From 60629374e66df5c14b30e9b96728589288c0154b Mon Sep 17 00:00:00 2001 From: Viktor Petersson Date: Thu, 27 Feb 2020 10:44:28 +0000 Subject: [PATCH] Adds new patch id recommended actions --- backend/recommended_actions.yaml | 60 +++----------------------------- 1 file changed, 5 insertions(+), 55 deletions(-) diff --git a/backend/recommended_actions.yaml b/backend/recommended_actions.yaml index b4f9c4fce..a0c46c739 100644 --- a/backend/recommended_actions.yaml +++ b/backend/recommended_actions.yaml @@ -95,17 +95,7 @@ terminal_title: | Here are the steps to resolve this issue. terminal_code: | - Find your sshd_config file - $ sudo find /etc -iname sshd_config - - Open the file above in your favorite editor - $ sudo vim /path/to/sshd_config - - Find the line that says 'AllowAgentForwarding', and change it into 'AllowAgentForwarding no'. - If the line does not exist, add it. Also, please note that lines starting with '#' are disabled - - Once you've added the line, make sure to restart SSH by running - $ sudo service ssh restart + $ sudo wott-agent patch openssh-agent-forwarding - title: Password authentication enabled for OpenSSH id: 2003 @@ -132,17 +122,7 @@ terminal_title: | Here are the steps to resolve this issue. terminal_code: | - Find your sshd_config file - $ sudo find /etc -iname sshd_config - - Open the file above in your favorite editor - $ sudo vim /path/to/sshd_config - - Find the line that says 'PasswordAuthentication', and change it into 'PasswordAuthentication no'. - If the line does not exist, add it. Also, please note that lines starting with '#' are disabled - - Once you've added the line, make sure to restart SSH by running - $ sudo service ssh restart + $ sudo wott-agent patch openssh-password-auth - title: Root login enabled for OpenSSH id: 2002 @@ -167,17 +147,7 @@ terminal_title: | Here are the steps to resolve this issue. terminal_code: | - Find your sshd_config file - $ sudo find /etc -iname sshd_config - - Open the file above in your favorite editor - $ sudo vim /path/to/sshd_config - - Find the line that says 'PermitRootLogin', and change it into 'PermitRootLogin no'. - If the line does not exist, add it. Also, please note that lines starting with '#' are disabled - - Once you've added the line, make sure to restart SSH by running - $ sudo service ssh restart + $ sudo wott-agent patch openssh-root-login - title: Empty passwords permitted for OpenSSH id: 2001 @@ -202,17 +172,7 @@ terminal_title: | Here are the steps to resolve this issue. terminal_code: | - Find your sshd_config file - $ sudo find /etc -iname sshd_config - - Open the file above in your favorite editor - $ sudo vim /path/to/sshd_config - - Find the line that says 'PermitEmptyPasswords', and change it into 'PermitEmptyPasswords no'. - If the line does not exist, add it. Also, please note that lines starting with '#' are disabled - - Once you've added the line, make sure to restart SSH by running - $ sudo service ssh restart + $ sudo wott-agent patch openssh-empty-password - title: Insecure protocol option enabled for OpenSSH id: 2005 @@ -237,17 +197,7 @@ terminal_title: | Here are the steps to resolve this issue. terminal_code: | - Find your sshd_config file - $ sudo find /etc -iname sshd_config - - Open the file above in your favorite editor - $ sudo vim /path/to/sshd_config - - Find the line that says 'Protocol', and change it into 'Protocol 2'. - If the line does not exist, add it. Also, please note that lines starting with '#' are disabled - - Once you've added the line, make sure to restart SSH by running - $ sudo service ssh restart + $ sudo wott-agent patch openssh-protocol - title: Automatic security updates not enabled id: 6