mirror of
https://github.com/jtesta/ssh-audit.git
synced 2025-06-21 18:23:40 +02:00
Added allow_larger_keys flag to custom policies to control whether targets can have larger keys, and added Docker tests to complete work started in PR #242.
This commit is contained in:
@ -0,0 +1,6 @@
|
||||
{
|
||||
"errors": [],
|
||||
"host": "localhost",
|
||||
"passed": true,
|
||||
"policy": "Docker policy: test17 (version 1)"
|
||||
}
|
@ -0,0 +1,3 @@
|
||||
Host: localhost:2222
|
||||
Policy: Docker policy: test17 (version 1)
|
||||
Result: [0;32m✔ Passed[0m
|
15
test/docker/policies/policy_test17.txt
Normal file
15
test/docker/policies/policy_test17.txt
Normal file
@ -0,0 +1,15 @@
|
||||
#
|
||||
# Docker policy: test17
|
||||
#
|
||||
|
||||
name = "Docker policy: test17"
|
||||
version = 1
|
||||
allow_larger_keys = true
|
||||
banner = "SSH-2.0-OpenSSH_8.0"
|
||||
compressions = none, zlib@openssh.com
|
||||
host keys = rsa-sha2-512, rsa-sha2-256, ssh-rsa, ecdsa-sha2-nistp256, ssh-ed25519
|
||||
key exchanges = curve25519-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1
|
||||
ciphers = chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com
|
||||
macs = umac-64-etm@openssh.com, umac-128-etm@openssh.com, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-sha1
|
||||
host_key_sizes = {"ssh-rsa": {"hostkey_size": 2048}, "rsa-sha2-256": {"hostkey_size": 2048}, "rsa-sha2-512": {"hostkey_size": 2048}, "ssh-ed25519": {"hostkey_size": 256}}
|
||||
dh_modulus_sizes = {"diffie-hellman-group-exchange-sha256": 2048}
|
@ -297,7 +297,7 @@ macs = mac_alg1, mac_alg2, mac_alg3'''
|
||||
pol_data = pol_data.replace(date.today().strftime('%Y/%m/%d'), '[todays date]')
|
||||
|
||||
# Instead of writing out the entire expected policy--line by line--just check that it has the expected hash.
|
||||
assert hashlib.sha256(pol_data.encode('ascii')).hexdigest() == '4b504b799f6b964a20ccbe8af7edd26c7b5f0e0b98070e754ea41dccdace33b4'
|
||||
assert hashlib.sha256(pol_data.encode('ascii')).hexdigest() == 'fb84bce442cff2bce9bf653d6373a8a938e3bfcfbd1e876f51a08c1842df3cff'
|
||||
|
||||
|
||||
def test_policy_evaluate_passing_1(self):
|
||||
|
Reference in New Issue
Block a user