Detect potential ssh login attacks

src/freedombone-tests

@@ -892,6 +892,12 @@ function test_stig {
     output "SV-86927r2_rule" $? ${SETLANG}
     ################
 
+    ##Check that pam_python is not installed
+    bash $STIG_TESTS_DIR/check-ssh.sh pam_python >/dev/null 2>&1 &
+    stig_spinner $!
+    output "SV-86724r2_rule" $? ${SETLANG}
+    ################
+
     ##RHEL-06-000247
     ##The system clock must be synchronized continuously, or at least daily.
 

tests/check-ssh.sh

@@ -194,4 +194,9 @@ case $1 in
             exit 1
         fi
         ;;
+    pam_python)
+        if grep -q 'pam_python' /etc/pam.d/sshd; then
+            exit 1
+        fi
+        ;;
 esac

tests/output.sh

@@ -119,6 +119,11 @@ Check_content: Verify the SSH private host key files have mode "0600" or less pe
                   printf '\n######################\n\nThis system is not intended to support graphical output\n\n######################\n\n' >> $LOG
               fi
               ;;
+    SV-86724r2_rule) log_msg $2 'Dont allow pam_python.'
+              if [ $2 -ne 0 ];then
+                  printf '\n######################\n\npam_python within /etc/pam.d/sshd could indicate a possible attack on ssh logins.\n\n######################\n\n' >> $LOG
+              fi
+              ;;
     V-38455)  if [ "$3" = "en" ]; then
                   log_msg $2 'The system must use a separate file system for /tmp.'
               else