cnspec-policies icon indicating copy to clipboard operation
cnspec-policies copied to clipboard

Published 20 hours ago verified publisher icon mondoohq

Improve linux-security ssh PermitRootLogin test

Open mbainter opened this issue 5 months ago • 3 comments

Describe the bug The current test doesn't know how to handle multiple settings for PermitRootLogin. I already reported a bug in cnspec because it can't differentiate things like match groups. The policy gets a result of "no,no" because it sees it as two of the same option, so it fails the test.

This should loop over a list if it exists and ensure all of them are set to no. Ideally, cnspec would give you the match groups as collections of options, which can be tested in turn and reported individually.

To Reproduce Steps to reproduce the behavior:

  1. At the end of the file add this: Match Group games PermitRootLogin no
  2. run cnspec shell, and query with: sshd.config.params[PermitRootLogin]
  3. Observe the output being:
sshd.config.params[PermitRootLogin]: "no,no"

Expected behavior That output should pass the test, but it does not, because it is looking for "no" and doesn't know how to handle multiple results.

Desktop (please complete the following information):

  • OS: Linux/PopOS
  • OS Version: 22.x

mbainter avatar Jan 19 '24 22:01 mbainter