free/freedombonee
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Detect potential ssh login attacks

Browse Source
This commit is contained in:
Bob Mottram 2018-02-14 12:11:50 +00:00
parent 159bff133f
commit 2e72583677
3 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/freedombone-tests
View File

@ -892,6 +892,12 @@ function test_stig {
output "SV-86927r2_rule" $? ${SETLANG} output "SV-86927r2_rule" $? ${SETLANG}
################ ################
##Check that pam_python is not installed
bash $STIG_TESTS_DIR/check-ssh.sh pam_python >/dev/null 2>&1 &
stig_spinner $!
output "SV-86724r2_rule" $? ${SETLANG}
################
##RHEL-06-000247 ##RHEL-06-000247
##The system clock must be synchronized continuously, or at least daily. ##The system clock must be synchronized continuously, or at least daily.

5
tests/check-ssh.sh
View File

@ -194,4 +194,9 @@ case $1 in
exit 1 exit 1
fi fi
;; ;;
pam_python)
if grep -q 'pam_python' /etc/pam.d/sshd; then
exit 1
fi
;;
esac esac

5
tests/output.sh
View File

@ -119,6 +119,11 @@ Check_content: Verify the SSH private host key files have mode "0600" or less pe
printf '\n######################\n\nThis system is not intended to support graphical output\n\n######################\n\n' >> $LOG printf '\n######################\n\nThis system is not intended to support graphical output\n\n######################\n\n' >> $LOG
fi fi
;; ;;
SV-86724r2_rule) log_msg $2 'Dont allow pam_python.'
if [ $2 -ne 0 ];then
printf '\n######################\n\npam_python within /etc/pam.d/sshd could indicate a possible attack on ssh logins.\n\n######################\n\n' >> $LOG
fi
;;
V-38455) if [ "$3" = "en" ]; then V-38455) if [ "$3" = "en" ]; then
log_msg $2 'The system must use a separate file system for /tmp.' log_msg $2 'The system must use a separate file system for /tmp.'
else else