-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcheck_sshd_key,txt
13 lines (11 loc) · 3.42 KB
/
check_sshd_key,txt
1
2
3
4
5
6
7
8
9
10
11
12
echo "IyEvdXNyL2Jpbi9lbnYgYmFzaAoKewogICAgbF9vdXRwdXQ9IiIKICAgIGxfb3V0cHV0Mj0iIgoKICAgICMgRXh0cmFjdCBTU0ggZ3JvdXAgbmFtZQogICAgbF9zc2hfZ3JvdXBfbmFtZT0iJChhd2sgLUY6ICcoJDEgfiAvXihzc2hfa2V5c3xfP3NzaCkkLykge3ByaW50ICQxfScgL2V0Yy9ncm91cCkiCgogICAgZl9maWxlX2NoaygpIHsKICAgICAgICB3aGlsZSBJRlM9OiByZWFkIC1yIGxfZmlsZV9tb2RlIGxfZmlsZV9vd25lciBsX2ZpbGVfZ3JvdXA7IGRvCiAgICAgICAgICAgIGxfb3V0Mj0iIgoKICAgICAgICAgICAgIyBEZXRlcm1pbmUgcGVybWlzc2lvbiBtYXNrCiAgICAgICAgICAgIFsgIiRsX2ZpbGVfZ3JvdXAiID0gIiRsX3NzaF9ncm91cF9uYW1lIiBdICYmIGxfcG1hc2s9IjAxMzciIHx8IGxfcG1hc2s9IjAxNzciCiAgICAgICAgICAgIGxfbWF4cGVybT0iJChwcmludGYgJyVvJyAkKCgwNzc3ICYgfiRsX3BtYXNrKSkpIgoKICAgICAgICAgICAgIyBDaGVjayBmaWxlIG1vZGUKICAgICAgICAgICAgaWYgWyAkKChsX2ZpbGVfbW9kZSAmIGxfcG1hc2spKSAtZ3QgMCBdOyB0aGVuCiAgICAgICAgICAgICAgICBsX291dDI9IiRsX291dDJcbiAtIE1vZGU6IFwiJGxfZmlsZV9tb2RlXCIgc2hvdWxkIGJlIG1vZGU6IFwiJGxfbWF4cGVybVwiIG9yIG1vcmUgcmVzdHJpY3RpdmUiCiAgICAgICAgICAgIGZpCgogICAgICAgICAgICAjIENoZWNrIGZpbGUgb3duZXJzaGlwCiAgICAgICAgICAgIGlmIFsgIiRsX2ZpbGVfb3duZXIiICE9ICJyb290IiBdOyB0aGVuCiAgICAgICAgICAgICAgICBsX291dDI9IiRsX291dDJcbiAtIE93bmVkIGJ5OiBcIiRsX2ZpbGVfb3duZXJcIiBzaG91bGQgYmUgb3duZWQgYnkgXCJyb290XCIiCiAgICAgICAgICAgIGZpCgogICAgICAgICAgICAjIENoZWNrIGdyb3VwIG93bmVyc2hpcAogICAgICAgICAgICBpZiBbWyAhICIkbF9maWxlX2dyb3VwIiA9fiAoJGxfc3NoX2dyb3VwX25hbWV8cm9vdCkgXV07IHRoZW4KICAgICAgICAgICAgICAgIGxfb3V0Mj0iJGxfb3V0MlxuIC0gT3duZWQgYnkgZ3JvdXAgXCIkbF9maWxlX2dyb3VwXCIgc2hvdWxkIGJlIGdyb3VwIG93bmVkIGJ5OiBcIiRsX3NzaF9ncm91cF9uYW1lXCIgb3IgXCJyb290XCIiCiAgICAgICAgICAgIGZpCgogICAgICAgICAgICAjIEFwcGVuZCByZXN1bHRzCiAgICAgICAgICAgIGlmIFsgLW4gIiRsX291dDIiIF07IHRoZW4KICAgICAgICAgICAgICAgIGxfb3V0cHV0Mj0iJGxfb3V0cHV0MlxuIC0gRmlsZTogXCIkbF9maWxlXCIkbF9vdXQyIgogICAgICAgICAgICBlbHNlCiAgICAgICAgICAgICAgICBsX291dHB1dD0iJGxfb3V0cHV0XG4gLSBGaWxlOiBcIiRsX2ZpbGVcIlxuICAgLSBDb3JyZWN0OiBtb2RlOiBcIiRsX2ZpbGVfbW9kZVwiLCBvd25lcjogXCIkbF9maWxlX293bmVyXCIsIGFuZCBncm91cCBvd25lcjogXCIkbF9maWxlX2dyb3VwXCIgY29uZmlndXJlZCIKICAgICAgICAgICAgZmkKICAgICAgICBkb25lIDwgPChzdGF0IC1MYyAnJSNhOiVVOiVHJyAiJGxfZmlsZSIpCiAgICB9CgogICAgIyBGaW5kIGFuZCBjaGVjayBTU0ggcHJpdmF0ZSBrZXkgZmlsZXMKICAgIHdoaWxlIElGUz0gcmVhZCAtciAtZCAkJ1wwJyBsX2ZpbGU7IGRvCiAgICAgICAgaWYgc3NoLWtleWdlbiAtbGYgJj4vZGV2L251bGwgIiRsX2ZpbGUiOyB0aGVuCiAgICAgICAgICAgIGZpbGUgIiRsX2ZpbGUiIHwgZ3JlcCAtUGlxIC0tICdcYm9wZW5zc2hcaCsoW14jXG5ccl0rXGgrKT9wcml2YXRlXGgra2V5XGInICYmIGZfZmlsZV9jaGsKICAgICAgICBmaQogICAgZG9uZSA8IDwoZmluZCAtTCAvZXRjL3NzaCAteGRldiAtdHlwZSBmIC1wcmludDAgMj4vZGV2L251bGwpCgogICAgIyBPdXRwdXQgcmVzdWx0cwogICAgaWYgWyAteiAiJGxfb3V0cHV0MiIgXTsgdGhlbgogICAgICAgIFsgLXogIiRsX291dHB1dCIgXSAmJiBsX291dHB1dD0iXG4gLSBObyBvcGVuU1NIIHByaXZhdGUga2V5cyBmb3VuZCIKICAgICAgICBlY2hvIC1lICJcbi0gQXVkaXQgUmVzdWx0OlxuICoqIFBBU1MgKipcbiAtICogQ29ycmVjdGx5IGNvbmZpZ3VyZWQgKiA6JGxfb3V0cHV0IgogICAgZWxzZQogICAgICAgIGVjaG8gLWUgIlxuLSBBdWRpdCBSZXN1bHQ6XG4gKiogRkFJTCAqKlxuIC0gKiBSZWFzb25zIGZvciBhdWRpdCBmYWlsdXJlICogOiRsX291dHB1dDJcbiIKICAgICAgICBbIC1uICIkbF9vdXRwdXQiIF0gJiYgZWNobyAtZSAiXG4gLSAqIENvcnJlY3RseSBjb25maWd1cmVkICogOlxuJGxfb3V0cHV0XG4iCiAgICBmaQp9Cg==" | base64 -d | bash
--- ] output
- Audit Result:
** PASS **
- * Correctly configured * :
- File: "/etc/ssh/ssh_host_ecdsa_key"
- Correct: mode: "0640", owner: "root", and group owner: "ssh_keys" configured
- File: "/etc/ssh/ssh_host_ed25519_key"
- Correct: mode: "0640", owner: "root", and group owner: "ssh_keys" configured
- File: "/etc/ssh/ssh_host_rsa_key"
- Correct: mode: "0640", owner: "root", and group owner: "ssh_keys" configured