Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Removal of deprecated options for newer openssh versions #203

Merged
merged 5 commits into from
Oct 18, 2018
Merged

Removal of deprecated options for newer openssh versions #203

merged 5 commits into from
Oct 18, 2018

Conversation

artem-sidorenko
Copy link
Member

@artem-sidorenko artem-sidorenko commented Oct 16, 2018
edited
Loading

@artem-sidorenko
Ensure we do not have any deprecated config for sshd
9effc66 
Signed-off-by: Artem Sidorenko <artem@posteo.de>
@artem-sidorenko
lets use the latest centos fauxhai data in the spec tests
f8dbc23 
Signed-off-by: Artem Sidorenko <artem@posteo.de>
@artem-sidorenko
Deprecated UseLogin option
eaf1050 
should not be used for openssh >=7.4

Signed-off-by: Artem Sidorenko <artem@posteo.de>
@artem-sidorenko
Deprecated UsePrivilegeSeparation option
e092f11 
for openssh >=7.5

Signed-off-by: Artem Sidorenko <artem@posteo.de>
@artem-sidorenko
Avoid duplicate resource declaration
c9e58c2 
Signed-off-by: Artem Sidorenko <artem@posteo.de>
@coveralls
Copy link

Coverage Status

Coverage increased (+0.006%) to 99.831% when pulling c9e58c2 on artem-forks:deprecations into f042bc0 on dev-sec:master.

chris-rock
chris-rock approved these changes Oct 17, 2018
View reviewed changes
Copy link
Member

@chris-rock chris-rock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great improvement @artem-sidorenko

test/integration/default/controls/deprecations.rb
@@ -0,0 +1,7 @@
control 'sshd configuration should not have any deprecations' do
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is that something we should also test in the baseline?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure about this: baseline and ssh-hardening can be used independently, maybe somebody still has or wants to have deprecated options for some reasons? In the same time I wanted to ensure our template here is always up-to-date

@artem-sidorenko artem-sidorenko merged commit fb7a8f7 into dev-sec:master Oct 18, 2018
@artem-sidorenko artem-sidorenko deleted the deprecations branch October 18, 2018 18:13
@artem-sidorenko artem-sidorenko mentioned this pull request Oct 18, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chris-rock chris-rock chris-rock approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@artem-sidorenko @coveralls @chris-rock