ssh_scan 0.0.12.beta.1 → 0.0.12.beta.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.travis.yml +29 -10
- data/lib/ssh_scan.rb +2 -0
- data/lib/ssh_scan/policy.rb +2 -1
- data/lib/ssh_scan/policy_manager.rb +17 -1
- data/lib/ssh_scan/version.rb +1 -1
- data/policies/mozilla_intermediate.yml +2 -0
- data/policies/mozilla_modern.yml +2 -0
- data/ssh_scan.gemspec +1 -3
- metadata +2 -30
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7f118d5f4b8fd7336207b24592496e2e80e62d26
|
|
4
|
+
data.tar.gz: fedf6dc4193c8592c9ee128c1a4a7e058b1c82c9
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: fa614b3fada0296c6201dd4d1f225da156300bfedf4f1ddfbbbeeb03a89f4d15d27eae71f61b00b5d5363101fcfc7a5c4ddf59c2a1e74847b2823df95e9b0912
|
|
7
|
+
data.tar.gz: b88c3d0c431428cedff332e953a4ca692026354e24f8cca24d25d940cd35fddf134c719988c3a7745c9190bb795717ff2b5d9cd706c7f749b84fc690c36c3df4
|
data/.travis.yml
CHANGED
|
@@ -2,8 +2,37 @@ language: ruby
|
|
|
2
2
|
matrix:
|
|
3
3
|
include:
|
|
4
4
|
- rvm: ruby-head
|
|
5
|
+
env:
|
|
6
|
+
- LABEL=unit_tests
|
|
5
7
|
- rvm: 2.3.0
|
|
8
|
+
env:
|
|
9
|
+
- LABEL=unit_tests
|
|
10
|
+
- rvm: 2.2.0
|
|
11
|
+
env:
|
|
12
|
+
- LABEL=unit_tests
|
|
13
|
+
- rvm: 2.1.3
|
|
14
|
+
env:
|
|
15
|
+
- LABEL=unit_tests
|
|
16
|
+
- rvm: 2.0.0
|
|
17
|
+
env:
|
|
18
|
+
- LABEL=unit_tests
|
|
19
|
+
- rvm: 2.3.0
|
|
20
|
+
env:
|
|
21
|
+
- LABEL=gem_integration_tests
|
|
22
|
+
script:
|
|
23
|
+
- gem install ssh_scan
|
|
24
|
+
- chmod 755 ./spec/ssh_scan/integration.sh
|
|
25
|
+
- ./spec/ssh_scan/integration.sh
|
|
26
|
+
- rvm: 2.3.0
|
|
27
|
+
env:
|
|
28
|
+
- LABEL=src_integration_tests
|
|
29
|
+
script:
|
|
30
|
+
- bundle install
|
|
31
|
+
- chmod 755 ./spec/ssh_scan/integration.sh
|
|
32
|
+
- ./spec/ssh_scan/integration.sh
|
|
6
33
|
- rvm: 2.3.0
|
|
34
|
+
env:
|
|
35
|
+
- LABEL=docker_build_push
|
|
7
36
|
services:
|
|
8
37
|
- docker
|
|
9
38
|
script:
|
|
@@ -15,13 +44,3 @@ matrix:
|
|
|
15
44
|
else \
|
|
16
45
|
exit 0 ;\
|
|
17
46
|
fi
|
|
18
|
-
- rvm: 2.3.0
|
|
19
|
-
script:
|
|
20
|
-
- gem install ssh_scan
|
|
21
|
-
- rvm: 2.3.0
|
|
22
|
-
script:
|
|
23
|
-
- chmod 755 ./spec/ssh_scan/integration.sh
|
|
24
|
-
- ./spec/ssh_scan/integration.sh
|
|
25
|
-
- rvm: 2.2.0
|
|
26
|
-
- rvm: 2.1.3
|
|
27
|
-
- rvm: 2.0.0
|
data/lib/ssh_scan.rb
CHANGED
data/lib/ssh_scan/policy.rb
CHANGED
|
@@ -2,7 +2,7 @@ require 'yaml'
|
|
|
2
2
|
|
|
3
3
|
module SSHScan
|
|
4
4
|
class Policy
|
|
5
|
-
attr_reader :name, :kex, :macs, :encryption, :compression, :references
|
|
5
|
+
attr_reader :name, :kex, :macs, :encryption, :compression, :references, :auth_methods
|
|
6
6
|
|
|
7
7
|
def initialize(opts = {})
|
|
8
8
|
@name = opts['name'] || []
|
|
@@ -11,6 +11,7 @@ module SSHScan
|
|
|
11
11
|
@encryption = opts['encryption'] || []
|
|
12
12
|
@compression = opts['compression'] || []
|
|
13
13
|
@references = opts['references'] || []
|
|
14
|
+
@auth_methods = opts['auth_methods'] || []
|
|
14
15
|
end
|
|
15
16
|
|
|
16
17
|
def self.from_file(file)
|
|
@@ -88,6 +88,20 @@ module SSHScan
|
|
|
88
88
|
return outliers
|
|
89
89
|
end
|
|
90
90
|
|
|
91
|
+
def out_of_policy_auth_methods
|
|
92
|
+
target_auth_methods = @result["auth_methods"]
|
|
93
|
+
outliers = []
|
|
94
|
+
|
|
95
|
+
if not @policy.auth_methods.empty?
|
|
96
|
+
target_auth_methods.each do |auth_method|
|
|
97
|
+
if not @policy.auth_methods.include?(auth_method)
|
|
98
|
+
outliers << auth_method
|
|
99
|
+
end
|
|
100
|
+
end
|
|
101
|
+
end
|
|
102
|
+
return outliers
|
|
103
|
+
end
|
|
104
|
+
|
|
91
105
|
def compliant?
|
|
92
106
|
out_of_policy_encryption.empty? &&
|
|
93
107
|
out_of_policy_macs.empty? &&
|
|
@@ -96,7 +110,8 @@ module SSHScan
|
|
|
96
110
|
missing_policy_encryption.empty? &&
|
|
97
111
|
missing_policy_macs.empty? &&
|
|
98
112
|
missing_policy_kex.empty? &&
|
|
99
|
-
missing_policy_compression.empty?
|
|
113
|
+
missing_policy_compression.empty? &&
|
|
114
|
+
out_of_policy_auth_methods.empty?
|
|
100
115
|
end
|
|
101
116
|
|
|
102
117
|
def recommendations
|
|
@@ -113,6 +128,7 @@ module SSHScan
|
|
|
113
128
|
recommendations << "Remove these MAC Algos: #{out_of_policy_macs.join(", ")}" unless out_of_policy_macs.empty?
|
|
114
129
|
recommendations << "Remove these Encryption Ciphers: #{out_of_policy_encryption.join(", ")}" unless out_of_policy_encryption.empty?
|
|
115
130
|
recommendations << "Remove these Compression Algos: #{out_of_policy_compression.join(", ")}" unless out_of_policy_compression.empty?
|
|
131
|
+
recommendations << "Remove these Authentication Methods: #{out_of_policy_auth_methods.join(", ")}" unless out_of_policy_auth_methods.empty?
|
|
116
132
|
return recommendations
|
|
117
133
|
end
|
|
118
134
|
|
data/lib/ssh_scan/version.rb
CHANGED
data/policies/mozilla_modern.yml
CHANGED
data/ssh_scan.gemspec
CHANGED
|
@@ -27,10 +27,8 @@ Gem::Specification.new do |s|
|
|
|
27
27
|
s.homepage = 'http://rubygems.org/gems/ssh_scan'
|
|
28
28
|
|
|
29
29
|
s.add_dependency('bindata', '~> 2.0')
|
|
30
|
-
s.add_dependency('net-ssh')
|
|
31
30
|
s.add_dependency('netaddr')
|
|
32
|
-
s.add_dependency('
|
|
33
|
-
s.add_dependency('json')
|
|
31
|
+
s.add_dependency('net-ssh')
|
|
34
32
|
s.add_development_dependency('pry')
|
|
35
33
|
s.add_development_dependency('rspec', '~> 3.0')
|
|
36
34
|
s.add_development_dependency('rspec-its', '~> 1.2')
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ssh_scan
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.12.beta.
|
|
4
|
+
version: 0.0.12.beta.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jonathan Claudius
|
|
@@ -25,20 +25,6 @@ dependencies:
|
|
|
25
25
|
- - "~>"
|
|
26
26
|
- !ruby/object:Gem::Version
|
|
27
27
|
version: '2.0'
|
|
28
|
-
- !ruby/object:Gem::Dependency
|
|
29
|
-
name: net-ssh
|
|
30
|
-
requirement: !ruby/object:Gem::Requirement
|
|
31
|
-
requirements:
|
|
32
|
-
- - ">="
|
|
33
|
-
- !ruby/object:Gem::Version
|
|
34
|
-
version: '0'
|
|
35
|
-
type: :runtime
|
|
36
|
-
prerelease: false
|
|
37
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
38
|
-
requirements:
|
|
39
|
-
- - ">="
|
|
40
|
-
- !ruby/object:Gem::Version
|
|
41
|
-
version: '0'
|
|
42
28
|
- !ruby/object:Gem::Dependency
|
|
43
29
|
name: netaddr
|
|
44
30
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -54,21 +40,7 @@ dependencies:
|
|
|
54
40
|
- !ruby/object:Gem::Version
|
|
55
41
|
version: '0'
|
|
56
42
|
- !ruby/object:Gem::Dependency
|
|
57
|
-
name:
|
|
58
|
-
requirement: !ruby/object:Gem::Requirement
|
|
59
|
-
requirements:
|
|
60
|
-
- - ">="
|
|
61
|
-
- !ruby/object:Gem::Version
|
|
62
|
-
version: '0'
|
|
63
|
-
type: :runtime
|
|
64
|
-
prerelease: false
|
|
65
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
66
|
-
requirements:
|
|
67
|
-
- - ">="
|
|
68
|
-
- !ruby/object:Gem::Version
|
|
69
|
-
version: '0'
|
|
70
|
-
- !ruby/object:Gem::Dependency
|
|
71
|
-
name: json
|
|
43
|
+
name: net-ssh
|
|
72
44
|
requirement: !ruby/object:Gem::Requirement
|
|
73
45
|
requirements:
|
|
74
46
|
- - ">="
|