elie/ssh-audit
1
0
Fork 0
mirror of https://github.com/jtesta/ssh-audit.git synced 2025-09-07 15:06:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

Issue a warning if an out-dated policy is used.

Browse Source
This commit is contained in:
Joe Testa
2024-10-10 15:57:29 -04:00
parent d0628f6eb4
commit 720150b471
21 changed files with 62 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/ssh_audit/ssh_audit.py
View File

@@ -670,7 +670,12 @@ def evaluate_policy(out: OutputBuffer, aconf: AuditConf, banner: Optional['Banne
passed, error_struct, error_str = aconf.policy.evaluate(banner, kex)
if aconf.json:
json_struct = {'host': aconf.host, 'port': aconf.port, 'policy': aconf.policy.get_name_and_version(), 'passed': passed, 'errors': error_struct}
warnings: List[str] = []
if aconf.policy.is_outdated_builtin_policy():
warnings.append("A newer version of this built-in policy is available.")
json_struct = {'host': aconf.host, 'port': aconf.port, 'policy': aconf.policy.get_name_and_version(), 'passed': passed, 'errors': error_struct, 'warnings': warnings}
out.info(json.dumps(json_struct, indent=4 if aconf.json_print_indent else None, sort_keys=True))
else:
spacing = ''
@@ -703,6 +708,10 @@ def evaluate_policy(out: OutputBuffer, aconf: AuditConf, banner: Optional['Banne
out.fail("%sFailed!" % icon_fail)
out.warn("\nErrors:\n%s" % error_str)
# If the user selected an out-dated built-in policy then issue a warning.
if aconf.policy.is_outdated_builtin_policy():
out.warn("Note: A newer version of this built-in policy is available. Use the -L option to view all available versions.")
return passed