Tests fail after fulfilling the requirement.
anuraagrijal3138 opened this issue · 3 comments
mount | grep /tmp
tmpfs on /tmp type tmpfs (rw,nosuid,nodev,noexec)
tmpfs on /var/tmp type tmpfs (rw,nosuid,nodev,noexec,relatime)
mount | grep /dev/shm
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev,noexec)
sudo cat /etc/fstab
UUID=43c393a0-270f-40e5-a645-89d59b53aa70 / ext4 defaults 0 0
UUID=95b06f6d-f1e0-4e85-9e4a-5b30180d8042 /boot ext4 defaults 0 0
tmpfs /dev/shm tmpfs defaults,nodev,nosuid,noexec 0 0
tmpfs /var/tmp tmpfs defaults,nodev,nosuid,noexec 0 0
tmpfs /tmp tmpfs defaults,nodev,nosuid,noexec 0 0
/dev/mapper/vg0-lv7 /home ext4 nodev 0 0
UUID=a43af48b-b9ba-494a-965a-0ce5ba3d1f58 /var ext4 defaults 0 0
UUID=d12ba100-76eb-43d0-8e96-bf124487dd58 /var/log ext4 defaults 0 0
UUID=8502d6fd-f01b-407e-9aba-a91f372fa01e /var/log/audit ext4 defaults 0 0
Even tho /tmp, /var/tmp, /dev/shm are mounted with options nosuid,noexec,nodev. The bench gives me following output:
[FAIL] 1.1.3 Ensure nodev option set on /tmp partition
[FAIL] 1.1.4 Ensure nosuid option set on /tmp partition
[FAIL] 1.1.5 Ensure noexec option set on /tmp partition
[FAIL] 1.1.6 Ensure separate partition exists for /var
[FAIL] 1.1.7 Ensure separate partition exists for /var/tmp
[FAIL] 1.1.8 Ensure nodev option set on /var/tmp partition
[FAIL] 1.1.9 Ensure nosuid option set on /var/tmp partition
[FAIL] 1.1.10 Ensure noexec option set on /var/tmp partition
[FAIL] 1.1.11 Ensure noexec option set on /var/tmp partition
[FAIL] 1.1.12 Ensure noexec option set on /var/tmp partition
[FAIL] 1.1.13 Ensure noexec option set on /var/tmp partition
[FAIL] 1.1.14 Ensure noexec option set on /var/tmp partition
[FAIL] 1.1.15 Ensure separate partition exists for /var/log
[FAIL] 1.1.16 Ensure separate partition exists for /var/log/audit
[FAIL] 1.1.17 Ensure separate partition exists for /home
[FAIL] 1.1.18 Ensure nodev option set on /home partition
[FAIL] 1.1.19 Ensure nodev option set on /dev/shm partition
[FAIL] 1.1.20 Ensure nosuid option set on /dev/shm partition
[FAIL] 1.1.21 Ensure noexec option set on /dev/shm partition
Not only this but:
sudo tail -12 /etc/ssh/sshd_config
Protocol 2
LogLevel INFO
IgnoreRhosts yes
HostbasedAuthentication no
PermitRootLogin no
PermitEmptyPasswords no
PermitUserEnvironment no
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
ClientAliveInterval 300
ClientAliveCountMax 3
LoginGraceTime 60
Banner /etc/issue.net
The bench output:
[FAIL] 5.2.2 Ensure SSH Protocol is set to 2
[FAIL] 5.2.3 Ensure SSH LogLevel is set to INFO
[FAIL] 5.2.4 Ensure SSH X11 forwarding is disabled
[FAIL] 5.2.5 Ensure SSH MaxAuthTries is set to 4 or less
[FAIL] 5.2.6 Ensure SSH IgnoreRhosts is enabled
[FAIL] 5.2.7 Ensure SSH HostbasedAuthentication is disabled
[FAIL] 5.2.8 Ensure SSH root login is disabled
[FAIL] 5.2.9 Ensure SSH PermitEmptyPasswords is disabled
[FAIL] 5.2.10 Ensure SSH PermitUserEnvironment is disabled
[FAIL] 5.2.11 Ensure only approved MAC algorithms are used
[FAIL] 5.2.12.a Ensure SSH Idle Timeout Interval is configured
[FAIL] 5.2.12.b Ensure SSH Idle Timeout Interval is configured
[FAIL] 5.2.13 Ensure SSH LoginGraceTime is set to one minute or less
There are more failed benchmark tests I can provide.
cat /etc/os-release
NAME="Ubuntu"
VERSION="18.04.4 LTS (Bionic Beaver)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 18.04.4 LTS"
VERSION_ID="18.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=bionic
UBUNTU_CODENAME=bionic
Hey @anuraagrijal3138 we recently made some updates in order to get a better understanding off errors and warnings.
And as Liz mentioned we fixed some issues as well.
I was enable to reproduce the problem you had in chapter 5, could you please try run it again and tell us the results?
Closing, please reopen if its still a issue.