'sshd-39' - the value for AllowTcpForwarding parameter should be limited to either 'no' or 'local'

### Description

The title for the rule 'sshd-39' is 'Server: Disable TCP forwarding'.
The description is 'If you use TCP forwarding in an uncontrolled manner then you can bypass the firewalls'.
I suggest that the value for AllowTcpForwarding SSH server parameter in this particular rule (with such title and description) should be limited to the following:
- 'no' as it prevents all TCP forwarding;
- 'local' as it allows local forwarding only.

This will suite the title and the description more than it is now.

### Solution

I suggest removing input for AllowTcpForwarding SSH server parameter:
```
sshd_tcpforwarding = input('sshd_tcpforwarding', value: 'no')
```

And replace the line:
```
    its('AllowTcpForwarding') { should eq(sshd_tcpforwarding) }
```
with:
```
    its('AllowTcpForwarding') { should match(/^no|local$/) }
```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

'sshd-39' - the value for AllowTcpForwarding parameter should be limited to either 'no' or 'local' #216

Description

Solution

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

'sshd-39' - the value for AllowTcpForwarding parameter should be limited to either 'no' or 'local' #216

Description

Description

Solution

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions