CIS CentOS 7 - 6.2.11 - Githubissues

hubblestack / nova

Hubble's Auditing System. This repo is deprecated in favor of https://github.com/hubblestack/hubble-salt

https://hubblestack.io

Apache License 2.0

50 stars 26 forks source link

CIS CentOS 7 - 6.2.11 #285

Closed ssoto2 closed 7 years ago

ssoto2 commented 7 years ago

In the centos-7-level-1-scored-v1.yaml

6.2.11 is looking for the following:

  sshd_approved_cipher:
      data:
        CentOS Linux-7:
        - /etc/ssh/sshd_config:
            match_output: 'Ciphers aes128-ctr,aes192-ctr,aes256-ctr '
            pattern: Ciphers
            tag: CIS-6.2.11

The addition space at the end of the match output is causing test to fail unless your sshd config had a space at the very end also.

basepi commented 7 years ago

Good catch! I'll fix that shortly.