evolix/evocheck
evolix/evocheck
21
2
Fork 2
Code Issues 48 Pull requests 5 Releases 37 Wiki Activity

Fixed check_sshpermitrootno to check real configuration

Browse source
This commit is contained in:
Jérémy Dubois 2022-08-04 15:27:04 +02:00
parent b8496e754d
commit 18c531325d
2 changed files with 6 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
CHANGELOG
View file

@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [Unreleased] ## [Unreleased]
### Fixed
- Fixed check_sshpermitrootno to check real configuration
## [22.06] - 2022-06-16 ## [22.06] - 2022-06-16
### Changed ### Changed

5
evocheck.sh
View file

@ -248,9 +248,8 @@ check_usrsharescripts(){
test "$expected" = "$actual" || failed "IS_USRSHARESCRIPTS" "/usr/share/scripts must be 700" test "$expected" = "$actual" || failed "IS_USRSHARESCRIPTS" "/usr/share/scripts must be 700"
} }
check_sshpermitrootno() { check_sshpermitrootno() {
if grep -q "^PermitRoot" /etc/ssh/sshd_config; then if ! (sshd -T -C addr=,user=,host=,laddr=,lport=0,rdomain= | grep -q 'permitrootlogin no'); then
grep -E -qi "PermitRoot.*no" /etc/ssh/sshd_config \ failed "IS_SSHPERMITROOTNO" "PermitRoot should be set to no"
|| failed "IS_SSHPERMITROOTNO" "PermitRoot should be set at no"
fi fi
} }
check_evomaintenanceusers(){ check_evomaintenanceusers(){