Check that openssh client and server are installed

2018-05-06 10:20:53 +01:00 · 2018-05-06 10:20:53 +01:00 · 64060a4a10
parent 31dd378f6f
commit 64060a4a10
3 changed files with 24 additions and 0 deletions
--- a/src/freedombone-tests
+++ b/src/freedombone-tests
@ -759,6 +759,12 @@ function test_stig {
    output "V-38605" $? ${SETLANG}
    ################

+    ##Check that openssh client and server are installed
+    bash scripts/check-ssh.sh installed >/dev/null 2>&1 &
+    stig_spinner $!
+    output "SV-86857r1_rule" $? ${SETLANG}
+    ################
+    
    ##RHEL-06-000227
    ##The SSH daemon must be configured to use only the SSHv2 protocol.

--- a/tests/check-ssh.sh
+++ b/tests/check-ssh.sh
@ -44,6 +44,15 @@ case $1 in
            exit 1
        fi
        ;;
+    installed)
+	OPENSSH_SERVER=`dpkg -s openssh-server | grep -i "Status:.*install.*ok.*installed" | wc -l`
+	OPENSSH_CLIENT=`dpkg -s openssh-client | grep -i "Status:.*install.*ok.*installed" | wc -l`
+	if [ ${OPENSSH_SERVER} -eq 1 -a ${OPENSSH_CLIENT} -eq 1 ];then
+	    :
+	else
+	    exit 1
+	fi	
+	;;    
    sshd_status)
        if systemctl status sshd | grep "Active:.*(running)";then
            :
--- a/tests/output.sh
+++ b/tests/output.sh
@ -1399,6 +1399,15 @@ disabled. The "nis" service can be disabled with the following commands:\n\n#upd
                  printf '\n######################\n\nSTIG-ID:RHEL-06-000224\n\nVulnerability Discussion: Due to its usage for maintenance and security-supporting tasks, enabling the cron daemon is essential.\n\nFix text: The "crond" service is used to execute commands at preconfigured times. It is required by almost all systems to perform necessary maintenance tasks, such as notifying root of system activity. The "crond" service can be enabled with the following commands:\n\n#update-rc.d cron defaults\nservice cron start\n\n######################\n\n' >> $LOG
              fi
              ;;
+    SV-86857r1_rule) if [ "$3" = "en" ]; then
+			 log_msg $2 'OpenSSH server and client must be installed.'
+		     else
+			 log_msg $2 '必须安装OpenSSH服务器和客户端'
+		     fi		     
+		     if [ $2 -ne 0 ];then
+			 printf '\n######################\n\nWithout protection of the transmitted information, confidentiality and integrity may be compromised because unprotected communications can be intercepted and either read or altered. \n\nThis requirement applies to both internal and external networks and all types of information system components from which information can be transmitted (e.g., servers, mobile devices, notebook computers, printers, copiers, scanners, and facsimile machines). Communication paths outside the physical protection of a controlled boundary are exposed to the possibility of interception and modification. \n\nProtecting the confidentiality and integrity of organizational information can be accomplished by physical means (e.g., employing physical distribution systems) or by logical means (e.g., employing cryptographic techniques). If physical means of protection are employed, logical means (cryptography) do not have to be employed, and vice versa.\n\n######################\n\n' >> $LOG
+		     fi
+		     ;;
    V-38607)  if [ "$3" = "en" ]; then
                  log_msg $2 'The SSH daemon must be configured to use only the SSHv2 protocol.'
              else