[5.2.18] Script breaks due to space separation in ALLOWED_USERS

Question

[5.2.18] Script breaks due to space separation in ALLOWED_USERS

lgaida opened this issue a year ago · 0 comments

In sshd_config the AllowUsers entry allows multiple users to be supplied by using space-separation but the script responsible for configuring it (5.2.18_sshd_limit_access) breaks if you use multiple space-separated users.

It works for a single user. E.g:
5.2.18_sshd_limit_acces.cfg

# Configuration for 5.2.18_sshd_limit_access
status=enabled
# Put here ssh user hardening list, there is a default in script to not break your configuration
# However, it can erase current configuration
ALLOWED_USERS='johndoe'
ALLOWED_GROUPS=''
DENIED_USERS=''
DENIED_GROUPS=''

5.2.18_sshd_limit_access  [ OK ] ^AllowUsers[[:space:]]*johndoe is present in /etc/ssh/sshd_config

But breaks when adding a second user. E.g:
5.2.18_sshd_limit_acces.cfg

# Configuration for 5.2.18_sshd_limit_access
status=enabled
# Put here ssh user hardening list, there is a default in script to not break your configuration
# However, it can erase current configuration
ALLOWED_USERS='johndoe janedoe'
ALLOWED_GROUPS=''
DENIED_USERS=''
DENIED_GROUPS=''

5.2.18_sshd_limit_access  [ OK ] ^AllowUsers[[:space:]]*johndoe is present in /etc/ssh/sshd_config
5.2.18_sshd_limit_access  [ KO ] ^janedoe'[[:space:]]*janedoe is not present in /etc/ssh/sshd_config

It is not even checking the right thing. Using this script with a .cfg with multiple allowed users and --apply will result in a broken sshd_config since a new line will be added to the sshd_config

janedoe' janedoe