|
Petr Šabata |
81d24c |
# I do not know about any better place where to put profile files
|
|
Petr Šabata |
81d24c |
addFilter(r'openssh-askpass.x86_64: W: non-conffile-in-etc /etc/profile.d/gnome-ssh-askpass.c?sh')
|
|
Petr Šabata |
81d24c |
|
|
Petr Šabata |
81d24c |
# The ssh-keysign is not supposed to have standard permissions
|
|
Petr Šabata |
81d24c |
addFilter(r'openssh.x86_64: E: non-standard-executable-perm /usr/libexec/openssh/ssh-keysign 2555')
|
|
Petr Šabata |
81d24c |
addFilter(r'openssh.x86_64: E: setgid-binary /usr/libexec/openssh/ssh-keysign ssh_keys 2555')
|
|
Petr Šabata |
81d24c |
addFilter(r'openssh.x86_64: W: non-standard-gid /usr/libexec/openssh/ssh-keysign ssh_keys')
|
|
Petr Šabata |
81d24c |
|
|
Petr Šabata |
81d24c |
# The -cavs subpackage is internal without documentation
|
|
Petr Šabata |
81d24c |
# The -askpass is not intended to be used directly so it is missing documentation
|
|
Petr Šabata |
81d24c |
addFilter(r'openssh-(askpass|cavs).x86_64: W: no-documentation')
|
|
Petr Šabata |
81d24c |
|
|
Petr Šabata |
81d24c |
# sshd config and sysconfig is not supposed to be world readable
|
|
Petr Šabata |
81d24c |
addFilter(r'non-readable /etc/(ssh/sshd_config|sysconfig/sshd)')
|
|
Petr Šabata |
81d24c |
|
|
Petr Šabata |
81d24c |
# The /var/empty/sshd is supposed to have the given permissions
|
|
Petr Šabata |
81d24c |
addFilter(r'non-standard-dir-perm /var/empty/sshd 711')
|
|
Petr Šabata |
81d24c |
addFilter(r'non-standard-dir-in-var empty')
|
|
Petr Šabata |
81d24c |
|
|
Petr Šabata |
81d24c |
# Spelling false-positives
|
|
Petr Šabata |
81d24c |
addFilter(r'spelling-error (Summary\(en_US\)|.* en_US) (mls|su|sudo|rlogin|rsh|untrusted) ')
|