Mit dieser Funktion besteht die Möglichkeit die Konfiguration des SSH-Deamon zu auditieren.

SUMMARY_FILE=${HW_UUID}_${DATE}.txt

SECTION10 ()
{
local entry1=cat /etc/ssh/sshd_config | grep "LoginGraceTime" | wc -l
local entry2=cat /etc/ssh/sshd_config | grep "Ciphers" | wc -l
local entry3=cat /etc/ssh/sshd_config | grep "MACs" | wc -l
local entry4=cat /etc/ssh/sshd_config | grep "ChallengeResponseAuthentication" | wc -l
local entry5=cat /etc/ssh/sshd_config | grep "PasswordAuthentication" | wc -l
local entry6=cat /etc/ssh/sshd_config | grep "DenyUsers" | wc -l
local entry7=cat /etc/ssh/sshd_config | grep "ClientAliveInterval" | wc -l
local entry8=cat /etc/ssh/sshd_config | grep "maxAuthTries" | wc -l
local entry9=cat /etc/ssh/sshd_config | grep "PermitRootLogin" | wc -l
local entry10=cat /etc/ssh/sshd_config | grep "LogLevel" | wc -l
local entry11=cat /etc/ssh/sshd_config | grep "PermitEmptyPassword" | wc -l
local entry12=cat /etc/ssh/sshd_config | grep "PermitUserEnvironment" | wc -l
local entry13=cat /etc/ssh/ssh_config | grep "Protocol" | wc -l
local entry14=cat /etc/ssh/sshd_config | grep "X11Forwarding" | wc -l
local entry15=cat /etc/ssh/sshd_config | grep "ClientAliveCountMax" | wc -l


echo "\n" >>${SUMMARY_FILE}
echo "\t reading sshd settings - Key Name LoginGraceTime" | tee -a ${SUMMARY_FILE}
if [ ${entry1} == "1" ]; then
cat /etc/ssh/sshd_config | grep "LoginGraceTime" | tee -a ${SUMMARY_FILE}
else
echo "entry LoginGraceTime is not present" | tee -a ${SUMMARY_FILE}
fi
###

echo "\n" >>${SUMMARY_FILE}
echo "\t reading sshd settings - Key Name Ciphers" | tee -a ${SUMMARY_FILE}
if [ ${entry2} == "1" ]; then
cat /etc/ssh/sshd_config | grep "Ciphers" | tee -a ${SUMMARY_FILE}
else
echo "entry Ciphers is not present" | tee -a ${SUMMARY_FILE}
fi
###

echo "\n" >>${SUMMARY_FILE}
echo "\t reading sshd settings - Key Name MACs" | tee -a ${SUMMARY_FILE}
if [ ${entry3} == "1" ]; then
cat /etc/ssh/sshd_config | grep "MACs" | tee -a ${SUMMARY_FILE}
else
echo "entry MACs is not present" | tee -a ${SUMMARY_FILE}
fi
###

echo "\n" >>${SUMMARY_FILE}
echo "\t reading sshd settings - Key Name ChallengeResponseAuthentication" | tee -a ${SUMMARY_FILE}
if [ ${entry4} != "0" ]; then
cat /etc/ssh/sshd_config | grep "ChallengeResponseAuthentication" | tee -a ${SUMMARY_FILE}
else
echo "entry ChallengeResponseAuthentication is not present" | tee -a ${SUMMARY_FILE}
fi
###

echo "\n" >>${SUMMARY_FILE}
echo "\t reading sshd settings - Key Name PasswordAuthentication" | tee -a ${SUMMARY_FILE}
if [ ${entry5} != "0" ]; then
cat /etc/ssh/sshd_config | grep "PasswordAuthentication" | tee -a ${SUMMARY_FILE}
else
echo "entry PasswordAuthentication is not present" | tee -a ${SUMMARY_FILE}
fi
###

echo "\n" >>${SUMMARY_FILE}
echo "\t reading sshd settings - Key Name DenyUsers" | tee -a ${SUMMARY_FILE}
if [ ${entry6} == "1" ]; then
cat /etc/ssh/sshd_config | grep "DenyUsers" | tee -a ${SUMMARY_FILE}
else
echo "entry DenyUsers is not present" | tee -a ${SUMMARY_FILE}
fi
###

echo "\n" >>${SUMMARY_FILE}
echo "\t reading sshd settings - Key Name ClientAliveInterval" | tee -a ${SUMMARY_FILE}
if [ ${entry7} == "1" ]; then
cat /etc/ssh/sshd_config | grep "ClientAliveInterval" | tee -a ${SUMMARY_FILE}
else
echo "entry ClientAliveInterval is not present" | tee -a ${SUMMARY_FILE}
fi
###


echo "\n" >>${SUMMARY_FILE}
echo "\t reading sshd settings - Key Name maxAuthTries" | tee -a ${SUMMARY_FILE}
if [ ${entry8} == "1" ]; then
cat /etc/ssh/sshd_config | grep "maxAuthTries" | tee -a ${SUMMARY_FILE}
else
echo "entry maxAuthTries is not present" | tee -a ${SUMMARY_FILE}
fi
###


echo "\n" >>${SUMMARY_FILE}
echo "\t reading sshd settings - Key Name PermitRootLogin" | tee -a ${SUMMARY_FILE}
if [ ${entry9} != "0" ]; then
cat /etc/ssh/sshd_config | grep "PermitRootLogin" | tee -a ${SUMMARY_FILE}
else
echo "entry PermitRootLogin is not present" | tee -a ${SUMMARY_FILE}
fi
###


echo "\n" >>${SUMMARY_FILE}
echo "\t reading sshd settings - Key Name LogLevel" | tee -a ${SUMMARY_FILE}
if [ ${entry10} == "1" ]; then
cat /etc/ssh/sshd_config | grep "LogLevel" | tee -a ${SUMMARY_FILE}
else
echo "entry LogLevel is not present" | tee -a ${SUMMARY_FILE}
fi
###


echo "\n" >>${SUMMARY_FILE}
echo "\t reading sshd settings - Key Name PermitEmptyPassword" | tee -a ${SUMMARY_FILE}
if [ ${entry11} == "1" ]; then
cat /etc/ssh/sshd_config | grep "PermitEmptyPassword" | tee -a ${SUMMARY_FILE}
else
echo "entry PermitEmptyPassword is not present" | tee -a ${SUMMARY_FILE}
fi
###


echo "\n" >>${SUMMARY_FILE}
echo "\t reading sshd settings - Key Name PermitUserEnvironment" | tee -a ${SUMMARY_FILE}
if [ ${entry12} == "1" ]; then
cat /etc/ssh/sshd_config | grep "PermitUserEnvironment" | tee -a ${SUMMARY_FILE}
else
echo "entry PermitUserEnvironment is not present" | tee -a ${SUMMARY_FILE}
fi
###


echo "\n" >>${SUMMARY_FILE}
echo "\t reading sshd settings - Key Name Protocol" | tee -a ${SUMMARY_FILE}
if [ ${entry13} == "1" ]; then
cat /etc/ssh/ssh_config | grep "Protocol" | tee -a ${SUMMARY_FILE}
else
echo "entry Protocol is not present" | tee -a ${SUMMARY_FILE}
fi
###


echo "\n" >>${SUMMARY_FILE}
echo "\t reading sshd settings - Key Name X11Forwarding" | tee -a ${SUMMARY_FILE}
if [ ${entry14} != "0" ]; then
cat /etc/ssh/sshd_config | grep "X11Forwarding" | tee -a ${SUMMARY_FILE}
else
echo "entry X11Forwarding is not present" | tee -a ${SUMMARY_FILE}
fi
###


echo "\n" >>${SUMMARY_FILE}
echo "\t reading sshd settings - Key Name ClientAliveCountMax" | tee -a ${SUMMARY_FILE}
if [ ${entry15} == "1" ]; then
cat /etc/ssh/sshd_config | grep "ClientAliveCountMax" | tee -a ${SUMMARY_FILE}
else
echo "entry ClientAliveCountMax is not present" | tee -a ${SUMMARY_FILE}
fi

}
###
echo "\n" >>${SUMMARY_FILE}
cat /etc/ssh/sshd_config | tee -a ${SUMMARY_FILE}
echo "\n" >>${SUMMARY_FILE}
cat /etc/ssh/sshd_config | tee -a ${SUMMARY_FILE}

 

##
# section 10
##
GEN_SUMMARY_SEPARATOR
echo " M 2.478 Planung des sicheren Einsatzes von Mac OS X" | tee -a ${SUMMARY_FILE}
echo " M 2.479 Planung der Sicherheitsrichtlinien von Mac OS X" | tee -a ${SUMMARY_FILE}
echo " M 4.371 Konfiguration von Mac OS X Clients" | tee -a ${SUMMARY_FILE}
echo " M 5.64 Secure Shell" | tee -a ${SUMMARY_FILE}
echo " J.10. SSH Daemon" | tee -a ${SUMMARY_FILE}
SECTION10

Zum Seitenanfang