mirror of
https://github.com/jtesta/ssh-audit.git
synced 2024-11-22 10:31:41 +01:00
Weigh faults to recommend lesser evil. Colorize recommendations.
This commit is contained in:
parent
5de7b913fd
commit
5269b63e64
49
ssh-audit.py
49
ssh-audit.py
@ -1181,18 +1181,18 @@ def get_alg_recommendations(software, kex, pkm, for_server=True):
|
|||||||
if version is not None:
|
if version is not None:
|
||||||
software = SSH.Software(None, product, version, None, None)
|
software = SSH.Software(None, product, version, None, None)
|
||||||
break
|
break
|
||||||
recommendations = {'.software': software}
|
rec = {'.software': software}
|
||||||
if software is None:
|
if software is None:
|
||||||
return recommendations
|
return rec
|
||||||
for alg_pair in alg_pairs:
|
for alg_pair in alg_pairs:
|
||||||
sshv, alg_db = alg_pair[0]
|
sshv, alg_db = alg_pair[0]
|
||||||
alg_sets = alg_pair[1:]
|
alg_sets = alg_pair[1:]
|
||||||
recommendations[sshv] = {}
|
rec[sshv] = {}
|
||||||
for alg_set in alg_sets:
|
for alg_set in alg_sets:
|
||||||
alg_type, alg_list = alg_set
|
alg_type, alg_list = alg_set
|
||||||
if alg_type == 'aut':
|
if alg_type == 'aut':
|
||||||
continue
|
continue
|
||||||
recommendations[sshv][alg_type] = {'add': [], 'del': []}
|
rec[sshv][alg_type] = {'add': [], 'del': {}}
|
||||||
for n, alg_desc in alg_db[alg_type].items():
|
for n, alg_desc in alg_db[alg_type].items():
|
||||||
if alg_type == 'key' and '-cert-' in n:
|
if alg_type == 'key' and '-cert-' in n:
|
||||||
continue
|
continue
|
||||||
@ -1218,34 +1218,45 @@ def get_alg_recommendations(software, kex, pkm, for_server=True):
|
|||||||
continue
|
continue
|
||||||
adl, faults = len(alg_desc), 0
|
adl, faults = len(alg_desc), 0
|
||||||
for i in range(1, 3):
|
for i in range(1, 3):
|
||||||
if adl > i and len(alg_desc[i]) > 0:
|
if not adl > i:
|
||||||
faults += 1
|
continue
|
||||||
|
fc = len(alg_desc[i])
|
||||||
|
if fc > 0:
|
||||||
|
faults += pow(10, 2 - i) * fc
|
||||||
if n not in alg_list:
|
if n not in alg_list:
|
||||||
if faults > 0:
|
if faults > 0:
|
||||||
continue
|
continue
|
||||||
recommendations[sshv][alg_type]['add'].append(n)
|
rec[sshv][alg_type]['add'].append(n)
|
||||||
else:
|
else:
|
||||||
if faults == 0:
|
if faults == 0:
|
||||||
continue
|
continue
|
||||||
if n == 'diffie-hellman-group-exchange-sha256':
|
if n == 'diffie-hellman-group-exchange-sha256':
|
||||||
if software.compare_version('7.3') < 0:
|
if software.compare_version('7.3') < 0:
|
||||||
continue
|
continue
|
||||||
recommendations[sshv][alg_type]['del'].append(n)
|
rec[sshv][alg_type]['del'][n] = faults
|
||||||
add_count = len(recommendations[sshv][alg_type]['add'])
|
add_count = len(rec[sshv][alg_type]['add'])
|
||||||
del_count = len(recommendations[sshv][alg_type]['del'])
|
del_count = len(rec[sshv][alg_type]['del'])
|
||||||
new_alg_count = len(alg_list) + add_count - del_count
|
new_alg_count = len(alg_list) + add_count - del_count
|
||||||
|
if new_alg_count < 1 and del_count > 0:
|
||||||
|
mf, new_del = min(rec[sshv][alg_type]['del'].values()), {}
|
||||||
|
for k, v in rec[sshv][alg_type]['del'].items():
|
||||||
|
if v != mf:
|
||||||
|
new_del[k] = v
|
||||||
|
if del_count != len(new_del):
|
||||||
|
rec[sshv][alg_type]['del'] = new_del
|
||||||
|
new_alg_count += del_count - len(new_del)
|
||||||
if new_alg_count < 1:
|
if new_alg_count < 1:
|
||||||
del recommendations[sshv][alg_type]
|
del rec[sshv][alg_type]
|
||||||
else:
|
else:
|
||||||
if add_count == 0:
|
if add_count == 0:
|
||||||
del recommendations[sshv][alg_type]['add']
|
del rec[sshv][alg_type]['add']
|
||||||
if del_count == 0:
|
if del_count == 0:
|
||||||
del recommendations[sshv][alg_type]['del']
|
del rec[sshv][alg_type]['del']
|
||||||
if len(recommendations[sshv][alg_type]) == 0:
|
if len(rec[sshv][alg_type]) == 0:
|
||||||
del recommendations[sshv][alg_type]
|
del rec[sshv][alg_type]
|
||||||
if len(recommendations[sshv]) == 0:
|
if len(rec[sshv]) == 0:
|
||||||
del recommendations[sshv]
|
del rec[sshv]
|
||||||
return recommendations
|
return rec
|
||||||
|
|
||||||
|
|
||||||
def output_algorithms(title, alg_db, alg_type, algorithms, maxlen=0):
|
def output_algorithms(title, alg_db, alg_type, algorithms, maxlen=0):
|
||||||
@ -1390,6 +1401,8 @@ def output_recommendations(software, kex, pkm, padlen=0):
|
|||||||
p = '' if out.batch else ' ' * (padlen - len(name))
|
p = '' if out.batch else ' ' * (padlen - len(name))
|
||||||
if action == 'del':
|
if action == 'del':
|
||||||
an, sg, fn = 'remove', '-', out.warn
|
an, sg, fn = 'remove', '-', out.warn
|
||||||
|
if alg_rec[sshv][alg_type][action][name] >= 10:
|
||||||
|
fn = out.fail
|
||||||
else:
|
else:
|
||||||
an, sg, fn = 'append', '+', out.good
|
an, sg, fn = 'append', '+', out.good
|
||||||
b = '(SSH{0})'.format(sshv) if sshv == 1 else ''
|
b = '(SSH{0})'.format(sshv) if sshv == 1 else ''
|
||||||
|
Loading…
Reference in New Issue
Block a user