cis-dil-benchmark icon indicating copy to clipboard operation
cis-dil-benchmark copied to clipboard
verified publisher icon dev-sec

5.2.13 fails if sshd_config is a symbolic link

Open justdan96 opened this issue 1 year ago • 0 comments

Description

I am running the benchmark against a Flatcar Linux container. On this distribution the /etc/ssh/sshd_config file is a symbolic link to /usr/share/ssh/sshd_config. This causes the 5.2.14 section to break, and a Failure to be logged.

Reproduction steps

  1. Spin up Flatcar Linux instance
  2. Run scan using command docker run -it --rm -v "$(pwd):/share" -v "$HOME/.ssh:/root/.ssh" chef/inspec exec . -t ssh://user@server -i /root/.ssh/user_key --input=cis_level=1 --chef-license accept -l debug --reporter html2:benchmark.html

Current Behavior

Section 5.2.13 is failed.

Expected Behavior

The file is read, even if is is a symbolic link, and evaluated based on contents.

OS / Environment

Flatcar

Inspec Version

chef/inspec:latest

Baseline Version

master

Additional information

Resource ./controls/5_2_ssh_server_configuration.rb:286
Test: Failed | Can't read file: /etc/ssh/sshd_config
8.1495e-05 seconds```

justdan96 avatar Jan 29 '24 11:01 justdan96