evolix/EvoBSD
21
0
Fork 0
Code Issues 2 Pull requests Releases 3 Wiki Activity

evocheck: upstream release 22.08

Browse source
This commit is contained in:
Jérémy Dubois 2022-08-04 15:37:10 +02:00
parent 48066052ac
commit 534efdcc01
1 changed files with 3 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
roles/evocheck/files/evocheck.sh
View file

@ -3,7 +3,7 @@
# EvoCheck
# Script to verify compliance of an OpenBSD server powered by Evolix
readonly VERSION="22.06"
readonly VERSION="22.08"
# base functions
@ -248,9 +248,8 @@ check_usrsharescripts(){
test "$expected" = "$actual" || failed "IS_USRSHARESCRIPTS" "/usr/share/scripts must be 700"
}
check_sshpermitrootno() {
if grep -q "^PermitRoot" /etc/ssh/sshd_config; then
grep -E -qi "PermitRoot.*no" /etc/ssh/sshd_config \
|| failed "IS_SSHPERMITROOTNO" "PermitRoot should be set at no"
if ! (sshd -T -C addr=,user=,host=,laddr=,lport=0,rdomain= | grep -q 'permitrootlogin no'); then
failed "IS_SSHPERMITROOTNO" "PermitRoot should be set to no"
fi
}
check_evomaintenanceusers(){