Merge pull request #12735 from ericeberry/u2404_5115

dodys · web-flow · commit 7708eb8c9198 · 2024-12-19T11:04:13.000+01:00
Ubuntu 24.04 5.1.15 Ensure sshd MACs are configured
diff --git a/controls/cis_ubuntu2404.yml b/controls/cis_ubuntu2404.yml
@@ -1687,11 +1687,10 @@ controls:
     levels:
       - l1_server
       - l1_workstation
-    related_rules:
+    rules:
       - sshd_strong_macs=cis_ubuntu2404
       - sshd_use_strong_macs
-    status: planned
-    notes: TODO. Partial/incorrect implementation exists.See related rules. Analogous to ubuntu2204/5.2.14.
+    status: automated
 
   - id: 5.1.16
     title: Ensure sshd MaxAuthTries is configured (Automated)
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/good_mac.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/good_mac.pass.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu
 
 sed -i 's/^\s*MACs\s.*//i' /etc/ssh/sshd_config
 echo "MACs hmac-sha2-512" >> /etc/ssh/sshd_config
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/no_macs.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/no_macs.fail.sh
@@ -1,3 +1,3 @@
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu
 
 sed -i 's/^\s*MACs\s/# &/i' /etc/ssh/sshd_config
diff --git a/linux_os/guide/services/ssh/sshd_strong_macs.var b/linux_os/guide/services/ssh/sshd_strong_macs.var
@@ -17,3 +17,4 @@ options:
     cis_sle12: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160
     cis_sle15: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256
     cis_ubuntu2204: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256
+    cis_ubuntu2404: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel`
	`1`	`+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu`
`2`	`2`
`3`	`3`	`sed -i 's/^\sMACs\s.//i' /etc/ssh/sshd_config`
`4`	`4`	`echo "MACs hmac-sha2-512" >> /etc/ssh/sshd_config`
Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,3 @@`
`1`		`-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel`
	`1`	`+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu`
`2`	`2`
`3`	`3`	`sed -i 's/^\s*MACs\s/# &/i' /etc/ssh/sshd_config`
-Original file line number
+Diff line change
     cis_sle12: [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,hmac-ripemd160
     cis_sle15: [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256
     cis_ubuntu2204: [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256
 +    cis_ubuntu2404: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1