free
/
freedombone
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Check that openssh client and server are installed

Bob Mottram 6 years ago
parent
31dd378f6f
commit
64060a4a10
3 changed files with 24 additions and 0 deletions
Split View Show Diff Stats
  1. 6
    0
      src/freedombone-tests
  2. 9
    0
      tests/check-ssh.sh
  3. 9
    0
      tests/output.sh

+ 6
- 0
src/freedombone-tests View File 

@@ -759,6 +759,12 @@ function test_stig {
759 759 
     output "V-38605" $? ${SETLANG}
760 760 
     ################
761 761
762 
+    ##Check that openssh client and server are installed
763 
+    bash scripts/check-ssh.sh installed >/dev/null 2>&1 &
764 
+    stig_spinner $!
765 
+    output "SV-86857r1_rule" $? ${SETLANG}
766 
+    ################
767 
+
762 768 
     ##RHEL-06-000227
763 769 
     ##The SSH daemon must be configured to use only the SSHv2 protocol.
764 770

+ 9
- 0
tests/check-ssh.sh View File 

@@ -44,6 +44,15 @@ case $1 in
44 44 
             exit 1
45 45 
         fi
46 46 
         ;;
47 
+    installed)
48 
+	OPENSSH_SERVER=`dpkg -s openssh-server | grep -i "Status:.*install.*ok.*installed" | wc -l`
49 
+	OPENSSH_CLIENT=`dpkg -s openssh-client | grep -i "Status:.*install.*ok.*installed" | wc -l`
50 
+	if [ ${OPENSSH_SERVER} -eq 1 -a ${OPENSSH_CLIENT} -eq 1 ];then
51 
+	    :
52 
+	else
53 
+	    exit 1
54 
+	fi
55 
+	;;
47 56 
     sshd_status)
48 57 
         if systemctl status sshd | grep "Active:.*(running)";then
49 58 
             :

+ 9
- 0
tests/output.sh View File 

@@ -1399,6 +1399,15 @@ disabled. The "nis" service can be disabled with the following commands:\n\n#upd
1399 1399 
                   printf '\n######################\n\nSTIG-ID:RHEL-06-000224\n\nVulnerability Discussion: Due to its usage for maintenance and security-supporting tasks, enabling the cron daemon is essential.\n\nFix text: The "crond" service is used to execute commands at preconfigured times. It is required by almost all systems to perform necessary maintenance tasks, such as notifying root of system activity. The "crond" service can be enabled with the following commands:\n\n#update-rc.d cron defaults\nservice cron start\n\n######################\n\n' >> $LOG
1400 1400 
               fi
1401 1401 
               ;;
1402 
+    SV-86857r1_rule) if [ "$3" = "en" ]; then
1403 
+			 log_msg $2 'OpenSSH server and client must be installed.'
1404 
+		     else
1405 
+			 log_msg $2 '必须安装OpenSSH服务器和客户端'
1406 
+		     fi
1407 
+		     if [ $2 -ne 0 ];then
1408 
+			 printf '\n######################\n\nWithout protection of the transmitted information, confidentiality and integrity may be compromised because unprotected communications can be intercepted and either read or altered. \n\nThis requirement applies to both internal and external networks and all types of information system components from which information can be transmitted (e.g., servers, mobile devices, notebook computers, printers, copiers, scanners, and facsimile machines). Communication paths outside the physical protection of a controlled boundary are exposed to the possibility of interception and modification. \n\nProtecting the confidentiality and integrity of organizational information can be accomplished by physical means (e.g., employing physical distribution systems) or by logical means (e.g., employing cryptographic techniques). If physical means of protection are employed, logical means (cryptography) do not have to be employed, and vice versa.\n\n######################\n\n' >> $LOG
1409 
+		     fi
1410 
+		     ;;
1402 1411 
     V-38607)  if [ "$3" = "en" ]; then
1403 1412 
                   log_msg $2 'The SSH daemon must be configured to use only the SSHv2 protocol.'
1404 1413 
               else