Closed brucellino closed 6 years ago
Welp... the ssh baseline profile is a burning mess of fail:
Profile Summary: 5 successful controls, 63 control failures, 0 controls skipped Test Summary: 36 successful, 64 failures, 0 skipped
Let's see if we can't do something about that.
After applying the profile ON THE ACTUAL MACHINE and not my laptop :man_facepalming: we now get :
Profile Summary: 65 successful controls, 3 control failures, 0 controls skipped
Test Summary: 97 successful, 3 failures, 0 skipped
Failure summary :
× sshd-15: Server: Specify UseLogin to NO
× SSHD Configuration UseLogin should eq "no"
× sshd-36: Server: Set a client alive interval
× SSHD Configuration ClientAliveInterval should eq "300"
× sshd-40: Server: Disable Agent forwarding
× SSHD Configuration AllowAgentForwarding should eq "no"
Woot.
Configuration and deployment is done over SSH using Ansible. This should be locked down appropriately.