diff --git a/test b/test deleted file mode 100755 index 5e84994..0000000 --- a/test +++ /dev/null @@ -1,169 +0,0 @@ -#!/bin/bash - -ssh_clean () -{ - ssh-keygen -R "[127.0.0.1]:4242" >/dev/null 2>&1 -} - -ssh_exec () -{ - port=${1-4242} - shift - login=${1-marvin} - shift - pass=${1-Born2beWild} - shift - export SSHPASS="${pass}" - ./ssh.exp -p ${port} ${login}@127.0.0.1 $@ 2>&1 \ - | grep -v -i -e '^Warning: Permanently added' -e ' password:' -e '^spawn ssh' -} - -ssh_sudo () -{ - port=${1-4242} - shift - login=${1-marvin} - shift - pass=${1-Born2beWild} - shift - export SSHPASS="${pass}" - ./ssh_sudo.exp -p ${port} ${login}@127.0.0.1 sudo $@ 2>&1 \ - | grep -v -i -e '^Warning: Permanently added' -e 'password' -e '^spawn ssh' -e 'Connection to' -} - -main () -{ - port=${1-4242} - echo -n "Username: " - read -r login - if [ "${login}" == "" ] - then - login=$(git config user.name || echo $USER) - fi - echo -n "Password: " - read -s pass - if [ "${pass}" == "" ] - then - pass="Born2beWild" - fi - echo "" - - ssh_clean - - if ssh_exec ${port} ${login} ${pass} hostname -s | grep -q "^${login}42" - then - echo "OK: Hostname is ${login}42" - else - echo "KO: Unexpected hostname (should be ${login}42)" - fi - - if ssh_exec ${port} ${login} ${pass} cat /etc/os-release | grep -q -i -E "(CentOS|Debian)" - then - echo "OK: Debian or CentOS installed" - else - echo "KO: Unknown Linux distribution" - fi - - if ssh_exec ${port} ${login} ${pass} cat /etc/os-release | grep -q -i -E '(bullseye|"8")' - then - echo "OK: Using stable distro" - else - echo "KO: Not using stable distro" - fi - - if ssh_exec ${port} ${login} ${pass} /usr/sbin/aa-status | grep -q -i -E "apparmor module is loaded" \ - || ssh_exec ${port} ${login} ${pass} sestatus | grep -q -i -E "SELinux status:[^e]*enabled" - then - echo "OK: AppArmor or SELinux is active" - else - echo "KO: No AppArmor or SELinux is active" - fi - - if ssh_exec ${port} ${login} ${pass} lspci | grep -q -i -E "(VirtualBox|QEMU)" - then - echo "OK: VirtualBox or UTM QEMU" - else - echo "KO: Unexpected Virtual Machine" - fi - - if ssh_exec ${port} ${login} ${pass} dpkg -l | grep -q -i -E "(xserver|xorg)" \ - || ssh_exec ${port} ${login} ${pass} rpm -qa | grep -q -i -E "(xserver|xorg)" - then - echo "KO: X server is present" - else - echo "OK: No X server" - fi - - if ssh_exec ${port} ${login} ${pass} lsblk | grep -q -i -E "_crypt" - then - echo "OK: Disk is encrypted" - else - echo "KO: Disk is not encrypted" - fi - - if ssh_exec ${port} ${login} ${pass} lsblk | grep -c "lvm" | grep -q -E '^[2-9]' - then - echo "OK: Two or more partitions use LVM" - else - echo "KO: Less than two or no partitions use LVM" - fi - - if ssh_exec ${port} ${login} ${pass} cat /etc/ssh/sshd_config | grep -q -i -E '^Port 4242' \ - && ssh_exec ${port} ${login} ${pass} cat /etc/ssh/sshd_config | grep -q -i -E '^PermitRootLogin no' - then - echo "OK: SSH config is correctly setup" - else - echo "KO: SSH config is not correctly setup" - fi - - if ssh_exec ${port} ${login} ${pass} groups ${login} | grep -q -E "( user42.* sudo| sudo.* user42)" - then - echo "OK: ${login} is member of both user42 and sudo groups" - else - echo "KO: ${login} is not member of both user42 and sudo groups" - fi - - if ssh_exec ${port} ${login} ${pass} chage -l ${login} | grep -q -i -E '^Maximum number of days between password change.*\: 30' \ - && ssh_exec ${port} ${login} ${pass} chage -l ${login} | grep -q -i -E '^Minimum number of days between password change.*\: 2' \ - && ssh_exec ${port} ${login} ${pass} chage -l ${login} | grep -q -i -E '^Number of days of warning before password expires.*\: 7' - then - echo "OK: Password expiration for ${login} is correct" - else - echo "KO: Password expiration for ${login} is wrong" - fi - - if ssh_exec ${port} ${login} ${pass} cat /etc/login.defs | grep -q -i -E '^PASS_MAX_DAYS.*\t30' \ - && ssh_exec ${port} ${login} ${pass} cat /etc/login.defs | grep -q -i -E '^PASS_MIN_DAYS.*\t2' \ - && ssh_exec ${port} ${login} ${pass} cat /etc/login.defs | grep -q -i -E '^PASS_WARN_AGE.*\t7' - then - echo "OK: Password expiration policy is correct" - else - echo "KO: Password expiration policy is wrong" - fi - - if ssh_exec ${port} ${login} ${pass} ss -tunlpe | grep -q -E "LISTEN.*:4242.*ssh" - then - echo "OK: ssh running on 4242" - else - echo "KO: ssh not running on 4242" - fi - - if ssh_sudo ${port} ${login} ${pass} /usr/sbin/ufw status | grep -q -E "Status: active" - then - echo "OK: Firewall ufw is active" - else - echo "KO: No firewall ufw is active" - fi - - if ssh_sudo ${port} ${login} ${pass} /usr/sbin/ufw status | grep -q -E "4242.*ALLOW.*Anywhere" - then - echo "OK: Firewall allow port 4242 from anywhere" - else - echo "KO: Firewall does not allow port 4242 from anywhere" - fi -} - -main $@ -exit $? - -#42