From 1e3e666c211942772da05b6b499efcbe5d6d2798 Mon Sep 17 00:00:00 2001
From: "YiLin.Li" <YiLin.Li@linux.alibaba.com>
Date: Fri, 17 Nov 2023 15:14:08 +0800
Subject: [PATCH] 
 scanners/access-and-control/1.47-ensure-ssh-maxauthtries-is-set-to-between-3-and-5.sh:
 fix the scanner error when not hardened by default

Fixes:#I8HAXN
Signed-off-by: YiLin.Li <YiLin.Li@linux.alibaba.com>
---
 ...47-ensure-ssh-maxauthtries-is-set-to-between-3-and-5.sh | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/scanners/access-and-control/1.47-ensure-ssh-maxauthtries-is-set-to-between-3-and-5.sh b/scanners/access-and-control/1.47-ensure-ssh-maxauthtries-is-set-to-between-3-and-5.sh
index 4434380..8ca715d 100644
--- a/scanners/access-and-control/1.47-ensure-ssh-maxauthtries-is-set-to-between-3-and-5.sh
+++ b/scanners/access-and-control/1.47-ensure-ssh-maxauthtries-is-set-to-between-3-and-5.sh
@@ -1,10 +1,9 @@
-result=true
+result=false
 
-grep -Eiq '^\s*maxauthtries\s+([6-9]|[1-9][0-9]+)' /etc/ssh/sshd_config && result=false
-[ "$result" = true ] && grep -Eiq '^\s*maxauthtries\s+([0-2])' /etc/ssh/sshd_config && result=false
+sshd -T -C user=root -C host="$(hostname)" -C addr="$(grep $(hostname) /etc/hosts | awk '{print $1}')" | grep -Eiq ^maxauthtries\\s+[3-5] && grep -Eiq '^\s*maxauthtries\s+[3-5]' /etc/ssh/sshd_config && result=true
 
 if [ "$result" = true ]; then
     echo "pass"
 else
     echo "fail"
-fi
\ No newline at end of file
+fi
-- 
Gitee