forked from evolix/evocheck
Fixed check_sshpermitrootno to check real configuration
This commit is contained in:
parent
b8496e754d
commit
18c531325d
|
@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|||
|
||||
## [Unreleased]
|
||||
|
||||
### Fixed
|
||||
|
||||
- Fixed check_sshpermitrootno to check real configuration
|
||||
|
||||
## [22.06] - 2022-06-16
|
||||
|
||||
### Changed
|
||||
|
|
|
@ -248,9 +248,8 @@ check_usrsharescripts(){
|
|||
test "$expected" = "$actual" || failed "IS_USRSHARESCRIPTS" "/usr/share/scripts must be 700"
|
||||
}
|
||||
check_sshpermitrootno() {
|
||||
if grep -q "^PermitRoot" /etc/ssh/sshd_config; then
|
||||
grep -E -qi "PermitRoot.*no" /etc/ssh/sshd_config \
|
||||
|| failed "IS_SSHPERMITROOTNO" "PermitRoot should be set at no"
|
||||
if ! (sshd -T -C addr=,user=,host=,laddr=,lport=0,rdomain= | grep -q 'permitrootlogin no'); then
|
||||
failed "IS_SSHPERMITROOTNO" "PermitRoot should be set to no"
|
||||
fi
|
||||
}
|
||||
check_evomaintenanceusers(){
|
||||
|
|
Loading…
Reference in a new issue