ssh-baseline icon indicating copy to clipboard operation
ssh-baseline copied to clipboard

Published 20 hours ago verified publisher icon dev-sec

30 instead of 30s in sshd-18

Open micheelengronne opened this issue 4 years ago • 5 comments

Is your feature request related to a problem? Please describe. I use https://github.com/dev-sec/cis-dil-benchmark as well as this profile. In the cis profile the check is '<60'. To put '30s' instead of '30' makes this check red.

Describe the solution you'd like Use '30' instead of '30s'.

Describe alternatives you've considered Disable this check and rely only on the one provided by the cis profile.

micheelengronne avatar Apr 16 '20 14:04 micheelengronne

we should probably implement the same approach as for cis dil https://github.com/dev-sec/cis-dil-benchmark/pull/77/files#diff-3706714fcee91eea31b371bd982f1284R233

chris-rock avatar Apr 16 '20 15:04 chris-rock

yes, but the current one is more restrictive than the CIS one. Should we use the 60 of the CIS or the 30 of this one ?

micheelengronne avatar Apr 17 '20 09:04 micheelengronne

We have many cases where the CIS rules are not necessarily restrictive. I think we should make that optional, so that those baseline can be executed together. Therefore we should create an attribute and keep the default value at 30s for now. Would that help with your issue?

chris-rock avatar Apr 17 '20 10:04 chris-rock

I think just by removing the s at the end of 30s both profiles are compatible. CIS just checks that the value is under 60 and it canno't compare the value with the final s as it is not an int. By removing that s, CIS can compare and as 30<60, both profiles are compatible.

micheelengronne avatar Apr 17 '20 13:04 micheelengronne

https://github.com/dev-sec/ssh-baseline/pull/153

micheelengronne avatar May 08 '20 11:05 micheelengronne