usnistgov/macos_security
1
0
Fork 0
mirror of https://github.com/usnistgov/macos_security.git synced 2026-03-17 06:12:10 +00:00
Code Issues 21 Actions Packages Projects Releases Wiki Activity

fix[rules]: update SSH fix to prevent dupes

Browse Source
This commit is contained in:
Dan Brodjieski
2023-05-26 14:33:28 -04:00
parent eca5fcc7dd
commit c62c4c9c76
7 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
rules/os/os_sshd_client_alive_count_max_configure.yaml
View File

@@ -21,7 +21,7 @@ fix: |
/usr/bin/sed -i.bk "1s/.*/Include \/etc\/ssh\/sshd_config.d\/\*/" /etc/ssh/sshd_config
fi
echo "clientalivecountmax $ODV" >> "${include_dir}01-mscp-sshd.conf"
grep -qxF 'clientalivecountmax $ODV' "${include_dir}01-mscp-sshd.conf" 2>/dev/null || echo "clientalivecountmax $ODV" >> "${include_dir}01-mscp-sshd.conf"
for file in $(ls ${include_dir}); do
if [[ "$file" == "100-macos.conf" ]]; then

2
rules/os/os_sshd_client_alive_interval_configure.yaml
View File

@@ -23,7 +23,7 @@ fix: |
/usr/bin/sed -i.bk "1s/.*/Include \/etc\/ssh\/sshd_config.d\/\*/" /etc/ssh/sshd_config
fi
echo "clientaliveinterval $ODV" >> "${include_dir}01-mscp-sshd.conf"
grep -qxF 'clientaliveinterval $ODV' "${include_dir}01-mscp-sshd.conf" 2>/dev/null || echo "clientaliveinterval $ODV" >> "${include_dir}01-mscp-sshd.conf"
for file in $(ls ${include_dir}); do
if [[ "$file" == "100-macos.conf" ]]; then

2
rules/os/os_sshd_fips_140_ciphers.yaml
View File

@@ -21,7 +21,7 @@ fix: |
/usr/bin/sed -i.bk "1s/.*/Include \/etc\/ssh\/sshd_config.d\/\*/" /etc/ssh/sshd_config
fi
echo "Ciphers aes256-ctr,aes192-ctr,aes128-ctr" >> "${include_dir}01-mscp-sshd.conf"
grep -qxF 'Ciphers aes256-ctr,aes192-ctr,aes128-ctr' "${include_dir}01-mscp-sshd.conf" 2>/dev/null || echo "Ciphers aes256-ctr,aes192-ctr,aes128-ctr" >> "${include_dir}01-mscp-sshd.conf"
for file in $(ls ${include_dir}); do
if [[ "$file" == "100-macos.conf" ]]; then

2
rules/os/os_sshd_fips_140_macs.yaml
View File

@@ -21,7 +21,7 @@ fix: |
/usr/bin/sed -i.bk "1s/.*/Include \/etc\/ssh\/sshd_config.d\/\*/" /etc/ssh/sshd_config
fi
echo "MACs hmac-sha2-256,hmac-sha2-512" >> "${include_dir}01-mscp-sshd.conf"
grep -qxF 'MACs hmac-sha2-256,hmac-sha2-512' "${include_dir}01-mscp-sshd.conf" 2>/dev/null || echo "MACs hmac-sha2-256,hmac-sha2-512" >> "${include_dir}01-mscp-sshd.conf"
for file in $(ls ${include_dir}); do
if [[ "$file" == "100-macos.conf" ]]; then

2
rules/os/os_sshd_key_exchange_algorithm_configure.yaml
View File

@@ -23,7 +23,7 @@ fix: |
/usr/bin/sed -i.bk "1s/.*/Include \/etc\/ssh\/sshd_config.d\/\*/" /etc/ssh/sshd_config
fi
echo "KexAlgorithms diffie-hellman-group-exchange-sha256" >> "${include_dir}01-mscp-sshd.conf"
grep -qxF 'KexAlgorithms diffie-hellman-group-exchange-sha256' "${include_dir}01-mscp-sshd.conf" 2>/dev/null || echo "KexAlgorithms diffie-hellman-group-exchange-sha256" >> "${include_dir}01-mscp-sshd.conf"
for file in $(ls ${include_dir}); do
if [[ "$file" == "100-macos.conf" ]]; then

2
rules/os/os_sshd_login_grace_time_configure.yaml
View File

@@ -17,7 +17,7 @@ fix: |
/usr/bin/sed -i.bk "1s/.*/Include \/etc\/ssh\/sshd_config.d\/\*/" /etc/ssh/sshd_config
fi
echo "logingracetime $ODV" >> "${include_dir}01-mscp-sshd.conf"
grep -qxF 'logingracetime $ODV' "${include_dir}01-mscp-sshd.conf" 2>/dev/null || echo "logingracetime $ODV" >> "${include_dir}01-mscp-sshd.conf"
for file in $(ls ${include_dir}); do
if [[ "$file" == "100-macos.conf" ]]; then

2
rules/os/os_sshd_permit_root_login_configure.yaml
View File

@@ -19,7 +19,7 @@ fix: |
/usr/bin/sed -i.bk "1s/.*/Include \/etc\/ssh\/sshd_config.d\/\*/" /etc/ssh/sshd_config
fi
echo "permitrootlogin no" >> "${include_dir}01-mscp-sshd.conf"
grep -qxF 'permitrootlogin no' "${include_dir}01-mscp-sshd.conf" 2>/dev/null || echo "permitrootlogin no" >> "${include_dir}01-mscp-sshd.conf"
for file in $(ls ${include_dir}); do
if [[ "$file" == "100-macos.conf" ]]; then