Browse Source

stig message for ssh agent forwarding

master
Bob Mottram 2 months ago
parent
commit
d88375fe1b
1 changed files with 13 additions and 8 deletions
  1. 13
    8
      tests/output.sh

+ 13
- 8
tests/output.sh View File

@@ -119,6 +119,11 @@ Check_content: Verify the SSH private host key files have mode "0600" or less pe
119 119
                   printf '\n######################\n\nThis system is not intended to support graphical output\n\n######################\n\n' >> $LOG
120 120
               fi
121 121
               ;;
122
+    SV-81723r2_rule) log_msg $2 'Dont allow ssh agent forwarding'
123
+              if [ $2 -ne 0 ];then
124
+                  printf '\n######################\n\nssh agent forwarding is not regarded as secure and can be hijacked\n\n######################\n\n' >> $LOG
125
+              fi
126
+              ;;
122 127
     SV-86724r2_rule) log_msg $2 'Dont allow pam_python.'
123 128
               if [ $2 -ne 0 ];then
124 129
                   printf '\n######################\n\npam_python within /etc/pam.d/sshd could indicate a possible attack on ssh logins.\n\n######################\n\n' >> $LOG
@@ -1400,14 +1405,14 @@ disabled. The "nis" service can be disabled with the following commands:\n\n#upd
1400 1405
               fi
1401 1406
               ;;
1402 1407
     SV-86857r1_rule) if [ "$3" = "en" ]; then
1403
-			 log_msg $2 'OpenSSH server and client must be installed.'
1404
-		     else
1405
-			 log_msg $2 '必须安装OpenSSH服务器和客户端'
1406
-		     fi		     
1407
-		     if [ $2 -ne 0 ];then
1408
-			 printf '\n######################\n\nWithout protection of the transmitted information, confidentiality and integrity may be compromised because unprotected communications can be intercepted and either read or altered. \n\nThis requirement applies to both internal and external networks and all types of information system components from which information can be transmitted (e.g., servers, mobile devices, notebook computers, printers, copiers, scanners, and facsimile machines). Communication paths outside the physical protection of a controlled boundary are exposed to the possibility of interception and modification. \n\nProtecting the confidentiality and integrity of organizational information can be accomplished by physical means (e.g., employing physical distribution systems) or by logical means (e.g., employing cryptographic techniques). If physical means of protection are employed, logical means (cryptography) do not have to be employed, and vice versa.\n\n######################\n\n' >> $LOG
1409
-		     fi
1410
-		     ;;
1408
+             log_msg $2 'OpenSSH server and client must be installed.'
1409
+             else
1410
+             log_msg $2 '必须安装OpenSSH服务器和客户端'
1411
+             fi
1412
+             if [ $2 -ne 0 ];then
1413
+             printf '\n######################\n\nWithout protection of the transmitted information, confidentiality and integrity may be compromised because unprotected communications can be intercepted and either read or altered. \n\nThis requirement applies to both internal and external networks and all types of information system components from which information can be transmitted (e.g., servers, mobile devices, notebook computers, printers, copiers, scanners, and facsimile machines). Communication paths outside the physical protection of a controlled boundary are exposed to the possibility of interception and modification. \n\nProtecting the confidentiality and integrity of organizational information can be accomplished by physical means (e.g., employing physical distribution systems) or by logical means (e.g., employing cryptographic techniques). If physical means of protection are employed, logical means (cryptography) do not have to be employed, and vice versa.\n\n######################\n\n' >> $LOG
1414
+             fi
1415
+             ;;
1411 1416
     V-38607)  if [ "$3" = "en" ]; then
1412 1417
                   log_msg $2 'The SSH daemon must be configured to use only the SSHv2 protocol.'
1413 1418
               else

Loading…
Cancel
Save