go.mondoo.com/cnquery@v0.0.0-20231005093811-59568235f6ea/providers-sdk/v1/testutils/testdata/fedora.toml (about) 1 # File contents taken from a Fedora 36 Workstation installation 2 # with some manual extra files to allow for other test cases 3 4 [files."/etc/ssh/sshd_config.d"] 5 content = """50-redhat.conf""" 6 stat.isdir = true 7 8 [files."/etc/ssh/sshd_config"] 9 content = """# $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $ 10 11 # This is the sshd server system-wide configuration file. See 12 # sshd_config(5) for more information. 13 14 # This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin 15 16 # The strategy used for options in the default sshd_config shipped with 17 # OpenSSH is to specify options with their default value where 18 # possible, but leave them commented. Uncommented options override the 19 # default value. 20 21 # To modify the system-wide sshd configuration, create a *.conf file under 22 # /etc/ssh/sshd_config.d/ which will be automatically included below 23 Include /etc/ssh/sshd_config.d/*.conf 24 25 # If you want to change the port on a SELinux system, you have to tell 26 # SELinux about this change. 27 # semanage port -a -t ssh_port_t -p tcp #PORTNUMBER 28 # 29 #Port 22 30 #AddressFamily any 31 #ListenAddress 0.0.0.0 32 #ListenAddress :: 33 34 #HostKey /etc/ssh/ssh_host_rsa_key 35 #HostKey /etc/ssh/ssh_host_ecdsa_key 36 #HostKey /etc/ssh/ssh_host_ed25519_key 37 38 # Ciphers and keying 39 #RekeyLimit default none 40 41 42 # Logging 43 #SyslogFacility AUTH 44 #LogLevel INFO 45 46 # Authentication: 47 48 #LoginGraceTime 2m 49 #PermitRootLogin prohibit-password 50 #StrictModes yes 51 #MaxAuthTries 6 52 #MaxSessions 10 53 54 #PubkeyAuthentication yes 55 56 # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 57 # but this is overridden so installations will only check .ssh/authorized_keys 58 AuthorizedKeysFile .ssh/authorized_keys 59 60 #AuthorizedPrincipalsFile none 61 62 #AuthorizedKeysCommand none 63 #AuthorizedKeysCommandUser nobody 64 65 # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 66 #HostbasedAuthentication no 67 # Change to yes if you don't trust ~/.ssh/known_hosts for 68 # HostbasedAuthentication 69 #IgnoreUserKnownHosts no 70 # Don't read the user's ~/.rhosts and ~/.shosts files 71 #IgnoreRhosts yes 72 73 # To disable tunneled clear text passwords, change to no here! 74 #PasswordAuthentication yes 75 #PermitEmptyPasswords no 76 77 # Change to no to disable s/key passwords 78 #KbdInteractiveAuthentication yes 79 80 # Kerberos options 81 #KerberosAuthentication no 82 #KerberosOrLocalPasswd yes 83 #KerberosTicketCleanup yes 84 #KerberosGetAFSToken no 85 #KerberosUseKuserok yes 86 87 # GSSAPI options 88 #GSSAPIAuthentication no 89 #GSSAPICleanupCredentials yes 90 #GSSAPIStrictAcceptorCheck yes 91 #GSSAPIKeyExchange no 92 #GSSAPIEnablek5users no 93 94 # Set this to 'yes' to enable PAM authentication, account processing, 95 # and session processing. If this is enabled, PAM authentication will 96 # be allowed through the KbdInteractiveAuthentication and 97 # PasswordAuthentication. Depending on your PAM configuration, 98 # PAM authentication via KbdInteractiveAuthentication may bypass 99 # the setting of "PermitRootLogin without-password". 100 # If you just want the PAM account and session checks to run without 101 # PAM authentication, then enable this but set PasswordAuthentication 102 # and KbdInteractiveAuthentication to 'no'. 103 # WARNING: 'UsePAM no' is not supported in Fedora and may cause several 104 # problems. 105 #UsePAM no 106 107 #AllowAgentForwarding yes 108 #AllowTcpForwarding yes 109 #GatewayPorts no 110 #X11Forwarding no 111 #X11DisplayOffset 10 112 #X11UseLocalhost yes 113 #PermitTTY yes 114 #PrintMotd yes 115 #PrintLastLog yes 116 #TCPKeepAlive yes 117 #PermitUserEnvironment no 118 #Compression delayed 119 #ClientAliveInterval 0 120 #ClientAliveCountMax 3 121 #UseDNS no 122 #PidFile /var/run/sshd.pid 123 #MaxStartups 10:30:100 124 #PermitTunnel no 125 #ChrootDirectory none 126 #VersionAddendum none 127 128 # no default banner path 129 #Banner none 130 131 # override default of no subsystems 132 Subsystem sftp /usr/libexec/openssh/sftp-server 133 134 # Example of overriding settings on a per-user basis 135 #Match User anoncvs 136 # X11Forwarding no 137 # AllowTcpForwarding no 138 # PermitTTY no 139 # ForceCommand cvs server 140 141 """ 142 143 [files."/etc/ssh/sshd_config.d/50-redhat.conf"] 144 content = """# This system is following system-wide crypto policy. The changes to 145 # crypto properties (Ciphers, MACs, ...) will not have any effect in 146 # this or following included files. To override some configuration option, 147 # write it before this block or include it before this file. 148 # Please, see manual pages for update-crypto-policies(8) and sshd_config(5). 149 Include /etc/crypto-policies/back-ends/opensshserver.config made-up-file.conf 150 151 SyslogFacility AUTHPRIV 152 153 ChallengeResponseAuthentication no 154 155 GSSAPIAuthentication yes 156 GSSAPICleanupCredentials no 157 158 UsePAM yes 159 160 X11Forwarding yes 161 162 # It is recommended to use pam_motd in /etc/pam.d/sshd instead of PrintMotd, 163 # as it is more configurable and versatile than the built-in version. 164 PrintMotd no 165 166 # Accept locale-related environment variables 167 AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES 168 AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT 169 AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE 170 AcceptEnv XMODIFIERS 171 172 """ 173 174 [files."/etc/ssh/made-up-file.conf"] 175 content = """Port 35 176 Include directory-with-files 177 """ 178 179 [files."/etc/ssh/directory-with-files"] 180 stat.isdir = true 181 content = """maxsessions 182 """ 183 184 [files."/etc/ssh/directory-with-files/maxsessions"] 185 content = """MaxSessions 99""" 186 187 [files."/etc/crypto-policies/back-ends/opensshserver.config"] 188 content = """Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr 189 MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512 190 GSSAPIKexAlgorithms gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512- 191 KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512 192 HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com 193 PubkeyAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com 194 CASignatureAlgorithms ecdsa-sha2-nistp256,sk-ecdsa-sha2-nistp256@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-256,rsa-sha2-512 195 """