From be529f2ca1f3644db9ad436dbd35aa00a9a5cf14 Mon Sep 17 00:00:00 2001
From: Watson Sato <wsato@redhat.com>
Date: Wed, 13 May 2020 20:49:08 +0200
Subject: [PATCH 1/2] Add simple tests for sshd_set_max_sessions

---
 .../sshd_set_max_sessions/tests/correct_value.pass.sh | 11 +++++++++++
 .../sshd_set_max_sessions/tests/wrong_value.fail.sh   | 11 +++++++++++
 2 files changed, 22 insertions(+)
 create mode 100644 linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/correct_value.pass.sh
 create mode 100644 linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/wrong_value.fail.sh

diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/correct_value.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/correct_value.pass.sh
new file mode 100644
index 0000000000..a816eea390
--- /dev/null
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/correct_value.pass.sh
@@ -0,0 +1,11 @@
+# profiles = xccdf_org.ssgproject.content_profile_cis
+# platform = Red Hat Enterprise Linux 8
+
+#!/bin/bash
+SSHD_CONFIG="/etc/ssh/sshd_config"
+
+if grep -q "^MaxSessions" $SSHD_CONFIG; then
+        sed -i "s/^MaxSessions.*/MaxSessions 4/" $SSHD_CONFIG
+    else
+            echo "MaxSessions 4" >> $SSHD_CONFIG
+fi
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/wrong_value.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/wrong_value.fail.sh
new file mode 100644
index 0000000000..b36125f5bb
--- /dev/null
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/wrong_value.fail.sh
@@ -0,0 +1,11 @@
+# profiles = xccdf_org.ssgproject.content_profile_cis
+# platform = Red Hat Enterprise Linux 8
+
+#!/bin/bash
+SSHD_CONFIG="/etc/ssh/sshd_config"
+
+if grep -q "^MaxSessions" $SSHD_CONFIG; then
+        sed -i "s/^MaxSessions.*/MaxSessions 10/" $SSHD_CONFIG
+    else
+            echo "MaxSessions 10" >> $SSHD_CONFIG
+fi

From 027299726c805b451b02694c737514750fd14b94 Mon Sep 17 00:00:00 2001
From: Watson Sato <wsato@redhat.com>
Date: Wed, 13 May 2020 20:53:50 +0200
Subject: [PATCH 2/2] Add remediations for sshd_set_max_sessions

---
 .../sshd_set_max_sessions/ansible/shared.yml         |  8 ++++++++
 .../ssh_server/sshd_set_max_sessions/bash/shared.sh  | 12 ++++++++++++
 .../tests/correct_value.pass.sh                      |  2 +-
 .../sshd_set_max_sessions/tests/wrong_value.fail.sh  |  2 +-
 4 files changed, 22 insertions(+), 2 deletions(-)
 create mode 100644 linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/ansible/shared.yml
 create mode 100644 linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/bash/shared.sh

diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/ansible/shared.yml
new file mode 100644
index 0000000000..a7e171dfe9
--- /dev/null
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/ansible/shared.yml
@@ -0,0 +1,8 @@
+# platform = multi_platform_all
+# reboot = false
+# strategy = configure
+# complexity = low
+# disruption = low
+- (xccdf-var var_sshd_max_sessions)
+
+{{{ ansible_sshd_set(parameter="MaxSessions", value="{{ var_sshd_max_sessions}}") }}}
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/bash/shared.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/bash/shared.sh
new file mode 100644
index 0000000000..fc0a1d8b42
--- /dev/null
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/bash/shared.sh
@@ -0,0 +1,12 @@
+# platform = multi_platform_all
+# reboot = false
+# strategy = configure
+# complexity = low
+# disruption = low
+
+# Include source function library.
+. /usr/share/scap-security-guide/remediation_functions
+
+populate var_sshd_max_sessions
+
+{{{ bash_sshd_config_set(parameter="MaxSessions", value="$var_sshd_max_sessions") }}}
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/correct_value.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/correct_value.pass.sh
index a816eea390..4cc6d65988 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/correct_value.pass.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/correct_value.pass.sh
@@ -7,5 +7,5 @@ SSHD_CONFIG="/etc/ssh/sshd_config"
 if grep -q "^MaxSessions" $SSHD_CONFIG; then
         sed -i "s/^MaxSessions.*/MaxSessions 4/" $SSHD_CONFIG
     else
-            echo "MaxSessions 4" >> $SSHD_CONFIG
+        echo "MaxSessions 4" >> $SSHD_CONFIG
 fi
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/wrong_value.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/wrong_value.fail.sh
index b36125f5bb..bc0c47842a 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/wrong_value.fail.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/wrong_value.fail.sh
@@ -7,5 +7,5 @@ SSHD_CONFIG="/etc/ssh/sshd_config"
 if grep -q "^MaxSessions" $SSHD_CONFIG; then
         sed -i "s/^MaxSessions.*/MaxSessions 10/" $SSHD_CONFIG
     else
-            echo "MaxSessions 10" >> $SSHD_CONFIG
+        echo "MaxSessions 10" >> $SSHD_CONFIG
 fi