X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=debian%2Fossec-hids%2Fvar%2Fossec%2Fetc%2Fshared%2Fsystem_audit_ssh.txt;fp=debian%2Fossec-hids%2Fvar%2Fossec%2Fetc%2Fshared%2Fsystem_audit_ssh.txt;h=0000000000000000000000000000000000000000;hp=a4d8e4254477753dfb1a6207518bdf88698c848a;hb=946517cefb8751a43a89bda4220221f065f4e5d1;hpb=3f728675941dc69d4e544d3a880a56240a6e394a diff --git a/debian/ossec-hids/var/ossec/etc/shared/system_audit_ssh.txt b/debian/ossec-hids/var/ossec/etc/shared/system_audit_ssh.txt deleted file mode 100644 index a4d8e42..0000000 --- a/debian/ossec-hids/var/ossec/etc/shared/system_audit_ssh.txt +++ /dev/null @@ -1,81 +0,0 @@ -# SSH Rootcheck -# -# v1.0 2016/01/20 -# Created by Wazuh, Inc. . -# jesus@wazuh.com -# This program is a free software; you can redistribute it and/or modify it under the terms of GPLv2 -# - - -$sshd_file=/etc/ssh/sshd_config; - - -# Listen PORT != 22 -# The option Port specifies on which port number ssh daemon listens for incoming connections. -# Changing the default port you may reduce the number of successful attacks from zombie bots, an attacker or bot doing port-scanning can quickly identify your SSH port. -[SSH Hardening - 1: Port 22 {PCI_DSS: 2.2.4}] [any] [1] -f:$sshd_file -> !r:^# && r:Port\.+22; - - -# Protocol 2 -# The Protocol parameter dictates which version of the SSH communication and encryption protocols are in use. -# Version 1 of the SSH protocol has weaknesses. -[SSH Hardening - 2: Protocol 1 {PCI_DSS: 2.2.4}] [any] [2] -f:$sshd_file -> !r:^# && r:Protocol\.+1; - - -# PermitRootLogin no -# The option PermitRootLogin specifies whether root can log in using ssh. -# If you want log in as root, you should use the option "Match" and restrict it to a few IP addresses. -[SSH Hardening - 3: Root can log in] [any] [3] -f:$sshd_file -> !r:^# && r:PermitRootLogin\.+yes; -f:$sshd_file -> r:^#\s*PermitRootLogin; - - -# PubkeyAuthentication yes -# Access only by public key -# Generally people will use weak passwords and have poor password practices. Keys are considered stronger than password. -[SSH Hardening - 4: No Public Key autentication {PCI_DSS: 2.2.4}] [any] [4] -f:$sshd_file -> !r:^# && r:PubkeyAuthentication\.+no; -f:$sshd_file -> r:^#\s*PubkeyAuthentication; - - -# PasswordAuthentication no -# The option PasswordAuthentication specifies whether we should use password-based authentication. -# Use public key authentication instead of passwords -[SSH Hardening - 5: Password Authentication {PCI_DSS: 2.2.4}] [any] [5] -f:$sshd_file -> !r:^# && r:PasswordAuthentication\.+yes; -f:$sshd_file -> r:^#\s*PasswordAuthentication; - - -# PermitEmptyPasswords no -# The option PermitEmptyPasswords specifies whether the server allows logging in to accounts with a null password -# Accounts with null passwords are a bad practice. -[SSH Hardening - 6: Empty passwords allowed {PCI_DSS: 2.2.4}] [any] [6] -f:$sshd_file -> !r:^# && r:PermitEmptyPasswords\.+yes; -f:$sshd_file -> r:^#\s*PermitEmptyPasswords; - - -# IgnoreRhosts yes -# The option IgnoreRhosts specifies whether rhosts or shosts files should not be used in authentication. -# For security reasons it is recommended to no use rhosts or shosts files for authentication. -[SSH Hardening - 7: Rhost or shost used for authentication {PCI_DSS: 2.2.4}] [any] [7] -f:$sshd_file -> !r:^# && r:IgnoreRhosts\.+no; -f:$sshd_file -> r:^#\s*IgnoreRhosts; - - -# LoginGraceTime 30 -# The option LoginGraceTime specifies how long in seconds after a connection request the server will wait before disconnecting if the user has not successfully logged in. -# 30 seconds is the recommended time for avoiding open connections without authenticate -[SSH Hardening - 8: Wrong Grace Time {PCI_DSS: 2.2.4}] [any] [8] -f:$sshd_file -> !r:^# && r:LoginGraceTime && !r:30\s*$; -f:$sshd_file -> r:^#\s*LoginGraceTime; - - -# MaxAuthTries 3 -# The MaxAuthTries parameter specifices the maximum number of authentication attempts permitted per connection. Once the number of failures reaches half this value, additional failures are logged. -# This should be set to 3. -[SSH Hardening - 9: Wrong Maximum number of authentication attempts {PCI_DSS: 2.2.4}] [any] [9] -f:$sshd_file -> !r:^# && r:MaxAuthTries && !r:3\s*$; -f:$sshd_file -> r:^#\s*MaxAuthTries; -f:$sshd_file -> !r:MaxAuthTries;