ssh-baseline
ssh-baseline copied to clipboard
30 instead of 30s in sshd-18
Is your feature request related to a problem? Please describe. I use https://github.com/dev-sec/cis-dil-benchmark as well as this profile. In the cis profile the check is '<60'. To put '30s' instead of '30' makes this check red.
Describe the solution you'd like Use '30' instead of '30s'.
Describe alternatives you've considered Disable this check and rely only on the one provided by the cis profile.
we should probably implement the same approach as for cis dil https://github.com/dev-sec/cis-dil-benchmark/pull/77/files#diff-3706714fcee91eea31b371bd982f1284R233
yes, but the current one is more restrictive than the CIS one. Should we use the 60
of the CIS or the 30
of this one ?
We have many cases where the CIS rules are not necessarily restrictive. I think we should make that optional, so that those baseline can be executed together. Therefore we should create an attribute and keep the default value at 30s for now. Would that help with your issue?
I think just by removing the s
at the end of 30s
both profiles are compatible. CIS just checks that the value is under 60
and it canno't compare the value with the final s
as it is not an int
. By removing that s
, CIS can compare and as 30<60
, both profiles are compatible.
https://github.com/dev-sec/ssh-baseline/pull/153