- fix false positive for SSH host-based authentication check in sshd_config
Signed-off-by: Gabe <[email protected]> --- shared/oval/disable_host_auth.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/shared/oval/disable_host_auth.xml b/shared/oval/disable_host_auth.xml index 6f4eb9d..de51fd7 100644 --- a/shared/oval/disable_host_auth.xml +++ b/shared/oval/disable_host_auth.xml @@ -14,7 +14,7 @@ <extend_definition comment="sshd service is disabled" definition_ref="service_sshd_disabled" /> <criterion comment="Check HostbasedAuthentication in /etc/ssh/sshd_config" - test_ref="test_sshd_hostbasedauthentication" /> + negate="true" test_ref="test_sshd_hostbasedauthentication" /> </criteria> </definition> <ind:textfilecontent54_test check="all" check_existence="none_exist" @@ -24,7 +24,7 @@ </ind:textfilecontent54_test> <ind:textfilecontent54_object id="object_sshd_hostbasedauthentication" version="2"> <ind:filepath>/etc/ssh/sshd_config</ind:filepath> - <ind:pattern operation="pattern match">^[\s]*(?i)HostbasedAuthentication(?-i)[\s]+yes[\s]*(?:|(?:#.*))?$</ind:pattern> + <ind:pattern operation="pattern match">^[\s]*(?i)HostbasedAuthentication(?-i)[\s]+no[\s]*(?:|(?:#.*))?$</ind:pattern> <ind:instance datatype="int">1</ind:instance> </ind:textfilecontent54_object> </def-group> -- 2.0.0 -- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
