Browse Source

stig message for ssh agent forwarding

master
Bob Mottram 4 months ago
parent
commit
d88375fe1b
1 changed files with 13 additions and 8 deletions
  1. 13
    8
      tests/output.sh

+ 13
- 8
tests/output.sh View File

@@ -119,6 +119,11 @@ Check_content: Verify the SSH private host key files have mode "0600" or less pe
printf '\n######################\n\nThis system is not intended to support graphical output\n\n######################\n\n' >> $LOG
fi
;;
SV-81723r2_rule) log_msg $2 'Dont allow ssh agent forwarding'
if [ $2 -ne 0 ];then
printf '\n######################\n\nssh agent forwarding is not regarded as secure and can be hijacked\n\n######################\n\n' >> $LOG
fi
;;
SV-86724r2_rule) log_msg $2 'Dont allow pam_python.'
if [ $2 -ne 0 ];then
printf '\n######################\n\npam_python within /etc/pam.d/sshd could indicate a possible attack on ssh logins.\n\n######################\n\n' >> $LOG
@@ -1400,14 +1405,14 @@ disabled. The "nis" service can be disabled with the following commands:\n\n#upd
fi
;;
SV-86857r1_rule) if [ "$3" = "en" ]; then
log_msg $2 'OpenSSH server and client must be installed.'
else
log_msg $2 '必须安装OpenSSH服务器和客户端'
fi
if [ $2 -ne 0 ];then
printf '\n######################\n\nWithout protection of the transmitted information, confidentiality and integrity may be compromised because unprotected communications can be intercepted and either read or altered. \n\nThis requirement applies to both internal and external networks and all types of information system components from which information can be transmitted (e.g., servers, mobile devices, notebook computers, printers, copiers, scanners, and facsimile machines). Communication paths outside the physical protection of a controlled boundary are exposed to the possibility of interception and modification. \n\nProtecting the confidentiality and integrity of organizational information can be accomplished by physical means (e.g., employing physical distribution systems) or by logical means (e.g., employing cryptographic techniques). If physical means of protection are employed, logical means (cryptography) do not have to be employed, and vice versa.\n\n######################\n\n' >> $LOG
fi
;;
log_msg $2 'OpenSSH server and client must be installed.'
else
log_msg $2 '必须安装OpenSSH服务器和客户端'
fi
if [ $2 -ne 0 ];then
printf '\n######################\n\nWithout protection of the transmitted information, confidentiality and integrity may be compromised because unprotected communications can be intercepted and either read or altered. \n\nThis requirement applies to both internal and external networks and all types of information system components from which information can be transmitted (e.g., servers, mobile devices, notebook computers, printers, copiers, scanners, and facsimile machines). Communication paths outside the physical protection of a controlled boundary are exposed to the possibility of interception and modification. \n\nProtecting the confidentiality and integrity of organizational information can be accomplished by physical means (e.g., employing physical distribution systems) or by logical means (e.g., employing cryptographic techniques). If physical means of protection are employed, logical means (cryptography) do not have to be employed, and vice versa.\n\n######################\n\n' >> $LOG
fi
;;
V-38607) if [ "$3" = "en" ]; then
log_msg $2 'The SSH daemon must be configured to use only the SSHv2 protocol.'
else

Loading…
Cancel
Save