mirror of
https://github.com/jtesta/ssh-audit.git
synced 2024-11-22 02:21:40 +01:00
Print client IP in output when doing policy audits.
This commit is contained in:
parent
cb54c2bf33
commit
b27d768c79
15
ssh-audit.py
15
ssh-audit.py
@ -3233,7 +3233,7 @@ def output(aconf: AuditConf, banner: Optional[SSH.Banner], header: List[str], cl
|
|||||||
return program_retval
|
return program_retval
|
||||||
|
|
||||||
|
|
||||||
def evaluate_policy(aconf: AuditConf, banner: Optional['SSH.Banner'], kex: Optional['SSH2.Kex'] = None) -> bool:
|
def evaluate_policy(aconf: AuditConf, banner: Optional['SSH.Banner'], client_host: Optional[str], kex: Optional['SSH2.Kex'] = None) -> bool:
|
||||||
|
|
||||||
if aconf.policy is None:
|
if aconf.policy is None:
|
||||||
raise RuntimeError('Internal error: cannot evaluate against null Policy!')
|
raise RuntimeError('Internal error: cannot evaluate against null Policy!')
|
||||||
@ -3243,9 +3243,14 @@ def evaluate_policy(aconf: AuditConf, banner: Optional['SSH.Banner'], kex: Optio
|
|||||||
json_struct = {'host': aconf.host, 'policy': aconf.policy.get_name_and_version(), 'passed': passed, 'errors': errors}
|
json_struct = {'host': aconf.host, 'policy': aconf.policy.get_name_and_version(), 'passed': passed, 'errors': errors}
|
||||||
print(json.dumps(json_struct, sort_keys=True))
|
print(json.dumps(json_struct, sort_keys=True))
|
||||||
else:
|
else:
|
||||||
print("Host: %s" % aconf.host)
|
spacing = ''
|
||||||
print("Policy: %s" % aconf.policy.get_name_and_version())
|
if aconf.client_audit:
|
||||||
print("Result: ", end='')
|
print("Client IP: %s" % client_host)
|
||||||
|
spacing = " " # So the fields below line up with 'Client IP: '.
|
||||||
|
else:
|
||||||
|
print("Host: %s" % aconf.host)
|
||||||
|
print("Policy: %s%s" % (spacing, aconf.policy.get_name_and_version()))
|
||||||
|
print("Result: %s" % spacing, end='')
|
||||||
if passed:
|
if passed:
|
||||||
out.good("✔ Passed")
|
out.good("✔ Passed")
|
||||||
else:
|
else:
|
||||||
@ -3554,7 +3559,7 @@ def audit(aconf: AuditConf, sshv: Optional[int] = None, print_target: bool = Fal
|
|||||||
|
|
||||||
# This is a policy test.
|
# This is a policy test.
|
||||||
elif (aconf.policy is not None) and (aconf.make_policy is False):
|
elif (aconf.policy is not None) and (aconf.make_policy is False):
|
||||||
program_retval = PROGRAM_RETVAL_GOOD if evaluate_policy(aconf, banner, kex=kex) else PROGRAM_RETVAL_FAILURE
|
program_retval = PROGRAM_RETVAL_GOOD if evaluate_policy(aconf, banner, s.client_host, kex=kex) else PROGRAM_RETVAL_FAILURE
|
||||||
|
|
||||||
# A new policy should be made from this scan.
|
# A new policy should be made from this scan.
|
||||||
elif (aconf.policy is None) and (aconf.make_policy is True):
|
elif (aconf.policy is None) and (aconf.make_policy is True):
|
||||||
|
Loading…
Reference in New Issue
Block a user