search

dev-sec / ssh-baseline

DevSec SSH Baseline - InSpec Profile
https://dev-sec.io/baselines/ssh/
Apache License 2.0
283 stars 78 forks source link

WIP: ssh baseline refactoring. #126

Open JHeinzde opened 5 years ago

JHeinzde commented 5 years ago

This is a WIP refactoring of the ssh baseline to match the chef-ssh-hardening implementation.

chris-rock commented 5 years ago

@JHeinzde Very nice. I am looking forward to see this work completed

JHeinzde commented 5 years ago

Hello @artem-sidorenko, I have put more work into this and will honor the plan you described here, but modify it a bit: 

one PR related to the linting/rubocop stuff
another PR with the renaming of ssh_version to real_ssh_version and switch of current controls to it
next PR with a first implementation of ssh_version and only for privlege_separation part
next PR or PRs with crypto stuff, algorithms etc.

Since I think no rename is required to ssh_version its going to stay like this. I will first submit 2 pull requests. The first PR is going to be aimed at find_ssh_version, guess_ssh_version and PRIVILEGE_SEPARATION and HOSTKEY Algorithms. The second PR is going to introduce the cryptologic of devsec_ssh.rb.

The last one is going to be related to rubocop/other stuff, when I can figure out the consequences of this, since at least for me currently the travis build is broken with these changes I've done