From c4c7ff686f2829f77c003bccea275eb1e6e892ce Mon Sep 17 00:00:00 2001 From: qinzhiben Date: Tue, 16 May 2023 14:36:57 +0800 Subject: [PATCH 1/2] Adding detection files to determine whether the MaxSessions content exists, preventing multiple configurations --- .../1.25-ensure-ssh-maxsessions-is-set-to-10-or-less.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/remediation-kits/access-and-control/1.25-ensure-ssh-maxsessions-is-set-to-10-or-less.sh b/remediation-kits/access-and-control/1.25-ensure-ssh-maxsessions-is-set-to-10-or-less.sh index 6f253c9..3f4e35d 100644 --- a/remediation-kits/access-and-control/1.25-ensure-ssh-maxsessions-is-set-to-10-or-less.sh +++ b/remediation-kits/access-and-control/1.25-ensure-ssh-maxsessions-is-set-to-10-or-less.sh @@ -1 +1,5 @@ -echo "MaxSessions 10" >> /etc/ssh/sshd_config \ No newline at end of file +if grep -Eq "^(\s*)MaxSessions\s+\S+(\s*#.*)?\s*$" /etc/ssh/sshd_config;then + exit +else + echo "MaxSessions 10" >> /etc/ssh/sshd_config +fi -- Gitee From 28784af0843e5aaddb36e3ef2378548ef9780413 Mon Sep 17 00:00:00 2001 From: qinzhiben <9528876+qinzhiben@user.noreply.gitee.com> Date: Wed, 17 May 2023 01:45:23 +0000 Subject: [PATCH 2/2] update remediation-kits/access-and-control/1.25-ensure-ssh-maxsessions-is-set-to-10-or-less.sh. Signed-off-by: qinzhiben <9528876+qinzhiben@user.noreply.gitee.com> --- .../1.25-ensure-ssh-maxsessions-is-set-to-10-or-less.sh | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/remediation-kits/access-and-control/1.25-ensure-ssh-maxsessions-is-set-to-10-or-less.sh b/remediation-kits/access-and-control/1.25-ensure-ssh-maxsessions-is-set-to-10-or-less.sh index 3f4e35d..9bcb24d 100644 --- a/remediation-kits/access-and-control/1.25-ensure-ssh-maxsessions-is-set-to-10-or-less.sh +++ b/remediation-kits/access-and-control/1.25-ensure-ssh-maxsessions-is-set-to-10-or-less.sh @@ -1,5 +1,2 @@ -if grep -Eq "^(\s*)MaxSessions\s+\S+(\s*#.*)?\s*$" /etc/ssh/sshd_config;then - exit -else - echo "MaxSessions 10" >> /etc/ssh/sshd_config -fi +grep -Psq "^(\s*)MaxSessions\s+[1-9][0]{0,1}$" /etc/ssh/sshd_config || sed -ri 's/^(\s*)MaxSessions\s+[1-9][0-9]{0,}$/MaxSessions 10/g' /etc/ssh/sshd_config +grep -Psq "^(\s*)MaxSessions\s+\S+(\s*#.*)?\s*$" /etc/ssh/sshd_config || echo "MaxSessions 10" >> /etc/ssh/sshd_config \ No newline at end of file -- Gitee