Prints a list of server & client policies.
(out: OutputBuffer, verbose: bool)
| 765 | |
| 766 | |
| 767 | def list_policies(out: OutputBuffer, verbose: bool) -> None: |
| 768 | '''Prints a list of server & client policies.''' |
| 769 | |
| 770 | server_policy_names, client_policy_names = Policy.list_builtin_policies(verbose) |
| 771 | |
| 772 | if len(server_policy_names) > 0: |
| 773 | out.head('\nServer policies:\n') |
| 774 | out.info(" * %s" % "\n * ".join(server_policy_names)) |
| 775 | |
| 776 | if len(client_policy_names) > 0: |
| 777 | out.head('\nClient policies:\n') |
| 778 | out.info(" * %s" % "\n * ".join(client_policy_names)) |
| 779 | |
| 780 | out.sep() |
| 781 | if len(server_policy_names) == 0 and len(client_policy_names) == 0: |
| 782 | out.fail("Error: no built-in policies found!") |
| 783 | else: |
| 784 | out.info("\nHint: Use -P and provide the full name of a policy to run a policy scan with.\n") |
| 785 | out.info("Hint: Use -L -v to see the change log for each policy, as well as previous versions.\n") |
| 786 | out.info("Note: the general OpenSSH policies apply to the official releases only. OS distributions may back-port changes that cause failures (for example, Debian 11 back-ported the strict KEX mode into their package of OpenSSH v8.4, whereas it was only officially added to OpenSSH v9.6 and later). In these cases, consider creating a custom policy (-M option).\n") |
| 787 | out.info("Note: instructions for hardening targets, which correspond to the above policies, can be found at: <https://ssh-audit.com/hardening_guides.html>\n") |
| 788 | out.write() |
| 789 | |
| 790 | |
| 791 | def make_policy(aconf: AuditConf, banner: Optional['Banner'], kex: Optional['SSH2_Kex'], client_host: Optional[str]) -> None: |
no test coverage detected