ssh_scan 0.0.12.beta.1 → 0.0.12.beta.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: db37ffc4056dbcf7dfaabd52571817fe411e20a2
4
- data.tar.gz: a27d171b9de280db15dd44975f5d16ae15b95e86
3
+ metadata.gz: 7f118d5f4b8fd7336207b24592496e2e80e62d26
4
+ data.tar.gz: fedf6dc4193c8592c9ee128c1a4a7e058b1c82c9
5
5
  SHA512:
6
- metadata.gz: ce75bf0d9d4c5d6002630523a08902237ea2060bfe22a1904806553789bc869ec8286037cffa5c8f35504d60eeb98a46b363a9dcc910bd783aa7404e01c77bec
7
- data.tar.gz: 5b107fab0384957b523ccbdca9f6406fb002728111277a713fa8c5a81767af66948965ad7ec4bea8137850868e2089f80220fcf3b9235bd01635fa8af13140fd
6
+ metadata.gz: fa614b3fada0296c6201dd4d1f225da156300bfedf4f1ddfbbbeeb03a89f4d15d27eae71f61b00b5d5363101fcfc7a5c4ddf59c2a1e74847b2823df95e9b0912
7
+ data.tar.gz: b88c3d0c431428cedff332e953a4ca692026354e24f8cca24d25d940cd35fddf134c719988c3a7745c9190bb795717ff2b5d9cd706c7f749b84fc690c36c3df4
data/.travis.yml CHANGED
@@ -2,8 +2,37 @@ language: ruby
2
2
  matrix:
3
3
  include:
4
4
  - rvm: ruby-head
5
+ env:
6
+ - LABEL=unit_tests
5
7
  - rvm: 2.3.0
8
+ env:
9
+ - LABEL=unit_tests
10
+ - rvm: 2.2.0
11
+ env:
12
+ - LABEL=unit_tests
13
+ - rvm: 2.1.3
14
+ env:
15
+ - LABEL=unit_tests
16
+ - rvm: 2.0.0
17
+ env:
18
+ - LABEL=unit_tests
19
+ - rvm: 2.3.0
20
+ env:
21
+ - LABEL=gem_integration_tests
22
+ script:
23
+ - gem install ssh_scan
24
+ - chmod 755 ./spec/ssh_scan/integration.sh
25
+ - ./spec/ssh_scan/integration.sh
26
+ - rvm: 2.3.0
27
+ env:
28
+ - LABEL=src_integration_tests
29
+ script:
30
+ - bundle install
31
+ - chmod 755 ./spec/ssh_scan/integration.sh
32
+ - ./spec/ssh_scan/integration.sh
6
33
  - rvm: 2.3.0
34
+ env:
35
+ - LABEL=docker_build_push
7
36
  services:
8
37
  - docker
9
38
  script:
@@ -15,13 +44,3 @@ matrix:
15
44
  else \
16
45
  exit 0 ;\
17
46
  fi
18
- - rvm: 2.3.0
19
- script:
20
- - gem install ssh_scan
21
- - rvm: 2.3.0
22
- script:
23
- - chmod 755 ./spec/ssh_scan/integration.sh
24
- - ./spec/ssh_scan/integration.sh
25
- - rvm: 2.2.0
26
- - rvm: 2.1.3
27
- - rvm: 2.0.0
data/lib/ssh_scan.rb CHANGED
@@ -1,5 +1,7 @@
1
1
  #External Deps
2
2
  require 'bindata'
3
+ require 'timeout'
4
+ require 'resolv'
3
5
 
4
6
  #Internal Deps
5
7
  require 'ssh_scan/version'
@@ -2,7 +2,7 @@ require 'yaml'
2
2
 
3
3
  module SSHScan
4
4
  class Policy
5
- attr_reader :name, :kex, :macs, :encryption, :compression, :references
5
+ attr_reader :name, :kex, :macs, :encryption, :compression, :references, :auth_methods
6
6
 
7
7
  def initialize(opts = {})
8
8
  @name = opts['name'] || []
@@ -11,6 +11,7 @@ module SSHScan
11
11
  @encryption = opts['encryption'] || []
12
12
  @compression = opts['compression'] || []
13
13
  @references = opts['references'] || []
14
+ @auth_methods = opts['auth_methods'] || []
14
15
  end
15
16
 
16
17
  def self.from_file(file)
@@ -88,6 +88,20 @@ module SSHScan
88
88
  return outliers
89
89
  end
90
90
 
91
+ def out_of_policy_auth_methods
92
+ target_auth_methods = @result["auth_methods"]
93
+ outliers = []
94
+
95
+ if not @policy.auth_methods.empty?
96
+ target_auth_methods.each do |auth_method|
97
+ if not @policy.auth_methods.include?(auth_method)
98
+ outliers << auth_method
99
+ end
100
+ end
101
+ end
102
+ return outliers
103
+ end
104
+
91
105
  def compliant?
92
106
  out_of_policy_encryption.empty? &&
93
107
  out_of_policy_macs.empty? &&
@@ -96,7 +110,8 @@ module SSHScan
96
110
  missing_policy_encryption.empty? &&
97
111
  missing_policy_macs.empty? &&
98
112
  missing_policy_kex.empty? &&
99
- missing_policy_compression.empty?
113
+ missing_policy_compression.empty? &&
114
+ out_of_policy_auth_methods.empty?
100
115
  end
101
116
 
102
117
  def recommendations
@@ -113,6 +128,7 @@ module SSHScan
113
128
  recommendations << "Remove these MAC Algos: #{out_of_policy_macs.join(", ")}" unless out_of_policy_macs.empty?
114
129
  recommendations << "Remove these Encryption Ciphers: #{out_of_policy_encryption.join(", ")}" unless out_of_policy_encryption.empty?
115
130
  recommendations << "Remove these Compression Algos: #{out_of_policy_compression.join(", ")}" unless out_of_policy_compression.empty?
131
+ recommendations << "Remove these Authentication Methods: #{out_of_policy_auth_methods.join(", ")}" unless out_of_policy_auth_methods.empty?
116
132
  return recommendations
117
133
  end
118
134
 
@@ -1,3 +1,3 @@
1
1
  module SSHScan
2
- VERSION = '0.0.12.beta.1'
2
+ VERSION = '0.0.12.beta.2'
3
3
  end
@@ -1,5 +1,7 @@
1
1
  ---
2
2
  name: Mozilla Intermediate
3
+ auth_methods:
4
+ - publickey
3
5
  kex:
4
6
  - diffie-hellman-group-exchange-sha256
5
7
  encryption:
@@ -1,5 +1,7 @@
1
1
  ---
2
2
  name: Mozilla Modern
3
+ auth_methods:
4
+ - publickey
3
5
  kex:
4
6
  - curve25519-sha256@libssh.org
5
7
  - ecdh-sha2-nistp521
data/ssh_scan.gemspec CHANGED
@@ -27,10 +27,8 @@ Gem::Specification.new do |s|
27
27
  s.homepage = 'http://rubygems.org/gems/ssh_scan'
28
28
 
29
29
  s.add_dependency('bindata', '~> 2.0')
30
- s.add_dependency('net-ssh')
31
30
  s.add_dependency('netaddr')
32
- s.add_dependency('timeout')
33
- s.add_dependency('json')
31
+ s.add_dependency('net-ssh')
34
32
  s.add_development_dependency('pry')
35
33
  s.add_development_dependency('rspec', '~> 3.0')
36
34
  s.add_development_dependency('rspec-its', '~> 1.2')
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ssh_scan
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.12.beta.1
4
+ version: 0.0.12.beta.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jonathan Claudius
@@ -25,20 +25,6 @@ dependencies:
25
25
  - - "~>"
26
26
  - !ruby/object:Gem::Version
27
27
  version: '2.0'
28
- - !ruby/object:Gem::Dependency
29
- name: net-ssh
30
- requirement: !ruby/object:Gem::Requirement
31
- requirements:
32
- - - ">="
33
- - !ruby/object:Gem::Version
34
- version: '0'
35
- type: :runtime
36
- prerelease: false
37
- version_requirements: !ruby/object:Gem::Requirement
38
- requirements:
39
- - - ">="
40
- - !ruby/object:Gem::Version
41
- version: '0'
42
28
  - !ruby/object:Gem::Dependency
43
29
  name: netaddr
44
30
  requirement: !ruby/object:Gem::Requirement
@@ -54,21 +40,7 @@ dependencies:
54
40
  - !ruby/object:Gem::Version
55
41
  version: '0'
56
42
  - !ruby/object:Gem::Dependency
57
- name: timeout
58
- requirement: !ruby/object:Gem::Requirement
59
- requirements:
60
- - - ">="
61
- - !ruby/object:Gem::Version
62
- version: '0'
63
- type: :runtime
64
- prerelease: false
65
- version_requirements: !ruby/object:Gem::Requirement
66
- requirements:
67
- - - ">="
68
- - !ruby/object:Gem::Version
69
- version: '0'
70
- - !ruby/object:Gem::Dependency
71
- name: json
43
+ name: net-ssh
72
44
  requirement: !ruby/object:Gem::Requirement
73
45
  requirements:
74
46
  - - ">="