skyler / rpms / scap-security-guide

Forked from rpms/scap-security-guide 3 years ago
Clone
Source Code
GIT

Blame SOURCES/scap-security-guide-0.1.50-add_rule_sshd_disable_x11_forwarding_PR_5554.patch

c7 c7-alt c7-beta c8 c8-beta c8s
  1.   dac76ab332cb6f7ca5cdbec311d2754a26f6d91e
  2.   SOURCES
  3.   scap-security-guide-0.1.50-add_rule_sshd_disable_x11_forwarding_PR_5554.patch
Blob History Raw
dac76a 
From ff69d42fd57e64112af50b15ed03526a205b0f98 Mon Sep 17 00:00:00 2001
dac76a 
From: eradot4027 <jrtonmac@gmail.com>
dac76a 
Date: Thu, 2 Apr 2020 13:29:17 -0400
dac76a 
Subject: [PATCH 01/12] Initial commit of rule for issue 5524
dac76a
dac76a 
---
dac76a 
 .../sshd_disable_x11_forwarding/rule.yml      | 46 +++++++++++++++++++
dac76a 
 1 file changed, 46 insertions(+)
dac76a 
 create mode 100644 linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
dac76a
dac76a 
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
dac76a 
new file mode 100644
dac76a 
index 0000000000..c0c01728e9
dac76a 
--- /dev/null
dac76a 
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
dac76a 
@@ -0,0 +1,46 @@
dac76a 
+documentation_complete: true
dac76a 
+
dac76a 
+title: 'Disable X11 Forwarding'
dac76a 
+
dac76a 
+description: |-
dac76a 
+    The X11Forwarding parameter provides the ability to tunnel X11 traffic
dac76a 
+    through the connection to enable remote graphic connections.
dac76a 
+    SSH has the capability to encrypt remote X11 connections when SSH's
dac76a 
+    <tt>X11Forwarding</tt> option is enabled.
dac76a 
+

dac76a 
+    To disable X11 Forwarding, add or correct the
dac76a 
+    following line in <tt>/etc/ssh/sshd_config</tt>:
dac76a 
+    
X11Forwarding no
dac76a 
+
dac76a 
+rationale: |-
dac76a 
+    Disable X11 forwarding unless there is an operational requirement to use X11
dac76a 
+    applications directly. There is a small risk that the remote X11 servers of
dac76a 
+    users who are logged in via SSH with X11 forwarding could be compromised by
dac76a 
+    other users on the X11 server. Note that even if X11 forwarding is disabled,
dac76a 
+    users can always install their own forwarders.
dac76a 
+
dac76a 
+severity: low
dac76a 
+
dac76a 
+references:
dac76a 
+    cui: 3.1.13
dac76a 
+    disa: "366"
dac76a 
+    nist: CM-6(a),AC-17(a),AC-17(2)
dac76a 
+    nist-csf: DE.AE-1,PR.DS-7,PR.IP-1
dac76a 
+    srg: SRG-OS-000480-GPOS-00227
dac76a 
+    stigid@rhel7: "040710"
dac76a 
+    stigid@sle12: "030260"
dac76a 
+    isa-62443-2013: 'SR 7.6'
dac76a 
+    isa-62443-2009: 4.3.4.3.2,4.3.4.3.3,4.4.3.3
dac76a 
+    cobit5: BAI03.08,BAI07.04,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS03.01
dac76a 
+    iso27001-2013: A.12.1.1,A.12.1.2,A.12.1.4,A.12.5.1,A.12.6.2,A.13.1.1,A.13.1.2,A.14.2.2,A.14.2.3,A.14.2.4
dac76a 
+    cis-csc: 1,11,12,13,15,16,18,20,3,4,6,9
dac76a 
+
dac76a 
+{{{ complete_ocil_entry_sshd_option(default="no", option="X11Forwarding", value="no") }}}
dac76a 
+
dac76a 
+template:
dac76a 
+    name: sshd_lineinfile
dac76a 
+    vars:
dac76a 
+        missing_parameter_pass: 'false'
dac76a 
+        parameter: X11Forwarding
dac76a 
+        rule_id: sshd_disable_x11_forwarding
dac76a 
+        value: 'no'
dac76a
dac76a 
From f1bc29396cf2953fb4cb9cb17d6b8537f7be22f1 Mon Sep 17 00:00:00 2001
dac76a 
From: eradot4027 <jrtonmac@gmail.com>
dac76a 
Date: Thu, 2 Apr 2020 13:34:02 -0400
dac76a 
Subject: [PATCH 02/12] Haven't found references except for Solaris 11.  Remove
dac76a 
 reference section
dac76a
dac76a 
---
dac76a 
 .../sshd_disable_x11_forwarding/rule.yml           | 14 --------------
dac76a 
 1 file changed, 14 deletions(-)
dac76a
dac76a 
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
dac76a 
index c0c01728e9..66872d01ab 100644
dac76a 
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
dac76a 
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
dac76a 
@@ -21,20 +21,6 @@ rationale: |-
dac76a
dac76a 
 severity: low
dac76a
dac76a 
-references:
dac76a 
-    cui: 3.1.13
dac76a 
-    disa: "366"
dac76a 
-    nist: CM-6(a),AC-17(a),AC-17(2)
dac76a 
-    nist-csf: DE.AE-1,PR.DS-7,PR.IP-1
dac76a 
-    srg: SRG-OS-000480-GPOS-00227
dac76a 
-    stigid@rhel7: "040710"
dac76a 
-    stigid@sle12: "030260"
dac76a 
-    isa-62443-2013: 'SR 7.6'
dac76a 
-    isa-62443-2009: 4.3.4.3.2,4.3.4.3.3,4.4.3.3
dac76a 
-    cobit5: BAI03.08,BAI07.04,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS03.01
dac76a 
-    iso27001-2013: A.12.1.1,A.12.1.2,A.12.1.4,A.12.5.1,A.12.6.2,A.13.1.1,A.13.1.2,A.14.2.2,A.14.2.3,A.14.2.4
dac76a 
-    cis-csc: 1,11,12,13,15,16,18,20,3,4,6,9
dac76a 
-
dac76a 
 {{{ complete_ocil_entry_sshd_option(default="no", option="X11Forwarding", value="no") }}}
dac76a
dac76a 
 template:
dac76a
dac76a 
From fb105b63c1ae36f309ede1831b8bae7a8d3ca4c7 Mon Sep 17 00:00:00 2001
dac76a 
From: eradot4027 <jrtonmac@gmail.com>
dac76a 
Date: Thu, 2 Apr 2020 13:56:05 -0400
dac76a 
Subject: [PATCH 03/12] Added CIS Reference
dac76a
dac76a 
---
dac76a 
 .../ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml        | 3 +++
dac76a 
 1 file changed, 3 insertions(+)
dac76a
dac76a 
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
dac76a 
index 66872d01ab..88ed64c681 100644
dac76a 
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
dac76a 
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
dac76a 
@@ -23,6 +23,9 @@ severity: low
dac76a
dac76a 
 {{{ complete_ocil_entry_sshd_option(default="no", option="X11Forwarding", value="no") }}}
dac76a
dac76a 
+references:
dac76a 
+  cis@rhel8: 5.2.6
dac76a 
+
dac76a 
 template:
dac76a 
     name: sshd_lineinfile
dac76a 
     vars:
dac76a
dac76a 
From 93f1dd883c3bef0e0df0a0eab87a8eaa75134637 Mon Sep 17 00:00:00 2001
dac76a 
From: eradot4027 <jrtonmac@gmail.com>
dac76a 
Date: Thu, 2 Apr 2020 13:58:34 -0400
dac76a 
Subject: [PATCH 04/12] CIS RHEL 7 Benchmark Reference
dac76a
dac76a 
---
dac76a 
 .../ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml        | 3 ++-
dac76a 
 1 file changed, 2 insertions(+), 1 deletion(-)
dac76a
dac76a 
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
dac76a 
index 88ed64c681..c56d498972 100644
dac76a 
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
dac76a 
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
dac76a 
@@ -24,8 +24,9 @@ severity: low
dac76a 
 {{{ complete_ocil_entry_sshd_option(default="no", option="X11Forwarding", value="no") }}}
dac76a
dac76a 
 references:
dac76a 
+  cis@rhel7: 5.2.5
dac76a 
   cis@rhel8: 5.2.6
dac76a 
-
dac76a 
+
dac76a 
 template:
dac76a 
     name: sshd_lineinfile
dac76a 
     vars:
dac76a
dac76a 
From 96a51e5a2496c40aa28d9aace336ee75c26afdeb Mon Sep 17 00:00:00 2001
dac76a 
From: eradot4027 <jrtonmac@gmail.com>
dac76a 
Date: Thu, 2 Apr 2020 14:09:25 -0400
dac76a 
Subject: [PATCH 05/12] MOre CIS References
dac76a
dac76a 
---
dac76a 
 .../ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml         | 2 ++
dac76a 
 1 file changed, 2 insertions(+)
dac76a
dac76a 
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
dac76a 
index c56d498972..92cdbc2151 100644
dac76a 
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
dac76a 
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
dac76a 
@@ -26,6 +26,8 @@ severity: low
dac76a 
 references:
dac76a 
   cis@rhel7: 5.2.5
dac76a 
   cis@rhel8: 5.2.6
dac76a 
+  cis@sle12: 5.2.4
dac76a 
+  cis@sle15: 5.2.6
dac76a
dac76a 
 template:
dac76a 
     name: sshd_lineinfile
dac76a
dac76a 
From da6fb541c8085d3f6a29f2569615201f3c88bda4 Mon Sep 17 00:00:00 2001
dac76a 
From: eradot4027 <jrtonmac@gmail.com>
dac76a 
Date: Thu, 2 Apr 2020 15:39:53 -0400
dac76a 
Subject: [PATCH 06/12] Modified per pull request comments.
dac76a
dac76a 
---
dac76a 
 .../ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml     | 6 ++++--
dac76a 
 1 file changed, 4 insertions(+), 2 deletions(-)
dac76a
dac76a 
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
dac76a 
index 92cdbc2151..bea57e74aa 100644
dac76a 
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
dac76a 
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
dac76a 
@@ -21,7 +21,9 @@ rationale: |-
dac76a
dac76a 
 severity: low
dac76a
dac76a 
-{{{ complete_ocil_entry_sshd_option(default="no", option="X11Forwarding", value="no") }}}
dac76a 
+ocil_clause: "that the X11Forwarding option exists and is enabled"
dac76a 
+
dac76a 
+ocil: '{{{ ocil_sshd_option(default="no", option="X11Forwarding", value="no") }}}'
dac76a
dac76a 
 references:
dac76a 
   cis@rhel7: 5.2.5
dac76a 
@@ -32,7 +34,7 @@ references:
dac76a 
 template:
dac76a 
     name: sshd_lineinfile
dac76a 
     vars:
dac76a 
-        missing_parameter_pass: 'false'
dac76a 
+        missing_parameter_pass: 'true'
dac76a 
         parameter: X11Forwarding
dac76a 
         rule_id: sshd_disable_x11_forwarding
dac76a 
         value: 'no'
dac76a
dac76a 
From b0b3524c550d3007b33a2d3bdda7d8925dd2fe00 Mon Sep 17 00:00:00 2001
dac76a 
From: eradot4027 <jrtonmac@gmail.com>
dac76a 
Date: Thu, 2 Apr 2020 16:17:05 -0400
dac76a 
Subject: [PATCH 07/12] Modified per comment
dac76a
dac76a 
---
dac76a 
 .../ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml        | 3 ++-
dac76a 
 1 file changed, 2 insertions(+), 1 deletion(-)
dac76a
dac76a 
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
dac76a 
index bea57e74aa..14771fcc9a 100644
dac76a 
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
dac76a 
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
dac76a 
@@ -23,7 +23,8 @@ severity: low
dac76a
dac76a 
 ocil_clause: "that the X11Forwarding option exists and is enabled"
dac76a
dac76a 
-ocil: '{{{ ocil_sshd_option(default="no", option="X11Forwarding", value="no") }}}'
dac76a 
+ocil: |-
dac76a 
+    {{{ ocil_sshd_option(default="no", option="X11Forwarding", value="no") }}}
dac76a
dac76a 
 references:
dac76a 
   cis@rhel7: 5.2.5
dac76a
dac76a 
From 84f97ae10eaf3c4118f8efa00d7d887ec44db150 Mon Sep 17 00:00:00 2001
dac76a 
From: eradot4027 <jrtonmac@gmail.com>
dac76a 
Date: Thu, 2 Apr 2020 16:24:28 -0400
dac76a 
Subject: [PATCH 08/12] Added check to RHEL7,8 CIS Profile per request
dac76a
dac76a 
---
dac76a 
 rhel7/profiles/cis.profile |  3 ++-
dac76a 
 2 files changed, 11 insertions(+), 10 deletions(-)
dac76a
dac76a 
diff --git a/rhel7/profiles/cis.profile b/rhel7/profiles/cis.profile
dac76a 
index 739ed27200..ba413cb1d8 100644
dac76a 
--- a/rhel7/profiles/cis.profile
dac76a 
+++ b/rhel7/profiles/cis.profile
dac76a 
@@ -578,7 +578,8 @@ selections:
dac76a 
     - sshd_set_loglevel_info
dac76a
dac76a 
     ### 5.2.4 Ensure SSH X11 forwarding is disabled (Scored)
dac76a 
-
dac76a 
+    - sshd_disable_x11_forwarding
dac76a 
+
dac76a 
     ### 5.2.5 Ensure SSH MaxAuthTries is set to 4 or less (Scored)
dac76a 
     - sshd_set_max_auth_tries
dac76a
dac76a
dac76a 
From 1618a15fb61c447770fd54e131c15445f765eabc Mon Sep 17 00:00:00 2001
dac76a 
From: eradot4027 <jrtonmac@gmail.com>
dac76a 
Date: Thu, 2 Apr 2020 20:16:53 -0400
dac76a 
Subject: [PATCH 09/12] Fixed OCIL Clause
dac76a
dac76a 
---
dac76a 
 .../services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml | 1 +
dac76a 
 1 file changed, 1 insertion(+)
dac76a
dac76a 
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
dac76a 
index 14771fcc9a..09dd808e99 100644
dac76a 
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
dac76a 
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
dac76a 
@@ -26,6 +26,7 @@ ocil_clause: "that the X11Forwarding option exists and is enabled"
dac76a 
 ocil: |-
dac76a 
     {{{ ocil_sshd_option(default="no", option="X11Forwarding", value="no") }}}
dac76a
dac76a 
+
dac76a 
 references:
dac76a 
   cis@rhel7: 5.2.5
dac76a 
   cis@rhel8: 5.2.6
dac76a
dac76a 
From e593461ca7cc38b5125f4413c445c4f9e9261c4e Mon Sep 17 00:00:00 2001
dac76a 
From: eradot4027 <jrtonmac@gmail.com>
dac76a 
Date: Fri, 3 Apr 2020 10:49:57 -0400
dac76a 
Subject: [PATCH 10/12] Added OVAL and tests
dac76a
dac76a 
---
dac76a 
 .../sshd_disable_x11_forwarding/oval/shared.xml          | 1 +
dac76a 
 .../sshd_disable_x11_forwarding/tests/comment.pass.sh    | 9 +++++++++
dac76a 
 .../tests/correct_value.pass.sh                          | 9 +++++++++
dac76a 
 .../tests/line_not_there.pass.sh                         | 5 +++++
dac76a 
 .../tests/wrong_value.fail.sh                            | 9 +++++++++
dac76a 
 5 files changed, 33 insertions(+)
dac76a 
 create mode 100644 linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/oval/shared.xml
dac76a 
 create mode 100644 linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/tests/comment.pass.sh
dac76a 
 create mode 100644 linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/tests/correct_value.pass.sh
dac76a 
 create mode 100644 linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/tests/line_not_there.pass.sh
dac76a 
 create mode 100644 linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/tests/wrong_value.fail.sh
dac76a
dac76a 
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/oval/shared.xml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/oval/shared.xml
dac76a 
new file mode 100644
dac76a 
index 0000000000..88b4e756f5
dac76a 
--- /dev/null
dac76a 
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/oval/shared.xml
dac76a 
@@ -0,0 +1 @@
dac76a 
+{{{ oval_sshd_config(parameter="X11Forwarding", value="no", missing_parameter_pass=true) }}}
dac76a 
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/tests/comment.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/tests/comment.pass.sh
dac76a 
new file mode 100644
dac76a 
index 0000000000..2b2e7869af
dac76a 
--- /dev/null
dac76a 
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/tests/comment.pass.sh
dac76a 
@@ -0,0 +1,9 @@
dac76a 
+#!/bin/bash
dac76a 
+#
dac76a 
+# profiles = xccdf_org.ssgproject.content_profile_ospp
dac76a 
+
dac76a 
+if grep -q "^X11Forwarding" /etc/ssh/sshd_config; then
dac76a 
+	sed -i "s/^X11Forwarding.*/# X11Forwarding no/" /etc/ssh/sshd_config
dac76a 
+else
dac76a 
+	echo "# X11Forwarding no" >> /etc/ssh/sshd_config
dac76a 
+fi
dac76a 
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/tests/correct_value.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/tests/correct_value.pass.sh
dac76a 
new file mode 100644
dac76a 
index 0000000000..f8b1ed4685
dac76a 
--- /dev/null
dac76a 
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/tests/correct_value.pass.sh
dac76a 
@@ -0,0 +1,9 @@
dac76a 
+#!/bin/bash
dac76a 
+#
dac76a 
+# profiles = xccdf_org.ssgproject.content_profile_ospp
dac76a 
+
dac76a 
+if grep -q "^X11Forwarding" /etc/ssh/sshd_config; then
dac76a 
+	sed -i "s/^X11Forwarding.*/X11Forwarding no/" /etc/ssh/sshd_config
dac76a 
+else
dac76a 
+	echo "X11Forwarding no" >> /etc/ssh/sshd_config
dac76a 
+fi
dac76a 
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/tests/line_not_there.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/tests/line_not_there.pass.sh
dac76a 
new file mode 100644
dac76a 
index 0000000000..53a3d754b8
dac76a 
--- /dev/null
dac76a 
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/tests/line_not_there.pass.sh
dac76a 
@@ -0,0 +1,5 @@
dac76a 
+#!/bin/bash
dac76a 
+#
dac76a 
+# profiles = xccdf_org.ssgproject.content_profile_ospp
dac76a 
+
dac76a 
+sed -i "/^X11Forwarding.*/d" /etc/ssh/sshd_config
dac76a 
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/tests/wrong_value.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/tests/wrong_value.fail.sh
dac76a 
new file mode 100644
dac76a 
index 0000000000..bbb09f62d0
dac76a 
--- /dev/null
dac76a 
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/tests/wrong_value.fail.sh
dac76a 
@@ -0,0 +1,9 @@
dac76a 
+#!/bin/bash
dac76a 
+#
dac76a 
+# profiles = xccdf_org.ssgproject.content_profile_ospp
dac76a 
+
dac76a 
+if grep -q "^X11Forwarding" /etc/ssh/sshd_config; then
dac76a 
+	sed -i "s/^X11Forwarding.*/X11Forwarding yes/" /etc/ssh/sshd_config
dac76a 
+else
dac76a 
+	echo "X11Forwarding yes" >> /etc/ssh/sshd_config
dac76a 
+fi
dac76a
dac76a 
From 192c1ee531a838c91db37108f49124295cc5cec3 Mon Sep 17 00:00:00 2001
dac76a 
From: eradot4027 <jrtonmac@gmail.com>
dac76a 
Date: Fri, 3 Apr 2020 13:10:49 -0400
dac76a 
Subject: [PATCH 11/12] Removed OVAL in favor of template
dac76a
dac76a 
---
dac76a 
 .../ssh/ssh_server/sshd_disable_x11_forwarding/oval/shared.xml   | 1 -
dac76a 
 1 file changed, 1 deletion(-)
dac76a 
 delete mode 100644 linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/oval/shared.xml
dac76a
dac76a 
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/oval/shared.xml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/oval/shared.xml
dac76a 
deleted file mode 100644
dac76a 
index 88b4e756f5..0000000000
dac76a 
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/oval/shared.xml
dac76a 
+++ /dev/null
dac76a 
@@ -1 +0,0 @@
dac76a 
-{{{ oval_sshd_config(parameter="X11Forwarding", value="no", missing_parameter_pass=true) }}}
dac76a

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation