Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove redundant sshd oval macro #12532

Merged
merged 2 commits into from
Oct 24, 2024
Merged

Remove redundant sshd oval macro #12532

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
6facdeb
switch to sshd_oval_check macro
vojtapolasek Oct 24, 2024
87dd7be
remove no longer used macro
vojtapolasek Oct 24, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/oval/shared.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
{{{ oval_sshd_config(parameter="Ciphers", value="((aes128-ctr|aes192-ctr|aes256-ctr|chacha20-poly1305@openssh\.com|aes256-gcm@openssh\.com|aes128-gcm@openssh\.com),?)+") }}}
{{{ sshd_oval_check(parameter="Ciphers", value="((aes128-ctr|aes192-ctr|aes256-ctr|chacha20-poly1305@openssh\.com|aes256-gcm@openssh\.com|aes128-gcm@openssh\.com),?)+", missing_parameter_pass=false, config_is_distributed=false, datatype=string) }}}
22 changes: 0 additions & 22 deletions shared/macros/10-oval.jinja
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -546,28 +546,6 @@ datatype="{{{ datatype }}}" version="1">
</def-group>
{{%- endmacro -%}}


{{#
High level macro to check if a particular combination of parameter and value in the ssh daemon configuration file is set.
A case insensitive comparison is used in the prefix because sshd_config has case-insensitive parameters (but case-sensitive values).

:param parameter: The parameter to be checked in the configuration file.
:type parameter: str
:param value: The value to be checked. This can also be a regular expression (e.g: value1|value2 can match both values).
:type value: str
:param missing_parameter_pass: If set, the check will also pass if the parameter is not present in the configuration file (default is applied).
:type missing_parameter_pass: bool
:param multi_value: If set, it means that the parameter can accept multiple values and the expected value must be present in the current list of values.
:type multi_value: bool
:param missing_config_file_fail: If set, the check will fail if the configuration file doesn't exist in the system.
:type missing_config_file_fail: bool

#}}
{{%- macro oval_sshd_config(parameter='', value='', missing_parameter_pass=false, multi_value=false, missing_config_file_fail=false) %}}
{{{ oval_check_config_file("/etc/ssh/sshd_config", prefix_regex="^[ \\t]*(?i)", parameter=parameter, separator_regex='(?-i)[ \\t]+', value=value, missing_parameter_pass=missing_parameter_pass, application="sshd", multi_value=multi_value, missing_config_file_fail=missing_config_file_fail) }}}
{{%- endmacro %}}


{{#
High level macro to check if a particular shell variable is set.

Expand Down
Loading