Fixed check_sshpermitrootno to check real configuration

2022-08-04 15:27:04 +02:00 · 2022-08-04 15:27:04 +02:00 · 18c531325d
parent b8496e754d
commit 18c531325d
2 changed files with 6 additions and 3 deletions
--- a/4
+++ b/4
@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

 ## [Unreleased]

+### Fixed
+
+- Fixed check_sshpermitrootno to check real configuration
+
 ## [22.06] - 2022-06-16

 ### Changed
--- a/evocheck.sh
+++ b/evocheck.sh
@ -248,9 +248,8 @@ check_usrsharescripts(){
    test "$expected" = "$actual" || failed "IS_USRSHARESCRIPTS" "/usr/share/scripts must be 700"
 }
 check_sshpermitrootno() {
-    if grep -q "^PermitRoot" /etc/ssh/sshd_config; then
-        grep -E -qi "PermitRoot.*no" /etc/ssh/sshd_config \
-            || failed "IS_SSHPERMITROOTNO" "PermitRoot should be set at no"
+    if ! (sshd -T -C addr=,user=,host=,laddr=,lport=0,rdomain= | grep -q 'permitrootlogin no'); then
+       failed "IS_SSHPERMITROOTNO" "PermitRoot should be set to no"
    fi
 }
 check_evomaintenanceusers(){