From b95969bbc0e8d977ac6a7cae09d94081d777fe99 Mon Sep 17 00:00:00 2001 From: Joe Testa Date: Tue, 14 Jul 2020 17:38:15 -0400 Subject: [PATCH] Policy output now more clearly prints the policy version. --- ssh-audit.py | 2 +- test/docker/expected_results/openssh_5.6p1_policy_test1.json | 2 +- test/docker/expected_results/openssh_5.6p1_policy_test1.txt | 2 +- test/docker/expected_results/openssh_5.6p1_policy_test10.json | 2 +- test/docker/expected_results/openssh_5.6p1_policy_test10.txt | 2 +- test/docker/expected_results/openssh_5.6p1_policy_test2.json | 2 +- test/docker/expected_results/openssh_5.6p1_policy_test2.txt | 2 +- test/docker/expected_results/openssh_5.6p1_policy_test3.json | 2 +- test/docker/expected_results/openssh_5.6p1_policy_test3.txt | 2 +- test/docker/expected_results/openssh_5.6p1_policy_test4.json | 2 +- test/docker/expected_results/openssh_5.6p1_policy_test4.txt | 2 +- test/docker/expected_results/openssh_5.6p1_policy_test5.json | 2 +- test/docker/expected_results/openssh_5.6p1_policy_test5.txt | 2 +- test/docker/expected_results/openssh_5.6p1_policy_test7.json | 2 +- test/docker/expected_results/openssh_5.6p1_policy_test7.txt | 2 +- test/docker/expected_results/openssh_5.6p1_policy_test8.json | 2 +- test/docker/expected_results/openssh_5.6p1_policy_test8.txt | 2 +- test/docker/expected_results/openssh_5.6p1_policy_test9.json | 2 +- test/docker/expected_results/openssh_5.6p1_policy_test9.txt | 2 +- test/docker/expected_results/openssh_8.0p1_policy_test11.json | 2 +- test/docker/expected_results/openssh_8.0p1_policy_test11.txt | 2 +- test/docker/expected_results/openssh_8.0p1_policy_test12.json | 2 +- test/docker/expected_results/openssh_8.0p1_policy_test12.txt | 2 +- test/docker/expected_results/openssh_8.0p1_policy_test13.json | 2 +- test/docker/expected_results/openssh_8.0p1_policy_test13.txt | 2 +- test/docker/expected_results/openssh_8.0p1_policy_test14.json | 2 +- test/docker/expected_results/openssh_8.0p1_policy_test14.txt | 2 +- test/docker/expected_results/openssh_8.0p1_policy_test6.json | 2 +- test/docker/expected_results/openssh_8.0p1_policy_test6.txt | 2 +- 29 files changed, 29 insertions(+), 29 deletions(-) diff --git a/ssh-audit.py b/ssh-audit.py index 9f34305..2be67fc 100755 --- a/ssh-audit.py +++ b/ssh-audit.py @@ -357,7 +357,7 @@ macs = %s def get_name_and_version(self) -> str: '''Returns a string of this Policy's name and version.''' - return '%s v%s' % (self._name, self._version) + return '%s (version %s)' % (self._name, self._version) def is_server_policy(self) -> bool: diff --git a/test/docker/expected_results/openssh_5.6p1_policy_test1.json b/test/docker/expected_results/openssh_5.6p1_policy_test1.json index 2a7d0a1..52d9e38 100644 --- a/test/docker/expected_results/openssh_5.6p1_policy_test1.json +++ b/test/docker/expected_results/openssh_5.6p1_policy_test1.json @@ -1 +1 @@ -{"errors": [], "host": "localhost", "passed": true, "policy": "Docker policy: test1 v1"} +{"errors": [], "host": "localhost", "passed": true, "policy": "Docker policy: test1 (version 1)"} diff --git a/test/docker/expected_results/openssh_5.6p1_policy_test1.txt b/test/docker/expected_results/openssh_5.6p1_policy_test1.txt index 1c00218..f570f84 100644 --- a/test/docker/expected_results/openssh_5.6p1_policy_test1.txt +++ b/test/docker/expected_results/openssh_5.6p1_policy_test1.txt @@ -1,3 +1,3 @@ Host: localhost -Policy: Docker policy: test1 v1 +Policy: Docker policy: test1 (version 1) Result: ✔ Passed diff --git a/test/docker/expected_results/openssh_5.6p1_policy_test10.json b/test/docker/expected_results/openssh_5.6p1_policy_test10.json index c21c162..69da753 100644 --- a/test/docker/expected_results/openssh_5.6p1_policy_test10.json +++ b/test/docker/expected_results/openssh_5.6p1_policy_test10.json @@ -1 +1 @@ -{"errors": ["RSA hostkey (ssh-rsa-cert-v01@openssh.com) sizes did not match. Expected: 4096; Actual: 3072", "RSA CA key (ssh-rsa-cert-v01@openssh.com) sizes did not match. Expected: 4096; Actual: 1024"], "host": "localhost", "passed": false, "policy": "Docker poliicy: test10 v1"} +{"errors": ["RSA hostkey (ssh-rsa-cert-v01@openssh.com) sizes did not match. Expected: 4096; Actual: 3072", "RSA CA key (ssh-rsa-cert-v01@openssh.com) sizes did not match. Expected: 4096; Actual: 1024"], "host": "localhost", "passed": false, "policy": "Docker poliicy: test10 (version 1)"} diff --git a/test/docker/expected_results/openssh_5.6p1_policy_test10.txt b/test/docker/expected_results/openssh_5.6p1_policy_test10.txt index d4aa850..a4d34ea 100644 --- a/test/docker/expected_results/openssh_5.6p1_policy_test10.txt +++ b/test/docker/expected_results/openssh_5.6p1_policy_test10.txt @@ -1,5 +1,5 @@ Host: localhost -Policy: Docker poliicy: test10 v1 +Policy: Docker poliicy: test10 (version 1) Result: ❌ Failed!  Errors: diff --git a/test/docker/expected_results/openssh_5.6p1_policy_test2.json b/test/docker/expected_results/openssh_5.6p1_policy_test2.json index 5a392b2..be4d87d 100644 --- a/test/docker/expected_results/openssh_5.6p1_policy_test2.json +++ b/test/docker/expected_results/openssh_5.6p1_policy_test2.json @@ -1 +1 @@ -{"errors": ["Key exchanges did not match. Expected: ['kex_alg1', 'kex_alg2']; Actual: ['diffie-hellman-group-exchange-sha256', 'diffie-hellman-group-exchange-sha1', 'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1']"], "host": "localhost", "passed": false, "policy": "Docker policy: test2 v1"} +{"errors": ["Key exchanges did not match. Expected: ['kex_alg1', 'kex_alg2']; Actual: ['diffie-hellman-group-exchange-sha256', 'diffie-hellman-group-exchange-sha1', 'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1']"], "host": "localhost", "passed": false, "policy": "Docker policy: test2 (version 1)"} diff --git a/test/docker/expected_results/openssh_5.6p1_policy_test2.txt b/test/docker/expected_results/openssh_5.6p1_policy_test2.txt index 7667922..5941b4d 100644 --- a/test/docker/expected_results/openssh_5.6p1_policy_test2.txt +++ b/test/docker/expected_results/openssh_5.6p1_policy_test2.txt @@ -1,5 +1,5 @@ Host: localhost -Policy: Docker policy: test2 v1 +Policy: Docker policy: test2 (version 1) Result: ❌ Failed!  Errors: diff --git a/test/docker/expected_results/openssh_5.6p1_policy_test3.json b/test/docker/expected_results/openssh_5.6p1_policy_test3.json index 1f1d9c6..3942903 100644 --- a/test/docker/expected_results/openssh_5.6p1_policy_test3.json +++ b/test/docker/expected_results/openssh_5.6p1_policy_test3.json @@ -1 +1 @@ -{"errors": ["Host key types did not match. Expected: ['ssh-rsa', 'ssh-dss', 'key_alg1']; Actual: ['ssh-rsa', 'ssh-dss']"], "host": "localhost", "passed": false, "policy": "Docker policy: test3 v1"} +{"errors": ["Host key types did not match. Expected: ['ssh-rsa', 'ssh-dss', 'key_alg1']; Actual: ['ssh-rsa', 'ssh-dss']"], "host": "localhost", "passed": false, "policy": "Docker policy: test3 (version 1)"} diff --git a/test/docker/expected_results/openssh_5.6p1_policy_test3.txt b/test/docker/expected_results/openssh_5.6p1_policy_test3.txt index fc6163a..2ff5b1a 100644 --- a/test/docker/expected_results/openssh_5.6p1_policy_test3.txt +++ b/test/docker/expected_results/openssh_5.6p1_policy_test3.txt @@ -1,5 +1,5 @@ Host: localhost -Policy: Docker policy: test3 v1 +Policy: Docker policy: test3 (version 1) Result: ❌ Failed!  Errors: diff --git a/test/docker/expected_results/openssh_5.6p1_policy_test4.json b/test/docker/expected_results/openssh_5.6p1_policy_test4.json index c2b3e45..3ea8346 100644 --- a/test/docker/expected_results/openssh_5.6p1_policy_test4.json +++ b/test/docker/expected_results/openssh_5.6p1_policy_test4.json @@ -1 +1 @@ -{"errors": ["Ciphers did not match. Expected: ['cipher_alg1', 'cipher_alg2']; Actual: ['aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'arcfour256', 'arcfour128', 'aes128-cbc', '3des-cbc', 'blowfish-cbc', 'cast128-cbc', 'aes192-cbc', 'aes256-cbc', 'arcfour', 'rijndael-cbc@lysator.liu.se']"], "host": "localhost", "passed": false, "policy": "Docker policy: test4 v1"} +{"errors": ["Ciphers did not match. Expected: ['cipher_alg1', 'cipher_alg2']; Actual: ['aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'arcfour256', 'arcfour128', 'aes128-cbc', '3des-cbc', 'blowfish-cbc', 'cast128-cbc', 'aes192-cbc', 'aes256-cbc', 'arcfour', 'rijndael-cbc@lysator.liu.se']"], "host": "localhost", "passed": false, "policy": "Docker policy: test4 (version 1)"} diff --git a/test/docker/expected_results/openssh_5.6p1_policy_test4.txt b/test/docker/expected_results/openssh_5.6p1_policy_test4.txt index 1465f58..670851b 100644 --- a/test/docker/expected_results/openssh_5.6p1_policy_test4.txt +++ b/test/docker/expected_results/openssh_5.6p1_policy_test4.txt @@ -1,5 +1,5 @@ Host: localhost -Policy: Docker policy: test4 v1 +Policy: Docker policy: test4 (version 1) Result: ❌ Failed!  Errors: diff --git a/test/docker/expected_results/openssh_5.6p1_policy_test5.json b/test/docker/expected_results/openssh_5.6p1_policy_test5.json index 30aaaca..4dcc20d 100644 --- a/test/docker/expected_results/openssh_5.6p1_policy_test5.json +++ b/test/docker/expected_results/openssh_5.6p1_policy_test5.json @@ -1 +1 @@ -{"errors": ["MACs did not match. Expected: ['hmac-md5', 'hmac-sha1', 'umac-64@openssh.com', 'hmac-ripemd160', 'hmac-ripemd160@openssh.com', 'hmac_alg1', 'hmac-md5-96']; Actual: ['hmac-md5', 'hmac-sha1', 'umac-64@openssh.com', 'hmac-ripemd160', 'hmac-ripemd160@openssh.com', 'hmac-sha1-96', 'hmac-md5-96']"], "host": "localhost", "passed": false, "policy": "Docker policy: test5 v1"} +{"errors": ["MACs did not match. Expected: ['hmac-md5', 'hmac-sha1', 'umac-64@openssh.com', 'hmac-ripemd160', 'hmac-ripemd160@openssh.com', 'hmac_alg1', 'hmac-md5-96']; Actual: ['hmac-md5', 'hmac-sha1', 'umac-64@openssh.com', 'hmac-ripemd160', 'hmac-ripemd160@openssh.com', 'hmac-sha1-96', 'hmac-md5-96']"], "host": "localhost", "passed": false, "policy": "Docker policy: test5 (version 1)"} diff --git a/test/docker/expected_results/openssh_5.6p1_policy_test5.txt b/test/docker/expected_results/openssh_5.6p1_policy_test5.txt index 4e5a768..109e7b0 100644 --- a/test/docker/expected_results/openssh_5.6p1_policy_test5.txt +++ b/test/docker/expected_results/openssh_5.6p1_policy_test5.txt @@ -1,5 +1,5 @@ Host: localhost -Policy: Docker policy: test5 v1 +Policy: Docker policy: test5 (version 1) Result: ❌ Failed!  Errors: diff --git a/test/docker/expected_results/openssh_5.6p1_policy_test7.json b/test/docker/expected_results/openssh_5.6p1_policy_test7.json index c78496f..cb4b860 100644 --- a/test/docker/expected_results/openssh_5.6p1_policy_test7.json +++ b/test/docker/expected_results/openssh_5.6p1_policy_test7.json @@ -1 +1 @@ -{"errors": [], "host": "localhost", "passed": true, "policy": "Docker poliicy: test7 v1"} +{"errors": [], "host": "localhost", "passed": true, "policy": "Docker poliicy: test7 (version 1)"} diff --git a/test/docker/expected_results/openssh_5.6p1_policy_test7.txt b/test/docker/expected_results/openssh_5.6p1_policy_test7.txt index 8456863..30baa8d 100644 --- a/test/docker/expected_results/openssh_5.6p1_policy_test7.txt +++ b/test/docker/expected_results/openssh_5.6p1_policy_test7.txt @@ -1,3 +1,3 @@ Host: localhost -Policy: Docker poliicy: test7 v1 +Policy: Docker poliicy: test7 (version 1) Result: ✔ Passed diff --git a/test/docker/expected_results/openssh_5.6p1_policy_test8.json b/test/docker/expected_results/openssh_5.6p1_policy_test8.json index 222d319..f20da40 100644 --- a/test/docker/expected_results/openssh_5.6p1_policy_test8.json +++ b/test/docker/expected_results/openssh_5.6p1_policy_test8.json @@ -1 +1 @@ -{"errors": ["RSA CA key (ssh-rsa-cert-v01@openssh.com) sizes did not match. Expected: 2048; Actual: 1024"], "host": "localhost", "passed": false, "policy": "Docker poliicy: test8 v1"} +{"errors": ["RSA CA key (ssh-rsa-cert-v01@openssh.com) sizes did not match. Expected: 2048; Actual: 1024"], "host": "localhost", "passed": false, "policy": "Docker poliicy: test8 (version 1)"} diff --git a/test/docker/expected_results/openssh_5.6p1_policy_test8.txt b/test/docker/expected_results/openssh_5.6p1_policy_test8.txt index 2127afc..1bca080 100644 --- a/test/docker/expected_results/openssh_5.6p1_policy_test8.txt +++ b/test/docker/expected_results/openssh_5.6p1_policy_test8.txt @@ -1,5 +1,5 @@ Host: localhost -Policy: Docker poliicy: test8 v1 +Policy: Docker poliicy: test8 (version 1) Result: ❌ Failed!  Errors: diff --git a/test/docker/expected_results/openssh_5.6p1_policy_test9.json b/test/docker/expected_results/openssh_5.6p1_policy_test9.json index 12fefc0..95fdfe3 100644 --- a/test/docker/expected_results/openssh_5.6p1_policy_test9.json +++ b/test/docker/expected_results/openssh_5.6p1_policy_test9.json @@ -1 +1 @@ -{"errors": ["RSA hostkey (ssh-rsa-cert-v01@openssh.com) sizes did not match. Expected: 4096; Actual: 3072"], "host": "localhost", "passed": false, "policy": "Docker poliicy: test9 v1"} +{"errors": ["RSA hostkey (ssh-rsa-cert-v01@openssh.com) sizes did not match. Expected: 4096; Actual: 3072"], "host": "localhost", "passed": false, "policy": "Docker poliicy: test9 (version 1)"} diff --git a/test/docker/expected_results/openssh_5.6p1_policy_test9.txt b/test/docker/expected_results/openssh_5.6p1_policy_test9.txt index b951e1c..86607c5 100644 --- a/test/docker/expected_results/openssh_5.6p1_policy_test9.txt +++ b/test/docker/expected_results/openssh_5.6p1_policy_test9.txt @@ -1,5 +1,5 @@ Host: localhost -Policy: Docker poliicy: test9 v1 +Policy: Docker poliicy: test9 (version 1) Result: ❌ Failed!  Errors: diff --git a/test/docker/expected_results/openssh_8.0p1_policy_test11.json b/test/docker/expected_results/openssh_8.0p1_policy_test11.json index aa72274..2e105ff 100644 --- a/test/docker/expected_results/openssh_8.0p1_policy_test11.json +++ b/test/docker/expected_results/openssh_8.0p1_policy_test11.json @@ -1 +1 @@ -{"errors": [], "host": "localhost", "passed": true, "policy": "Docker policy: test11 v1"} +{"errors": [], "host": "localhost", "passed": true, "policy": "Docker policy: test11 (version 1)"} diff --git a/test/docker/expected_results/openssh_8.0p1_policy_test11.txt b/test/docker/expected_results/openssh_8.0p1_policy_test11.txt index cc5d204..99edc15 100644 --- a/test/docker/expected_results/openssh_8.0p1_policy_test11.txt +++ b/test/docker/expected_results/openssh_8.0p1_policy_test11.txt @@ -1,3 +1,3 @@ Host: localhost -Policy: Docker policy: test11 v1 +Policy: Docker policy: test11 (version 1) Result: ✔ Passed diff --git a/test/docker/expected_results/openssh_8.0p1_policy_test12.json b/test/docker/expected_results/openssh_8.0p1_policy_test12.json index ebc53a6..247d9ad 100644 --- a/test/docker/expected_results/openssh_8.0p1_policy_test12.json +++ b/test/docker/expected_results/openssh_8.0p1_policy_test12.json @@ -1 +1 @@ -{"errors": ["RSA hostkey (rsa-sha2-256) sizes did not match. Expected: 4096; Actual: 3072", "RSA hostkey (rsa-sha2-512) sizes did not match. Expected: 4096; Actual: 3072", "RSA hostkey (ssh-rsa) sizes did not match. Expected: 4096; Actual: 3072"], "host": "localhost", "passed": false, "policy": "Docker policy: test12 v1"} +{"errors": ["RSA hostkey (rsa-sha2-256) sizes did not match. Expected: 4096; Actual: 3072", "RSA hostkey (rsa-sha2-512) sizes did not match. Expected: 4096; Actual: 3072", "RSA hostkey (ssh-rsa) sizes did not match. Expected: 4096; Actual: 3072"], "host": "localhost", "passed": false, "policy": "Docker policy: test12 (version 1)"} diff --git a/test/docker/expected_results/openssh_8.0p1_policy_test12.txt b/test/docker/expected_results/openssh_8.0p1_policy_test12.txt index c2406de..e2adc80 100644 --- a/test/docker/expected_results/openssh_8.0p1_policy_test12.txt +++ b/test/docker/expected_results/openssh_8.0p1_policy_test12.txt @@ -1,5 +1,5 @@ Host: localhost -Policy: Docker policy: test12 v1 +Policy: Docker policy: test12 (version 1) Result: ❌ Failed!  Errors: diff --git a/test/docker/expected_results/openssh_8.0p1_policy_test13.json b/test/docker/expected_results/openssh_8.0p1_policy_test13.json index 50edd15..e412128 100644 --- a/test/docker/expected_results/openssh_8.0p1_policy_test13.json +++ b/test/docker/expected_results/openssh_8.0p1_policy_test13.json @@ -1 +1 @@ -{"errors": [], "host": "localhost", "passed": true, "policy": "Docker policy: test13 v1"} +{"errors": [], "host": "localhost", "passed": true, "policy": "Docker policy: test13 (version 1)"} diff --git a/test/docker/expected_results/openssh_8.0p1_policy_test13.txt b/test/docker/expected_results/openssh_8.0p1_policy_test13.txt index e440c0d..7e4cc61 100644 --- a/test/docker/expected_results/openssh_8.0p1_policy_test13.txt +++ b/test/docker/expected_results/openssh_8.0p1_policy_test13.txt @@ -1,3 +1,3 @@ Host: localhost -Policy: Docker policy: test13 v1 +Policy: Docker policy: test13 (version 1) Result: ✔ Passed diff --git a/test/docker/expected_results/openssh_8.0p1_policy_test14.json b/test/docker/expected_results/openssh_8.0p1_policy_test14.json index 21aaf75..be142f4 100644 --- a/test/docker/expected_results/openssh_8.0p1_policy_test14.json +++ b/test/docker/expected_results/openssh_8.0p1_policy_test14.json @@ -1 +1 @@ -{"errors": ["Group exchange (diffie-hellman-group-exchange-sha256) modulus sizes did not match. Expected: 4096; Actual: 2048"], "host": "localhost", "passed": false, "policy": "Docker policy: test14 v1"} +{"errors": ["Group exchange (diffie-hellman-group-exchange-sha256) modulus sizes did not match. Expected: 4096; Actual: 2048"], "host": "localhost", "passed": false, "policy": "Docker policy: test14 (version 1)"} diff --git a/test/docker/expected_results/openssh_8.0p1_policy_test14.txt b/test/docker/expected_results/openssh_8.0p1_policy_test14.txt index ed08a1c..426f877 100644 --- a/test/docker/expected_results/openssh_8.0p1_policy_test14.txt +++ b/test/docker/expected_results/openssh_8.0p1_policy_test14.txt @@ -1,5 +1,5 @@ Host: localhost -Policy: Docker policy: test14 v1 +Policy: Docker policy: test14 (version 1) Result: ❌ Failed!  Errors: diff --git a/test/docker/expected_results/openssh_8.0p1_policy_test6.json b/test/docker/expected_results/openssh_8.0p1_policy_test6.json index c50d93a..04620b2 100644 --- a/test/docker/expected_results/openssh_8.0p1_policy_test6.json +++ b/test/docker/expected_results/openssh_8.0p1_policy_test6.json @@ -1 +1 @@ -{"errors": [], "host": "localhost", "passed": true, "policy": "Docker policy: test6 v1"} +{"errors": [], "host": "localhost", "passed": true, "policy": "Docker policy: test6 (version 1)"} diff --git a/test/docker/expected_results/openssh_8.0p1_policy_test6.txt b/test/docker/expected_results/openssh_8.0p1_policy_test6.txt index 64b3a3d..a32ef6d 100644 --- a/test/docker/expected_results/openssh_8.0p1_policy_test6.txt +++ b/test/docker/expected_results/openssh_8.0p1_policy_test6.txt @@ -1,3 +1,3 @@ Host: localhost -Policy: Docker policy: test6 v1 +Policy: Docker policy: test6 (version 1) Result: ✔ Passed