DEV Community

Discussion on: Shifting Left Securely With inSpec

Collapse
 
melezhik profile image
Alexey Melezhik • Edited

Hi Matt!

> grep "^Protocol" /etc/ssh/sshd_config | sed 's/Protocol //'

Latest ubuntu sshd has no protocol in ssd_config ( see ubuntuforums.org/showthread.php?t=... ), so I'd write something like that using ssh-bulk-check:

cmd.sh

echo "=== sshd version check ==="

sudo dpkg --list|grep openssh-server

(echo -e 'protocol: '; sudo grep "^Protocol" /etc/ssh/sshd_config | sed 's/Protocol //')

echo "==="

state.check

note: === ssh version check ===

between: { 'sshd version check' } { '===' }

  regexp: 'openssh-server' \s+ '1:7' || 'protocol:' \s+ 2

end:

result:

14:20:53 04/30/2019 [check my hosts] start check host [192.168.0.1]
14:20:53 04/30/2019 [check my hosts] === ssh config check ===
14:20:53 04/30/2019 [check my hosts] -rw-r--r-- 1 root root 3365 Apr  4 17:04 /etc/ssh/sshd_config
14:20:53 04/30/2019 [check my hosts] OK
14:20:53 04/30/2019 [check my hosts] ===
14:20:53 04/30/2019 [check my hosts] === sshd version check ===
14:20:53 04/30/2019 [check my hosts] ii  openssh-server                      1:7.6p1-4ubuntu0.3                          amd64        secure shell (SSH) server, for secure access from
remote machines
14:20:53 04/30/2019 [check my hosts] protocol:
14:20:53 04/30/2019 [check my hosts] ===
14:20:53 04/30/2019 [check my hosts] end check host [192.168.0.1]
[task check] ====================================================
[task check] check results
[task check] ====================================================
[task check] === ssh config check ===
[task check] stdout match (r) <OK> True
[task check] === ssh version check ===
[task check] stdout match (r) <'openssh-server' \s+ '1:7' || 'protocol:' \s+ 2> True