Skip to content

Commit

Permalink
Merge pull request #188 from schurzi/rsa_hostkey
Browse files Browse the repository at this point in the history 
add control for small RSA HostKey
  • Loading branch information
@micheelengronne
micheelengronne authored Jan 20, 2021
2 parents 880a01d + 0761a51 commit 258245c
Showing 1 changed file with 15 additions and 0 deletions.
15 changes: 15 additions & 0 deletions controls/sshd_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -520,3 +520,18 @@
its('commands.first') { should_not match(/-oHostKeyAlgorithms/) }
end
end

control 'sshd-50' do
impact 1.0
title 'Server: RSA HostKey size'
desc 'Verifies, that RSA HostKey is not smaller than 4096 bit'
only_if('RSA HostKey is readable') do
File.readable?("#{sshd_custom_hostkeys_path}/ssh_host_rsa_key")
end

describe bash("test $(ssh-keygen -l -f #{sshd_custom_hostkeys_path}/ssh_host_rsa_key | awk '$1 < 4096 { print $1 }' | wc -l) -eq 0") do
its('exit_status') { should eq 0 }
its('stdout') { should eq '' }
its('stderr') { should eq '' }
end
end

0 comments on commit 258245c

Please sign in to comment.