mirror of
https://github.com/jtesta/ssh-audit.git
synced 2024-11-25 20:11:40 +01:00
Now reports policy errors in an easier to read format. (#63)
This commit is contained in:
parent
ec76dac2fc
commit
ec48249deb
@ -375,20 +375,23 @@ macs = %s
|
|||||||
'''Transforms an error struct to a flat string of error messages.'''
|
'''Transforms an error struct to a flat string of error messages.'''
|
||||||
|
|
||||||
error_list = []
|
error_list = []
|
||||||
|
spacer = ''
|
||||||
for e in errors:
|
for e in errors:
|
||||||
e_str = "%s did not match. " % e['mismatched_field']
|
e_str = " * %s did not match.\n" % e['mismatched_field']
|
||||||
if ('expected_optional' in e) and (e['expected_optional'] != ['']):
|
if ('expected_optional' in e) and (e['expected_optional'] != ['']):
|
||||||
e_str += "Expected (required): %s; Expected (optional): %s" % (Policy._normalize_error_field(e['expected_required']), Policy._normalize_error_field(e['expected_optional']))
|
e_str += " - Expected (required): %s\n - Expected (optional): %s\n" % (Policy._normalize_error_field(e['expected_required']), Policy._normalize_error_field(e['expected_optional']))
|
||||||
|
spacer = ' '
|
||||||
else:
|
else:
|
||||||
e_str += "Expected: %s" % Policy._normalize_error_field(e['expected_required'])
|
e_str += " - Expected: %s\n" % Policy._normalize_error_field(e['expected_required'])
|
||||||
e_str += "; Actual: %s" % Policy._normalize_error_field(e['actual'])
|
spacer = ' '
|
||||||
|
e_str += " - Actual:%s%s\n" % (spacer, Policy._normalize_error_field(e['actual']))
|
||||||
error_list.append(e_str)
|
error_list.append(e_str)
|
||||||
|
|
||||||
error_list.sort() # To ensure repeatable results for testing.
|
error_list.sort() # To ensure repeatable results for testing.
|
||||||
|
|
||||||
error_str = ''
|
error_str = ''
|
||||||
if len(error_list) > 0:
|
if len(error_list) > 0:
|
||||||
error_str = " * %s" % '\n * '.join(error_list)
|
error_str = "\n".join(error_list)
|
||||||
|
|
||||||
return error_str
|
return error_str
|
||||||
|
|
||||||
@ -449,14 +452,14 @@ macs = %s
|
|||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def _normalize_error_field(field: List[str]) -> Any:
|
def _normalize_error_field(field: List[str]) -> Any:
|
||||||
'''If field is an array with a string parsable as an integer, return that integer. Otherwise, return the field unmodified.'''
|
'''If field is an array with a string parsable as an integer, return that integer. Otherwise, return the field joined with commas.'''
|
||||||
if len(field) == 1:
|
if len(field) == 1:
|
||||||
try:
|
try:
|
||||||
return int(field[0])
|
return int(field[0])
|
||||||
except ValueError:
|
except ValueError:
|
||||||
return field
|
return field[0]
|
||||||
else:
|
else:
|
||||||
return field
|
return ', '.join(field)
|
||||||
|
|
||||||
|
|
||||||
def __str__(self) -> str:
|
def __str__(self) -> str:
|
||||||
|
@ -3,5 +3,11 @@ Policy: Docker poliicy: test10 (version 1)
|
|||||||
Result: [0;31m❌ Failed![0m
|
Result: [0;31m❌ Failed![0m
|
||||||
[0;33m
|
[0;33m
|
||||||
Errors:
|
Errors:
|
||||||
* RSA CA key (ssh-rsa-cert-v01@openssh.com) sizes did not match. Expected: 4096; Actual: 1024
|
* RSA CA key (ssh-rsa-cert-v01@openssh.com) sizes did not match.
|
||||||
* RSA host key (ssh-rsa-cert-v01@openssh.com) sizes did not match. Expected: 4096; Actual: 3072[0m
|
- Expected: 4096
|
||||||
|
- Actual: 1024
|
||||||
|
|
||||||
|
* RSA host key (ssh-rsa-cert-v01@openssh.com) sizes did not match.
|
||||||
|
- Expected: 4096
|
||||||
|
- Actual: 3072
|
||||||
|
[0m
|
||||||
|
@ -3,4 +3,7 @@ Policy: Docker policy: test2 (version 1)
|
|||||||
Result: [0;31m❌ Failed![0m
|
Result: [0;31m❌ Failed![0m
|
||||||
[0;33m
|
[0;33m
|
||||||
Errors:
|
Errors:
|
||||||
* Key exchanges did not match. Expected: ['kex_alg1', 'kex_alg2']; Actual: ['diffie-hellman-group-exchange-sha256', 'diffie-hellman-group-exchange-sha1', 'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1'][0m
|
* Key exchanges did not match.
|
||||||
|
- Expected: kex_alg1, kex_alg2
|
||||||
|
- Actual: diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1
|
||||||
|
[0m
|
||||||
|
@ -3,4 +3,7 @@ Policy: Docker policy: test3 (version 1)
|
|||||||
Result: [0;31m❌ Failed![0m
|
Result: [0;31m❌ Failed![0m
|
||||||
[0;33m
|
[0;33m
|
||||||
Errors:
|
Errors:
|
||||||
* Host keys did not match. Expected: ['ssh-rsa', 'ssh-dss', 'key_alg1']; Actual: ['ssh-rsa', 'ssh-dss'][0m
|
* Host keys did not match.
|
||||||
|
- Expected: ssh-rsa, ssh-dss, key_alg1
|
||||||
|
- Actual: ssh-rsa, ssh-dss
|
||||||
|
[0m
|
||||||
|
@ -3,4 +3,7 @@ Policy: Docker policy: test4 (version 1)
|
|||||||
Result: [0;31m❌ Failed![0m
|
Result: [0;31m❌ Failed![0m
|
||||||
[0;33m
|
[0;33m
|
||||||
Errors:
|
Errors:
|
||||||
* Ciphers did not match. Expected: ['cipher_alg1', 'cipher_alg2']; Actual: ['aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'arcfour256', 'arcfour128', 'aes128-cbc', '3des-cbc', 'blowfish-cbc', 'cast128-cbc', 'aes192-cbc', 'aes256-cbc', 'arcfour', 'rijndael-cbc@lysator.liu.se'][0m
|
* Ciphers did not match.
|
||||||
|
- Expected: cipher_alg1, cipher_alg2
|
||||||
|
- Actual: aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se
|
||||||
|
[0m
|
||||||
|
@ -3,4 +3,7 @@ Policy: Docker policy: test5 (version 1)
|
|||||||
Result: [0;31m❌ Failed![0m
|
Result: [0;31m❌ Failed![0m
|
||||||
[0;33m
|
[0;33m
|
||||||
Errors:
|
Errors:
|
||||||
* MACs did not match. Expected: ['hmac-md5', 'hmac-sha1', 'umac-64@openssh.com', 'hmac-ripemd160', 'hmac-ripemd160@openssh.com', 'hmac_alg1', 'hmac-md5-96']; Actual: ['hmac-md5', 'hmac-sha1', 'umac-64@openssh.com', 'hmac-ripemd160', 'hmac-ripemd160@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'][0m
|
* MACs did not match.
|
||||||
|
- Expected: hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac_alg1, hmac-md5-96
|
||||||
|
- Actual: hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96
|
||||||
|
[0m
|
||||||
|
@ -3,4 +3,7 @@ Policy: Docker poliicy: test8 (version 1)
|
|||||||
Result: [0;31m❌ Failed![0m
|
Result: [0;31m❌ Failed![0m
|
||||||
[0;33m
|
[0;33m
|
||||||
Errors:
|
Errors:
|
||||||
* RSA CA key (ssh-rsa-cert-v01@openssh.com) sizes did not match. Expected: 2048; Actual: 1024[0m
|
* RSA CA key (ssh-rsa-cert-v01@openssh.com) sizes did not match.
|
||||||
|
- Expected: 2048
|
||||||
|
- Actual: 1024
|
||||||
|
[0m
|
||||||
|
@ -3,4 +3,7 @@ Policy: Docker poliicy: test9 (version 1)
|
|||||||
Result: [0;31m❌ Failed![0m
|
Result: [0;31m❌ Failed![0m
|
||||||
[0;33m
|
[0;33m
|
||||||
Errors:
|
Errors:
|
||||||
* RSA host key (ssh-rsa-cert-v01@openssh.com) sizes did not match. Expected: 4096; Actual: 3072[0m
|
* RSA host key (ssh-rsa-cert-v01@openssh.com) sizes did not match.
|
||||||
|
- Expected: 4096
|
||||||
|
- Actual: 3072
|
||||||
|
[0m
|
||||||
|
@ -3,4 +3,7 @@ Policy: Hardened OpenSSH Server v8.0 (version 1)
|
|||||||
Result: [0;31m❌ Failed![0m
|
Result: [0;31m❌ Failed![0m
|
||||||
[0;33m
|
[0;33m
|
||||||
Errors:
|
Errors:
|
||||||
* MACs did not match. Expected: ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com']; Actual: ['umac-64-etm@openssh.com', 'umac-128-etm@openssh.com', 'hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'hmac-sha1-etm@openssh.com', 'umac-64@openssh.com', 'umac-128@openssh.com', 'hmac-sha2-256', 'hmac-sha2-512', 'hmac-sha1'][0m
|
* MACs did not match.
|
||||||
|
- Expected: hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, umac-128-etm@openssh.com
|
||||||
|
- Actual: umac-64-etm@openssh.com, umac-128-etm@openssh.com, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-sha1
|
||||||
|
[0m
|
||||||
|
@ -3,6 +3,15 @@ Policy: Docker policy: test12 (version 1)
|
|||||||
Result: [0;31m❌ Failed![0m
|
Result: [0;31m❌ Failed![0m
|
||||||
[0;33m
|
[0;33m
|
||||||
Errors:
|
Errors:
|
||||||
* RSA host key (rsa-sha2-256) sizes did not match. Expected: 4096; Actual: 3072
|
* RSA host key (rsa-sha2-256) sizes did not match.
|
||||||
* RSA host key (rsa-sha2-512) sizes did not match. Expected: 4096; Actual: 3072
|
- Expected: 4096
|
||||||
* RSA host key (ssh-rsa) sizes did not match. Expected: 4096; Actual: 3072[0m
|
- Actual: 3072
|
||||||
|
|
||||||
|
* RSA host key (rsa-sha2-512) sizes did not match.
|
||||||
|
- Expected: 4096
|
||||||
|
- Actual: 3072
|
||||||
|
|
||||||
|
* RSA host key (ssh-rsa) sizes did not match.
|
||||||
|
- Expected: 4096
|
||||||
|
- Actual: 3072
|
||||||
|
[0m
|
||||||
|
@ -3,4 +3,7 @@ Policy: Docker policy: test14 (version 1)
|
|||||||
Result: [0;31m❌ Failed![0m
|
Result: [0;31m❌ Failed![0m
|
||||||
[0;33m
|
[0;33m
|
||||||
Errors:
|
Errors:
|
||||||
* Group exchange (diffie-hellman-group-exchange-sha256) modulus sizes did not match. Expected: 4096; Actual: 2048[0m
|
* Group exchange (diffie-hellman-group-exchange-sha256) modulus sizes did not match.
|
||||||
|
- Expected: 4096
|
||||||
|
- Actual: 2048
|
||||||
|
[0m
|
||||||
|
Loading…
Reference in New Issue
Block a user