Detect potential ssh login attacks

2018-02-14 12:11:50 +00:00 · 2018-02-14 12:11:50 +00:00 · 2e72583677
parent 159bff133f
commit 2e72583677
3 changed files with 16 additions and 0 deletions
--- a/src/freedombone-tests
+++ b/src/freedombone-tests
@ -892,6 +892,12 @@ function test_stig {
    output "SV-86927r2_rule" $? ${SETLANG}
    ################

+    ##Check that pam_python is not installed
+    bash $STIG_TESTS_DIR/check-ssh.sh pam_python >/dev/null 2>&1 &
+    stig_spinner $!
+    output "SV-86724r2_rule" $? ${SETLANG}
+    ################
+
    ##RHEL-06-000247
    ##The system clock must be synchronized continuously, or at least daily.

--- a/tests/check-ssh.sh
+++ b/tests/check-ssh.sh
@ -194,4 +194,9 @@ case $1 in
            exit 1
        fi
        ;;
+    pam_python)
+        if grep -q 'pam_python' /etc/pam.d/sshd; then
+            exit 1
+        fi
+        ;;
 esac
--- a/tests/output.sh
+++ b/tests/output.sh
@ -119,6 +119,11 @@ Check_content: Verify the SSH private host key files have mode "0600" or less pe
                  printf '\n######################\n\nThis system is not intended to support graphical output\n\n######################\n\n' >> $LOG
              fi
              ;;
+    SV-86724r2_rule) log_msg $2 'Dont allow pam_python.'
+              if [ $2 -ne 0 ];then
+                  printf '\n######################\n\npam_python within /etc/pam.d/sshd could indicate a possible attack on ssh logins.\n\n######################\n\n' >> $LOG
+              fi
+              ;;
    V-38455)  if [ "$3" = "en" ]; then
                  log_msg $2 'The system must use a separate file system for /tmp.'
              else