Add amazon linux support to topfile #260
Conversation
| match_output: "ClientAliveInterval 300" | ||
| - '/etc/ssh/sshd_config': | ||
| tag: 'CIS-6.2.12' | ||
| pattern: "^ClientAliveCountMatch" |
There was a problem hiding this comment.
It should be ClientAliveCountMax
| - '/etc/ssh/sshd_config': | ||
| tag: 'CIS-6.2.11' | ||
| pattern: "Ciphers" | ||
| match_output: "Ciphers aes128-ctr,aes192-ctr,aes256-ctr" |
There was a problem hiding this comment.
If we look into CIS Amazon machine, it shows as 'Ciphers aes256-ctr,aes192-ctr,aes128-ctr' so if possible if we can check these values as OR condition or so. It will be awesome. I am not sure if there is any other way as well.
| - '/etc/ssh/sshd_config': | ||
| tag: 'CIS-6.2.2' | ||
| pattern: "^LogLevel" | ||
| match_output: 'LogLevel INFO' |
There was a problem hiding this comment.
If we look at cis amazon machine, it shows it says 'LogLevel VERBOSE' which is even better than INFO. So can we have OR check here as well.
| tag: 'CIS-1.1.10' | ||
| pattern: '/home' | ||
| match_output: 'nodev' | ||
| description: 'Add nodev Option to /home (Scored)' |
There was a problem hiding this comment.
As per CIS doc, 'If a /home partition exists run the following command and verify that the nodev option is set on /home.' but we are not checking for /home partition in via 'mount | grep /home'. So I think we should check 'mount | grep /home' first and if /home present then we should check /home pattern in /etc/fstab file.
| 'Amazon Linux*': | ||
| - '/etc/ssh/sshd_config': | ||
| tag: 'CIS-6.2.3' | ||
| mode: 600 |
There was a problem hiding this comment.
As per CIS doc, 'The /etc/ssh/sshd_config file needs to be protected from unauthorized changes by non- privileged users, but needs to be readable as this information is used with many non- privileged programs.' so this mean 644 should also be fine. We need to add OR check here.
|
Sorry @anuragpaliwal80, for some reason your review comments didn't show up. I'm going to fix them in a separate pull request. |
No description provided.