check_sshallowusers: fix unwanted sterr when /etc/ssh/sshd_condig.d does not exist

2024-03-07 17:11:17 +01:00 · 2024-03-07 17:11:17 +01:00 · 6762ced399
parent 202db682a0
commit 6762ced399
2 changed files with 16 additions and 5 deletions
--- a/linux/CHANGELOG
+++ b/linux/CHANGELOG
@ -16,6 +16,7 @@ and this project **does not adhere to [Semantic Versioning](http://semver.org/sp
 ### Fixed

 * Fix errors in some LXC checks: list only active LXC containers, add conditions to filter containers that are not in evo-standards.
+* check_sshallowusers: fix unwanted sterr when /etc/ssh/sshd_condig.d does not exist.

 ## [24.01] 2024-01-03

--- a/linux/evocheck.sh
+++ b/linux/evocheck.sh
@ -314,13 +314,23 @@ check_customcrontab() {
 }
 check_sshallowusers() {
    if is_debian_bookworm; then
-        grep -E -qir "(AllowUsers|AllowGroups)" /etc/ssh/sshd_config.d \
-            || failed "IS_SSHALLOWUSERS" "missing AllowUsers or AllowGroups directive in sshd_config.d/*"
-        grep -E -qir "(AllowUsers|AllowGroups)" /etc/ssh/sshd_config \
+        if [ -d /etc/ssh/sshd_config.d/ ]; then
+            # AllowUsers or AllowGroups should be in /etc/ssh/sshd_config.d/
+            grep -E -qir "(AllowUsers|AllowGroups)" /etc/ssh/sshd_config.d/ \
+                || failed "IS_SSHALLOWUSERS" "missing AllowUsers or AllowGroups directive in sshd_config.d/*"
+        fi
+        # AllowUsers or AllowGroups should not be in /etc/ssh/sshd_config
+        grep -E -qi "(AllowUsers|AllowGroups)" /etc/ssh/sshd_config \
            && failed "IS_SSHALLOWUSERS" "AllowUsers or AllowGroups directive present in sshd_config"
    else
-        grep -E -qir "(AllowUsers|AllowGroups)" /etc/ssh/sshd_config /etc/ssh/sshd_config.d \
-            || failed "IS_SSHALLOWUSERS" "missing AllowUsers or AllowGroups directive in sshd_config"
+        # AllowUsers or AllowGroups should be in /etc/ssh/sshd_config or /etc/ssh/sshd_config.d/
+        if [ -d /etc/ssh/sshd_config.d/ ]; then
+            grep -E -qir "(AllowUsers|AllowGroups)" /etc/ssh/sshd_config /etc/ssh/sshd_config.d/ \
+                || failed "IS_SSHALLOWUSERS" "missing AllowUsers or AllowGroups directive in sshd_config"
+        else
+            grep -E -qi "(AllowUsers|AllowGroups)" /etc/ssh/sshd_config \
+                || failed "IS_SSHALLOWUSERS" "missing AllowUsers or AllowGroups directive in sshd_config"
+        fi
    fi
 }
 check_diskperf() {