On 5/28/14, 11:55 AM, Rui Pedro Bernardino wrote:
From: Rui Bernardino<[email protected]>
Signed-off-by: Rui Bernardino<[email protected]>
---
Fedora/input/fixes/bash/sshd_disable_rhosts.sh | 1 +
.../fixes/bash/sshd_do_not_permit_user_env.sh | 1 +
.../input/fixes/bash/sshd_enable_warning_banner.sh | 1 +
.../input/fixes/bash/sshd_use_approved_ciphers.sh | 1 +
.../fixes/bash/sshd_disable_empty_passwords.sh | 6 +--
RHEL/6/input/fixes/bash/sshd_disable_rhosts.sh | 6 +--
RHEL/6/input/fixes/bash/sshd_disable_root_login.sh | 6 +--
.../fixes/bash/sshd_do_not_permit_user_env.sh | 6 +--
.../input/fixes/bash/sshd_enable_warning_banner.sh | 6 +--
RHEL/6/input/fixes/bash/sshd_set_idle_timeout.sh | 9 +---
RHEL/6/input/fixes/bash/sshd_set_keepalive.sh | 6 +--
.../input/fixes/bash/sshd_use_approved_ciphers.sh | 6 +--
.../fixes/bash/sshd_disable_empty_passwords.sh | 6 +--
RHEL/7/input/fixes/bash/sshd_disable_rhosts.sh | 6 +--
RHEL/7/input/fixes/bash/sshd_disable_root_login.sh | 6 +--
.../fixes/bash/sshd_do_not_permit_user_env.sh | 6 +--
.../input/fixes/bash/sshd_enable_warning_banner.sh | 6 +--
RHEL/7/input/fixes/bash/sshd_set_idle_timeout.sh | 9 +---
RHEL/7/input/fixes/bash/sshd_set_keepalive.sh | 6 +--
.../input/fixes/bash/sshd_use_approved_ciphers.sh | 6 +--
shared/fixes/bash/sshd_disable_empty_passwords.sh | 42 ++++++++-------
shared/fixes/bash/sshd_disable_rhosts.sh | 57 ++++++++++++++++++++
shared/fixes/bash/sshd_disable_root_login.sh | 42 ++++++++-------
shared/fixes/bash/sshd_do_not_permit_user_env.sh | 57 ++++++++++++++++++++
shared/fixes/bash/sshd_enable_warning_banner.sh | 57 ++++++++++++++++++++
shared/fixes/bash/sshd_set_idle_timeout.sh | 43 ++++++++-------
shared/fixes/bash/sshd_set_keepalive.sh | 42 ++++++++-------
shared/fixes/bash/sshd_use_approved_ciphers.sh | 57 ++++++++++++++++++++
28 files changed, 337 insertions(+), 166 deletions(-) create mode 120000
Fedora/input/fixes/bash/sshd_disable_rhosts.sh
create mode 120000 Fedora/input/fixes/bash/sshd_do_not_permit_user_env.sh
create mode 120000 Fedora/input/fixes/bash/sshd_enable_warning_banner.sh
create mode 120000 Fedora/input/fixes/bash/sshd_use_approved_ciphers.sh
mode change 100644 => 120000
RHEL/6/input/fixes/bash/sshd_disable_empty_passwords.sh
mode change 100644 => 120000 RHEL/6/input/fixes/bash/sshd_disable_rhosts.sh
mode change 100644 => 120000
RHEL/6/input/fixes/bash/sshd_disable_root_login.sh
mode change 100644 => 120000
RHEL/6/input/fixes/bash/sshd_do_not_permit_user_env.sh
mode change 100644 => 120000
RHEL/6/input/fixes/bash/sshd_enable_warning_banner.sh
mode change 100644 => 120000 RHEL/6/input/fixes/bash/sshd_set_idle_timeout.sh
mode change 100644 => 120000 RHEL/6/input/fixes/bash/sshd_set_keepalive.sh
mode change 100644 => 120000
RHEL/6/input/fixes/bash/sshd_use_approved_ciphers.sh
mode change 100644 => 120000
RHEL/7/input/fixes/bash/sshd_disable_empty_passwords.sh
mode change 100644 => 120000 RHEL/7/input/fixes/bash/sshd_disable_rhosts.sh
mode change 100644 => 120000
RHEL/7/input/fixes/bash/sshd_disable_root_login.sh
mode change 100644 => 120000
RHEL/7/input/fixes/bash/sshd_do_not_permit_user_env.sh
mode change 100644 => 120000
RHEL/7/input/fixes/bash/sshd_enable_warning_banner.sh
mode change 100644 => 120000 RHEL/7/input/fixes/bash/sshd_set_idle_timeout.sh
mode change 100644 => 120000 RHEL/7/input/fixes/bash/sshd_set_keepalive.sh
mode change 100644 => 120000
RHEL/7/input/fixes/bash/sshd_use_approved_ciphers.sh
create mode 100755 shared/fixes/bash/sshd_disable_rhosts.sh
create mode 100755 shared/fixes/bash/sshd_do_not_permit_user_env.sh
create mode 100755 shared/fixes/bash/sshd_enable_warning_banner.sh
create mode 100755 shared/fixes/bash/sshd_use_approved_ciphers.sh
Thanks, Rui! Gave a quick review and noted how you added logic to check
the various stanzas for occurrence location of various configuration
directives (e.g. in sshd_disable_empty_passwords).
The changes are a bit hard to parse as a single patch. Mind breaking
this into multiple patches?
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
