print config v2 Issue #191 (#307)

* print config v2 - printconfig script - test_printconfig for tox testing - update globals for GUIDES_UPDATED date value - update ssh_audit for print_config argument and checks * pr307 update 1 * pr307 update 2 * pr307 - attempt 2 * Update ssh_audit.py Missed a TAB
2025-09-07 15:06:40 +02:00 · 2025-08-18 06:05:14 +10:00
parent 4845a8fdee
commit 1c0d3d5df1
3 changed files with 547 additions and 3 deletions
--- a/src/ssh_audit/ssh_audit.py
+++ b/src/ssh_audit/ssh_audit.py
@@ -53,6 +53,7 @@ from ssh_audit.gextest import GEXTest
 from ssh_audit.hostkeytest import HostKeyTest
 from ssh_audit.outputbuffer import OutputBuffer
 from ssh_audit.policy import Policy
+from ssh_audit.hardeningguides import PrintHardeningGuides
 from ssh_audit.product import Product
 from ssh_audit.protocol import Protocol
 from ssh_audit.software import Software
@@ -793,7 +794,11 @@ def process_commandline(out: OutputBuffer, args: List[str]) -> 'AuditConf':  # p
    parser.add_argument("--skip-rate-test", action="store_true", dest="skip_rate_test", default=False, help="skip the connection rate test during standard audits (used to safely infer whether the DHEat attack is viable)")
    parser.add_argument("--threads", action="store", dest="threads", metavar="N", type=int, default=32, help="number of threads to use when scanning multiple targets (-T/--targets) (default: %(default)s)")

-    # The mandatory target option.  Or rather, mandatory when -L, -T, or --lookup are not used.
+    # Print Suggested Configurations from : https://www.ssh-audit.com/hardening_guides.html
+    parser.add_argument("--get-hardening-guides", nargs="*", action="append", metavar="OS Ver Client/Server", dest="get_hardening_guides", type=str, default=None, help="Print suggested server or client configurations. Usage Example : Ubuntu 2404 Server")
+    parser.add_argument("--list-hardening-guides", action="store_true", dest="list_hardening_guides", default=False, help="List supported server and client configurations.")
+
+    # The mandatory target option.  Or rather, mandatory when -L, -T, --lookup or --print-config are not used.
    parser.add_argument("host", nargs="?", action="store", type=str, default="", help="target hostname or IPv4/IPv6 address")

    # If no arguments were given, print the help and exit.
@@ -805,6 +810,27 @@ def process_commandline(out: OutputBuffer, args: List[str]) -> 'AuditConf':  # p
    try:
        argument = parser.parse_args(args=args)

+        if argument.list_hardening_guides is True:
+            PrintHardeningGuides.supported_varient()
+
+        if argument.get_hardening_guides is not None:
+            print_guides = (getattr(argument, 'get_hardening_guides'))[0]
+            arg_len = len(print_guides)
+            if arg_len <= 2:
+                user_arg = ""
+                for i in range(arg_len):
+                    user_arg = user_arg + " " + str(print_guides[i])
+                print(f"\033[1mUnsupported configuration : {user_arg}\033[0m")
+                PrintHardeningGuides.supported_varient()
+            else:
+                print_guides = (getattr(argument, 'get_hardening_guides'))[0]
+                os_type = print_guides[0]
+                os_ver = print_guides[1]
+                clientserver = print_guides[2]
+
+                PrintHardeningGuides(os_type, os_ver, clientserver)
+
+
        # Set simple flags.
        aconf.client_audit = argument.client_audit
        aconf.ipv4 = argument.ipv4
@@ -889,8 +915,8 @@ def process_commandline(out: OutputBuffer, args: List[str]) -> 'AuditConf':  # p
        parser.print_help()
        sys.exit(exitcodes.UNKNOWN_ERROR)

-    if argument.host == "" and argument.client_audit is False and argument.targets is None and argument.list_policies is False and argument.lookup is None and argument.manual is False:
-        out.fail("target host must be specified, unless -c, -m, -L, -T, or --lookup are used", write_now=True)
+    if argument.host == "" and argument.client_audit is False and argument.targets is None and argument.list_policies is False and argument.lookup is None and argument.manual is False and argument.get_hardening_guides is None:
+        out.fail("target host must be specified, unless -c, -m, -L, -T, --lookup or --print-configuration are used", write_now=True)
        sys.exit(exitcodes.UNKNOWN_ERROR)

    if aconf.manual: