ssh_scan 0.0.12.beta.1 → 0.0.12.beta.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: db37ffc4056dbcf7dfaabd52571817fe411e20a2
4
- data.tar.gz: a27d171b9de280db15dd44975f5d16ae15b95e86
3
+ metadata.gz: 7f118d5f4b8fd7336207b24592496e2e80e62d26
4
+ data.tar.gz: fedf6dc4193c8592c9ee128c1a4a7e058b1c82c9
5
5
  SHA512:
6
- metadata.gz: ce75bf0d9d4c5d6002630523a08902237ea2060bfe22a1904806553789bc869ec8286037cffa5c8f35504d60eeb98a46b363a9dcc910bd783aa7404e01c77bec
7
- data.tar.gz: 5b107fab0384957b523ccbdca9f6406fb002728111277a713fa8c5a81767af66948965ad7ec4bea8137850868e2089f80220fcf3b9235bd01635fa8af13140fd
6
+ metadata.gz: fa614b3fada0296c6201dd4d1f225da156300bfedf4f1ddfbbbeeb03a89f4d15d27eae71f61b00b5d5363101fcfc7a5c4ddf59c2a1e74847b2823df95e9b0912
7
+ data.tar.gz: b88c3d0c431428cedff332e953a4ca692026354e24f8cca24d25d940cd35fddf134c719988c3a7745c9190bb795717ff2b5d9cd706c7f749b84fc690c36c3df4
data/.travis.yml CHANGED
@@ -2,8 +2,37 @@ language: ruby
2
2
  matrix:
3
3
  include:
4
4
  - rvm: ruby-head
5
+ env:
6
+ - LABEL=unit_tests
5
7
  - rvm: 2.3.0
8
+ env:
9
+ - LABEL=unit_tests
10
+ - rvm: 2.2.0
11
+ env:
12
+ - LABEL=unit_tests
13
+ - rvm: 2.1.3
14
+ env:
15
+ - LABEL=unit_tests
16
+ - rvm: 2.0.0
17
+ env:
18
+ - LABEL=unit_tests
19
+ - rvm: 2.3.0
20
+ env:
21
+ - LABEL=gem_integration_tests
22
+ script:
23
+ - gem install ssh_scan
24
+ - chmod 755 ./spec/ssh_scan/integration.sh
25
+ - ./spec/ssh_scan/integration.sh
26
+ - rvm: 2.3.0
27
+ env:
28
+ - LABEL=src_integration_tests
29
+ script:
30
+ - bundle install
31
+ - chmod 755 ./spec/ssh_scan/integration.sh
32
+ - ./spec/ssh_scan/integration.sh
6
33
  - rvm: 2.3.0
34
+ env:
35
+ - LABEL=docker_build_push
7
36
  services:
8
37
  - docker
9
38
  script:
@@ -15,13 +44,3 @@ matrix:
15
44
  else \
16
45
  exit 0 ;\
17
46
  fi
18
- - rvm: 2.3.0
19
- script:
20
- - gem install ssh_scan
21
- - rvm: 2.3.0
22
- script:
23
- - chmod 755 ./spec/ssh_scan/integration.sh
24
- - ./spec/ssh_scan/integration.sh
25
- - rvm: 2.2.0
26
- - rvm: 2.1.3
27
- - rvm: 2.0.0
data/lib/ssh_scan.rb CHANGED
@@ -1,5 +1,7 @@
1
1
  #External Deps
2
2
  require 'bindata'
3
+ require 'timeout'
4
+ require 'resolv'
3
5
 
4
6
  #Internal Deps
5
7
  require 'ssh_scan/version'
@@ -2,7 +2,7 @@ require 'yaml'
2
2
 
3
3
  module SSHScan
4
4
  class Policy
5
- attr_reader :name, :kex, :macs, :encryption, :compression, :references
5
+ attr_reader :name, :kex, :macs, :encryption, :compression, :references, :auth_methods
6
6
 
7
7
  def initialize(opts = {})
8
8
  @name = opts['name'] || []
@@ -11,6 +11,7 @@ module SSHScan
11
11
  @encryption = opts['encryption'] || []
12
12
  @compression = opts['compression'] || []
13
13
  @references = opts['references'] || []
14
+ @auth_methods = opts['auth_methods'] || []
14
15
  end
15
16
 
16
17
  def self.from_file(file)
@@ -88,6 +88,20 @@ module SSHScan
88
88
  return outliers
89
89
  end
90
90
 
91
+ def out_of_policy_auth_methods
92
+ target_auth_methods = @result["auth_methods"]
93
+ outliers = []
94
+
95
+ if not @policy.auth_methods.empty?
96
+ target_auth_methods.each do |auth_method|
97
+ if not @policy.auth_methods.include?(auth_method)
98
+ outliers << auth_method
99
+ end
100
+ end
101
+ end
102
+ return outliers
103
+ end
104
+
91
105
  def compliant?
92
106
  out_of_policy_encryption.empty? &&
93
107
  out_of_policy_macs.empty? &&
@@ -96,7 +110,8 @@ module SSHScan
96
110
  missing_policy_encryption.empty? &&
97
111
  missing_policy_macs.empty? &&
98
112
  missing_policy_kex.empty? &&
99
- missing_policy_compression.empty?
113
+ missing_policy_compression.empty? &&
114
+ out_of_policy_auth_methods.empty?
100
115
  end
101
116
 
102
117
  def recommendations
@@ -113,6 +128,7 @@ module SSHScan
113
128
  recommendations << "Remove these MAC Algos: #{out_of_policy_macs.join(", ")}" unless out_of_policy_macs.empty?
114
129
  recommendations << "Remove these Encryption Ciphers: #{out_of_policy_encryption.join(", ")}" unless out_of_policy_encryption.empty?
115
130
  recommendations << "Remove these Compression Algos: #{out_of_policy_compression.join(", ")}" unless out_of_policy_compression.empty?
131
+ recommendations << "Remove these Authentication Methods: #{out_of_policy_auth_methods.join(", ")}" unless out_of_policy_auth_methods.empty?
116
132
  return recommendations
117
133
  end
118
134
 
@@ -1,3 +1,3 @@
1
1
  module SSHScan
2
- VERSION = '0.0.12.beta.1'
2
+ VERSION = '0.0.12.beta.2'
3
3
  end
@@ -1,5 +1,7 @@
1
1
  ---
2
2
  name: Mozilla Intermediate
3
+ auth_methods:
4
+ - publickey
3
5
  kex:
4
6
  - diffie-hellman-group-exchange-sha256
5
7
  encryption:
@@ -1,5 +1,7 @@
1
1
  ---
2
2
  name: Mozilla Modern
3
+ auth_methods:
4
+ - publickey
3
5
  kex:
4
6
  - curve25519-sha256@libssh.org
5
7
  - ecdh-sha2-nistp521
data/ssh_scan.gemspec CHANGED
@@ -27,10 +27,8 @@ Gem::Specification.new do |s|
27
27
  s.homepage = 'http://rubygems.org/gems/ssh_scan'
28
28
 
29
29
  s.add_dependency('bindata', '~> 2.0')
30
- s.add_dependency('net-ssh')
31
30
  s.add_dependency('netaddr')
32
- s.add_dependency('timeout')
33
- s.add_dependency('json')
31
+ s.add_dependency('net-ssh')
34
32
  s.add_development_dependency('pry')
35
33
  s.add_development_dependency('rspec', '~> 3.0')
36
34
  s.add_development_dependency('rspec-its', '~> 1.2')
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ssh_scan
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.12.beta.1
4
+ version: 0.0.12.beta.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jonathan Claudius
@@ -25,20 +25,6 @@ dependencies:
25
25
  - - "~>"
26
26
  - !ruby/object:Gem::Version
27
27
  version: '2.0'
28
- - !ruby/object:Gem::Dependency
29
- name: net-ssh
30
- requirement: !ruby/object:Gem::Requirement
31
- requirements:
32
- - - ">="
33
- - !ruby/object:Gem::Version
34
- version: '0'
35
- type: :runtime
36
- prerelease: false
37
- version_requirements: !ruby/object:Gem::Requirement
38
- requirements:
39
- - - ">="
40
- - !ruby/object:Gem::Version
41
- version: '0'
42
28
  - !ruby/object:Gem::Dependency
43
29
  name: netaddr
44
30
  requirement: !ruby/object:Gem::Requirement
@@ -54,21 +40,7 @@ dependencies:
54
40
  - !ruby/object:Gem::Version
55
41
  version: '0'
56
42
  - !ruby/object:Gem::Dependency
57
- name: timeout
58
- requirement: !ruby/object:Gem::Requirement
59
- requirements:
60
- - - ">="
61
- - !ruby/object:Gem::Version
62
- version: '0'
63
- type: :runtime
64
- prerelease: false
65
- version_requirements: !ruby/object:Gem::Requirement
66
- requirements:
67
- - - ">="
68
- - !ruby/object:Gem::Version
69
- version: '0'
70
- - !ruby/object:Gem::Dependency
71
- name: json
43
+ name: net-ssh
72
44
  requirement: !ruby/object:Gem::Requirement
73
45
  requirements:
74
46
  - - ">="