From 3f6d10d16b3e9b7f37c4534df9b7157effdd79ba Mon Sep 17 00:00:00 2001
From: Miha Purg <miha.purg@canonical.com>
Date: Thu, 18 Apr 2024 15:53:34 +0200
Subject: [PATCH] Fix Ubuntu tests for sshd_use_approved_macs_ordered_stig

---
 .../tests/comment.fail.sh                              | 10 ++++++++--
 .../tests/correct_reduced_list.pass.sh                 |  1 +
 .../tests/correct_value.pass.sh                        | 10 ++++++++--
 .../tests/correct_value_config_dir.pass.sh             |  8 ++++++++
 4 files changed, 25 insertions(+), 4 deletions(-)
 create mode 100644 linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/tests/correct_value_config_dir.pass.sh

diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/tests/comment.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/tests/comment.fail.sh
index 26bf18234c2a..f4d7ea92e008 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/tests/comment.fail.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/tests/comment.fail.sh
@@ -1,7 +1,13 @@
 #!/bin/bash
 
+{{% if product == "ubuntu2204" %}}
+sshd_approved_macs="hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-256-etm@openssh.com"
+{{% else %}}
+sshd_approved_macs="hmac-sha2-512,hmac-sha2-256"
+{{% endif %}}
+
 if grep -q "^MACs" /etc/ssh/sshd_config; then
-	sed -i "s/^MACs.*/# MACs hmac-sha2-512,hmac-sha2-256/" /etc/ssh/sshd_config
+	sed -i "s/^MACs.*/# MACs $sshd_approved_macs/" /etc/ssh/sshd_config
 else
-	echo "# ciphers MACs hmac-sha2-512,hmac-sha2-256" >> /etc/ssh/sshd_config
+	echo "# ciphers MACs $sshd_approved_macs" >> /etc/ssh/sshd_config
 fi
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/tests/correct_reduced_list.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/tests/correct_reduced_list.pass.sh
index 0d922cdee9bf..17ff9f0aa773 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/tests/correct_reduced_list.pass.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/tests/correct_reduced_list.pass.sh
@@ -1,4 +1,5 @@
 #!/bin/bash
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle
 
 if grep -q "^MACs" /etc/ssh/sshd_config; then
 	sed -i "s/^MACs.*/MACs hmac-sha2-512/" /etc/ssh/sshd_config
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/tests/correct_value.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/tests/correct_value.pass.sh
index 19da7102a704..5c1a29aa8573 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/tests/correct_value.pass.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/tests/correct_value.pass.sh
@@ -1,7 +1,13 @@
 #!/bin/bash
 
+{{% if product == "ubuntu2204" %}}
+sshd_approved_macs="hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-256-etm@openssh.com"
+{{% else %}}
+sshd_approved_macs="hmac-sha2-512,hmac-sha2-256"
+{{% endif %}}
+
 if grep -q "^MACs" /etc/ssh/sshd_config; then
-	sed -i "s/^MACs.*/MACs hmac-sha2-512,hmac-sha2-256/" /etc/ssh/sshd_config
+	sed -i "s/^MACs.*/MACs $sshd_approved_macs/" /etc/ssh/sshd_config
 else
-	echo 'MACs hmac-sha2-512,hmac-sha2-256' >> /etc/ssh/sshd_config
+	echo "MACs $sshd_approved_macs" >> /etc/ssh/sshd_config
 fi
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/tests/correct_value_config_dir.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/tests/correct_value_config_dir.pass.sh
new file mode 100644
index 000000000000..6fb9b63c576e
--- /dev/null
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/tests/correct_value_config_dir.pass.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+# platforms = multi_platform_ubuntu
+
+sshd_approved_macs="hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-256-etm@openssh.com"
+
+sed -i "/^MACs.*/d" /etc/ssh/sshd_config
+sed -i "/^MACs.*/d" /etc/ssh/sshd_config.d/*
+echo "MACs $sshd_approved_macs" >> /etc/ssh/sshd_config.d/test.conf