cnspec-policies
cnspec-policies copied to clipboard
Improve linux-security ssh PermitRootLogin test
Describe the bug The current test doesn't know how to handle multiple settings for PermitRootLogin. I already reported a bug in cnspec because it can't differentiate things like match groups. The policy gets a result of "no,no" because it sees it as two of the same option, so it fails the test.
This should loop over a list if it exists and ensure all of them are set to no. Ideally, cnspec would give you the match groups as collections of options, which can be tested in turn and reported individually.
To Reproduce Steps to reproduce the behavior:
- At the end of the file add this: Match Group games PermitRootLogin no
- run cnspec shell, and query with:
sshd.config.params[PermitRootLogin]
- Observe the output being:
sshd.config.params[PermitRootLogin]: "no,no"
Expected behavior That output should pass the test, but it does not, because it is looking for "no" and doesn't know how to handle multiple results.
Desktop (please complete the following information):
- OS: Linux/PopOS
- OS Version: 22.x