#! /bin/bash

# script checks SSH (sshd) configuration

. /usr/src/k_framework/main.sh

# ---- VARS -----

VERSION="1.0.2"
SCRIPT_NAME="SSL Check"


CONF="/etc/httpd/conf.d/ssl.conf"

# ---- FUNCTIONS -----


# ---- MAIN -----

k_start
k_config_details

if [[ $GUI_PRESENT != 1 ]]; then
    report "GUI not present" 3
    k_exit 0
fi

ssl_enabled=0
ssl_enabled=$(netstat -atnp | grep -F httpd | grep -Fc ":443")
if [[ $ssl_enabled == 0 ]]; then
    report "SSL not enabled" 3
    k_exit 0
else
    report "SSL enabled" 0
fi

if [ ! -f $CONF ]; then
    report "$CONF not present" 1
    k_exit 1
fi



line="SSLProtocol all -SSLv2 -SSLv3 -TLSv1"
if cat $CONF | awk -F "#" '{print $1}' | grep -q "$line"; then
    report "$line present" 0
else
    report "$line not present" 1
    EXIT_CODE=1
fi


line="SSLCipherSuite HIGH:!aNULL:!MD5:!3DES"
if cat $CONF | awk -F "#" '{print $1}' | grep -q "$line"; then
    report "$line present" 0
else
    report "$line not present" 1
    EXIT_CODE=1
fi

line="SSLHonorCipherOrder on"
if cat $CONF | awk -F "#" '{print $1}' | grep -q "$line"; then
    report "$line present" 0
else
    report "$line not present" 1
    EXIT_CODE=1
fi


if [[ $EXIT_CODE != 0 ]]; then
    report "SSL security failed" 1
    report "  https://wiki.kolmisoft.com/index.php/Setting_up_https_secure_connection#Hardening_SSL_security" fix
fi


k_exit $EXIT_CODE