more exact checking

This commit is contained in:
AJ ONeal 2018-10-31 23:47:13 -06:00
parent 40921b58ff
commit 7f18482566
1 changed files with 11 additions and 11 deletions

View File

@ -28,14 +28,14 @@ function sshAllowsPassword(user) {
stdout = (stdout||'').toString('utf8');
stderr = (stderr||'').toString('utf8');
if (/\bpassword\b/.test(stdout) || /\bpassword\b/.test(stderr)) {
resolve(true);
resolve('yes');
return;
}
if (/\bAuthentications\b/.test(stdout) || /\bAuthentications\b/.test(stderr)) {
resolve(false);
resolve('no');
return;
}
resolve();
resolve('maybe');
});
});
}
@ -43,21 +43,21 @@ function sshAllowsPassword(user) {
module.exports.checkSecurity = function () {
var conf = {};
var sshdConf = '/etc/ssh/sshd_config';
var noRootPasswordRe = /(^|[\r\n]+)\s*PermitRootLogin\s+(prohibit-password|without-password|no)\s*/i;
var noPasswordRe = /(^|[\r\n]+)\s*PasswordAuthentication\s+no\s*/i;
var noRootPasswordRe = /(?:^|[\r\n]+)\s*PermitRootLogin\s+(prohibit-password|without-password|no)\s*/i;
var noPasswordRe = /(?:^|[\r\n]+)\s*PasswordAuthentication\s+(no)\s*/i;
return readFile(sshdConf, null).then(function (sshd) {
sshd = sshd.toString('utf8');
conf.disallowPasswordRoot = noRootPasswordRe.test(sshd);
conf.disallowPassword = noPasswordRe.test(sshd);
var match;
match = sshd.match(noRootPasswordRe);
conf.permit_root_login = match ? match[1] : 'yes';
match = sshd.match(noPasswordRe);
conf.password_authentication = match ? match[1] : 'yes';
}).catch(function () {
// ignore error as that might not be the correct sshd_config location
}).then(function () {
var doesntExist = crypto.randomBytes(16).toString('hex');
return sshAllowsPassword(doesntExist).then(function (maybe) {
conf.allowsPassword = maybe;
return sshAllowsPassword('root').then(function (maybe) {
conf.allowsRootPassword = maybe;
});
conf.requests_password = maybe;
});
}).then(function () {
return conf;