b/tests/hardening/enable_sshd_ignorerhosts.sh index 959e4ea..dd0f636 100644 --- a/tests/hardening/enable_sshd_ignorerhosts.sh +++ b/tests/hardening/enable_sshd_ignorerhosts.sh @@ -19,4 +19,6 @@ test_audit() { register_test retvalshouldbe 0 register_test contain "[ OK ] ^IgnoreRhosts[[:space:]]*yes is present in /etc/ssh/sshd_config" run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all + describe Clean test + pkill -9 sshd } diff --git a/tests/hardening/limit_ssh_max_sessions.sh b/tests/hardening/limit_ssh_max_sessions.sh index 848ff7b..4865f5d 100644 --- a/tests/hardening/limit_ssh_max_sessions.sh +++ b/tests/hardening/limit_ssh_max_sessions.sh @@ -35,4 +35,6 @@ test_audit() { register_test retvalshouldbe 0 register_test contain "[ OK ] ^maxsessions[[:space:]]*10 is present in /etc/ssh/sshd_config" run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all + describe Clean test + pkill -9 sshd } diff --git a/tests/hardening/ssh_auth_pubk_only.sh b/tests/hardening/ssh_auth_pubk_only.sh index 27ca134..9a7ece0 100644 --- a/tests/hardening/ssh_auth_pubk_only.sh +++ b/tests/hardening/ssh_auth_pubk_only.sh @@ -26,4 +26,6 @@ test_audit() { register_test contain "[ OK ] ^GSSAPIAuthentication[[:space:]]+no is present in /etc/ssh/sshd_config" register_test contain "[ OK ] ^GSSAPIKeyExchange[[:space:]]+no is present in /etc/ssh/sshd_config" run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all + describe Clean test + pkill -9 sshd } diff --git a/tests/hardening/ssh_banner.sh b/tests/hardening/ssh_banner.sh index 9d5b6ce..e20f5d4 100644 --- a/tests/hardening/ssh_banner.sh +++ b/tests/hardening/ssh_banner.sh @@ -19,4 +19,6 @@ test_audit() { register_test retvalshouldbe 0 register_test contain "[ OK ] ^Banner[[:space:]]* is present in /etc/ssh/sshd_config" run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all + describe Clean test + pkill -9 sshd } diff --git a/tests/hardening/ssh_cry_kex.sh b/tests/hardening/ssh_cry_kex.sh index e20448e..1a76873 100644 --- a/tests/hardening/ssh_cry_kex.sh +++ b/tests/hardening/ssh_cry_kex.sh @@ -26,4 +26,6 @@ test_audit() { describe Checking resolved state register_test retvalshouldbe 0 run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all + describe Clean test + pkill -9 sshd } diff --git a/tests/hardening/ssh_cry_mac.sh b/tests/hardening/ssh_cry_mac.sh index 30e97ae..7a127b0 100644 --- a/tests/hardening/ssh_cry_mac.sh +++ b/tests/hardening/ssh_cry_mac.sh @@ -19,4 +19,6 @@ test_audit() { register_test retvalshouldbe 0 register_test contain "[ OK ] ^MACs[[:space:]]*hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256 is present in /etc/ssh/sshd_config" run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all + describe Clean test + pkill -9 sshd } diff --git a/tests/hardening/ssh_cry_rekey.sh b/tests/hardening/ssh_cry_rekey.sh index 5e73d99..86627b0 100644 --- a/tests/hardening/ssh_cry_rekey.sh +++ b/tests/hardening/ssh_cry_rekey.sh @@ -19,4 +19,6 @@ test_audit() { register_test retvalshouldbe 0 register_test contain "[ OK ] ^RekeyLimit[[:space:]]*512M\s+6h is present in /etc/ssh/sshd_config" run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all + describe Clean test + pkill -9 sshd } diff --git a/tests/hardening/ssh_disable_features.sh b/tests/hardening/ssh_disable_features.sh index fd835f4..594c4ad 100644 --- a/tests/hardening/ssh_disable_features.sh +++ b/tests/hardening/ssh_disable_features.sh @@ -25,4 +25,6 @@ test_audit() { register_test contain "[ OK ] ^PermitUserRC[[:space:]]*no is present in /etc/ssh/sshd_config" register_test contain "[ OK ] ^GatewayPorts[[:space:]]*no is present in /etc/ssh/sshd_config" run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all + describe Clean test + pkill -9 sshd } diff --git a/tests/hardening/ssh_strict_modes.sh b/tests/hardening/ssh_strict_modes.sh index 1607897..d9c2b5e 100644 --- a/tests/hardening/ssh_strict_modes.sh +++ b/tests/hardening/ssh_strict_modes.sh @@ -20,4 +20,6 @@ test_audit() { register_test retvalshouldbe 0 register_test contain "[ OK ] ^StrictModes[[:space:]]*yes is present in /etc/ssh/sshd_config" run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all + describe Clean test + pkill -9 sshd } diff --git a/tests/hardening/ssh_sys_accept_env.sh b/tests/hardening/ssh_sys_accept_env.sh index 5783774..0ded261 100644 --- a/tests/hardening/ssh_sys_accept_env.sh +++ b/tests/hardening/ssh_sys_accept_env.sh @@ -26,4 +26,6 @@ test_audit() { register_test retvalshouldbe 0 register_test contain "[ OK ] ^\s*AcceptEnv\s+LANG LC_\* is present in /etc/ssh/sshd_config" run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all + describe Clean test + pkill -9 sshd } diff --git a/tests/hardening/sshd_ciphers.sh b/tests/hardening/sshd_ciphers.sh index 0777ebf..e9db036 100644 --- a/tests/hardening/sshd_ciphers.sh +++ b/tests/hardening/sshd_ciphers.sh @@ -19,4 +19,6 @@ test_audit() { register_test retvalshouldbe 0 register_test contain "[ OK ] ^Ciphers[[:space:]]*chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr is present in /etc/ssh/sshd_config" run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all + describe Clean test + pkill -9 sshd } diff --git a/tests/hardening/sshd_idle_timeout.sh b/tests/hardening/sshd_idle_timeout.sh index 8242622..e5dd39e 100644 --- a/tests/hardening/sshd_idle_timeout.sh +++ b/tests/hardening/sshd_idle_timeout.sh @@ -20,4 +20,6 @@ test_audit() { register_test contain "[ OK ] ^ClientAliveInterval[[:space:]]*300 is present in /etc/ssh/sshd_config" register_test contain "[ OK ] ^ClientAliveCountMax[[:space:]]*0 is present in /etc/ssh/sshd_config" run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all + describe Clean test + pkill -9 sshd } diff --git a/tests/hardening/sshd_limit_access.sh b/tests/hardening/sshd_limit_access.sh index 3e3e971..475d992 100644 --- a/tests/hardening/sshd_limit_access.sh +++ b/tests/hardening/sshd_limit_access.sh @@ -127,4 +127,6 @@ test_audit() { userdel janeallow userdel peterdeny userdel marrydeny + describe Clean test + pkill -9 sshd } diff --git a/tests/hardening/sshd_login_grace_time.sh b/tests/hardening/sshd_login_grace_time.sh index 66616ac..da832bf 100644 --- a/tests/hardening/sshd_login_grace_time.sh +++ b/tests/hardening/sshd_login_grace_time.sh @@ -19,4 +19,6 @@ test_audit() { register_test retvalshouldbe 0 register_test contain "[ OK ] ^LoginGraceTime[[:space:]]*60 is present in /etc/ssh/sshd_config" run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all + describe Clean test + pkill -9 sshd } diff --git a/tests/hardening/sshd_loglevel.sh b/tests/hardening/sshd_loglevel.sh index 205abd4..ac1f6d8 100644 --- a/tests/hardening/sshd_loglevel.sh +++ b/tests/hardening/sshd_loglevel.sh @@ -25,4 +25,6 @@ test_audit() { describe Checking custom conf register_test retvalshouldbe 0 run customconf "${CIS_CHECKS_DIR}/${script}.sh" --audit-all + describe Clean test + pkill -9 sshd } diff --git a/tests/hardening/sshd_maxauthtries.sh b/tests/hardening/sshd_maxauthtries.sh index 66194da..812f771 100644 --- a/tests/hardening/sshd_maxauthtries.sh +++ b/tests/hardening/sshd_maxauthtries.sh @@ -35,4 +35,6 @@ test_audit() { register_test retvalshouldbe 0 register_test contain "[ OK ] ^MaxAuthTries[[:space:]]*4 is present in /etc/ssh/sshd_config" run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all + describe Clean test + pkill -9 sshd } diff --git a/tests/hardening/sshd_protocol.sh b/tests/hardening/sshd_protocol.sh index 25affb8..f7aa705 100644 --- a/tests/hardening/sshd_protocol.sh +++ b/tests/hardening/sshd_protocol.sh @@ -20,4 +20,6 @@ test_audit() { register_test contain "[ OK ] ^Protocol[[:space:]]*2 is present in /etc/ssh/sshd_config" run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all + describe clean test + pkill -9 sshd }