-
Notifications
You must be signed in to change notification settings - Fork 78
/
inspec.yml
45 lines (45 loc) · 2.02 KB
/
inspec.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
---
name: ssh-baseline
title: DevSec SSH Baseline
maintainer: DevSec Hardening Framework Team
copyright: DevSec Hardening Framework Team
copyright_email: [email protected]
license: Apache-2.0
summary: Test-suite for best-practice SSH hardening
inspec_version: '>= 4.6.3'
version: 2.8.1
supports:
- os-family: unix
inputs:
- name: sshd_valid_ciphers
description: Expected value for sshd_config ciphers
- name: sshd_valid_kexs
description: Expected value for sshd_config kexs
- name: sshd_valid_macs
description: Expected value for sshd_config macs
- name: sshd_permittunnel
description: Expected value for sshd_config PermitTunnel
- name: sshd_tcpforwarding
description: Expected value for sshd_config TcpForwarding
- name: sshd_agentforwarding
description: Expected value for sshd_config AgentForwarding
- name: sshd_gatewayports
description: Expected value for sshd_config GatewayPorts
- name: sshd_x11forwarding
description: Expected value for sshd_config X11Forwarding
- name: sshd_banner
description: Expected value for sshd_config Banner
- name: sshd_max_auth_tries
description: Expected value for max_auth_retries
- name: sshd_custom_user
description: The SSH user is not always root. It must be an unprivileged user in a container
- name: sshd_custom_path
description: Sometimes ssh configuration files are present in another location and ssh use them with the -f flag
- name: sshd_custom_port
description: Sometimes the ssh port is not 22. For instance, in a container as another user, 22 is forbidden
- name: sshd_custom_hostkeys_path
description: Sometimes ssh host keys must be in a particular path, in a clustered environment for instance
- name: ssh_custom_user
description: The SSH user is not always root. It must be an unprivileged user in a container
- name: ssh_custom_path
description: Sometimes ssh configuration files are present in another location and ssh use them with the -f flag