----- Original Message ----- > From: "Jan Ruzicka" > Subject: Re: [PATCH] [shared] Allow comments in sshd config directives > > Doesn't the obj_sshd_use_approved_ciphers now allow unapproved cyphers to be > appended to the list of approved ones? > What about object_sshd_allow_only_protocol2 ?
Thanks, Jan. Right, good catch. While just the removal of dollar sign would make sense for cases where sshd directive requires / allows just one value, in case of approved ciphers or SSHv2 ones you are right it might allow weaker use-case / scenario to succeed than desired. Will come with v2 of the proposal. Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Technologies Team > > On Apr 8, 2014, at 05:16, Jan Lieskovsky wrote: > > > > > When checking /etc/ssh/sshd_config for proper settings of various > > directives allow also line directive versions suffixed with comments > > (so we wouldn't report inappropriate results). > > > > Please review. > > > > Thank you && Regards, Jan. > > -- > > Jan iankko Lieskovsky / Red Hat Security Technologies > > Team<0001-shared-Allow-comments-in-sshd-config-directives.patch>_______________________________________________ > > scap-security-guide mailing list > > [email protected] > > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > > Jan Ruzicka > Senior Software Engineer > Comtech Mobile Datacom Corporation > 20430 Century Blvd, Germantown, MD 20874 > Office: 240-686-3300 > Fax: 240-686-3301 > > The information contained in this message may be privileged and/or > confidential. If you are not the intended recipient, or responsible for > delivering this message to the intended recipient, any review, forwarding, > dissemination, distribution or copying of this communication or any > attachment(s) is strictly prohibited. If you have received this message in > error, please so notify the sender immediately, and delete it and all > attachments from your computer and network. > > _______________________________________________ > scap-security-guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
