Avoid usage of weak DH primes

See this for more information and background:
 - https://access.redhat.com/blogs/766093/posts/2177481
 - https://entropux.net/article/openssh-moduli/
 - https://stribika.github.io/2015/01/04/secure-secure-shell.html
 - http://security.stackexchange.com/questions/41941/consequences-of-tampered-etc-ssh-moduli

Author: artem-sidorenko

README.md

@@ -46,6 +46,7 @@ override['ssh-hardening']['ssh']['server']['listen_to'] = node['ipaddress']
 * `['ssh-hardening']['ssh']['client']['remote_hosts']` - `[]` - one or more hosts, to which ssh-client can connect to.
 * `['ssh-hardening']['ssh']['client']['password_authentication']` - `false`. Set to `true` if password authentication should be enabled.
 * `['ssh-hardening']['ssh']['client']['roaming']` - `false`. Set to `true` if experimental client roaming should be enabled. This is known to cause potential issues with secrets being disclosed to malicious servers and defaults to being disabled.
+* `['ssh-hardening']['ssh']['server']['dh_min_prime_size']` - `2048` - Minimal acceptable prime length in bits in `/etc/ssh/moduli`. Primes below this number will get removed. (See [this](https://entropux.net/article/openssh-moduli/) for more information and background)
 * `['ssh-hardening']['ssh']['server']['listen_to']` `#override attribute#` - one or more ip addresses, to which ssh-server should listen to. Default is to listen on all interfaces. It should be configured for security reasons!
 * `['ssh-hardening']['ssh']['server']['allow_root_with_key']` - `false` to disable root login altogether. Set to `true` to allow root to login via key-based mechanism
 * `['ssh-hardening']['ssh']['server']['allow_tcp_forwarding']` - `false`. Set to `true` to allow TCP Forwarding

attributes/default.rb

@@ -70,6 +70,7 @@
 default['ssh-hardening']['ssh']['server']['cbc_required']             = false
 default['ssh-hardening']['ssh']['server']['weak_hmac']                = false
 default['ssh-hardening']['ssh']['server']['weak_kex']                 = false
+default['ssh-hardening']['ssh']['server']['dh_min_prime_size']        = 2048
 default['ssh-hardening']['ssh']['server']['host_key_files']           = ['/etc/ssh/ssh_host_rsa_key', '/etc/ssh/ssh_host_dsa_key', '/etc/ssh/ssh_host_ecdsa_key']
 default['ssh-hardening']['ssh']['server']['client_alive_interval']    = 600     # 10min
 default['ssh-hardening']['ssh']['server']['client_alive_count']       = 3       # ~> 3 x interval

recipes/server.rb

@@ -30,6 +30,9 @@
     ['0.0.0.0']
   end
 
+# some internal definitions
+dh_moduli_file = '/etc/ssh/moduli'
+
 # installs package name
 package 'openssh-server' do
   package_name node['ssh-hardening']['sshserver']['package']
@@ -73,6 +76,36 @@
   end
 end
 
+# handle Diffie-Hellman moduli
+# remove all small primes
+# https://stribika.github.io/2015/01/04/secure-secure-shell.html
+dh_min_prime_size = node['ssh-hardening']['ssh']['server']['dh_min_prime_size'].to_i - 1 # 4096 is 4095 in the moduli file
+ruby_block 'remove small primes from DH moduli' do # ~FC014
+  block do
+    tmp_file = "#{dh_moduli_file}.tmp"
+    ::File.open(tmp_file, 'w') do |new_file|
+      ::File.readlines(dh_moduli_file).each do |line|
+        unless line_match = line.match(/^(\d+ ){4}(\d+) \d+ \h+$/) # rubocop:disable Lint/AssignmentInCondition
+          # some line without expected data structure, e.g. comment line
+          # write it and go to the next data
+          new_file.write(line)
+          next
+        end
+
+        # lets compare the bits and do not write the lines with small bit size
+        bits = line_match[2]
+        new_file.write(line) unless bits.to_i < dh_min_prime_size
+      end
+    end
+
+    # we use cp&rm to preserve the permissions of existing file
+    FileUtils.cp(tmp_file, dh_moduli_file)
+    FileUtils.rm(tmp_file)
+  end
+  not_if "test $(awk '$5 < #{dh_min_prime_size} && $5 ~ /^[0-9]+$/ { print $5 }' #{dh_moduli_file} | uniq | wc -c) -eq 0"
+  notifies :restart, 'service[sshd]'
+end
+
 # defines the sshd service
 service 'sshd' do
   # use upstart for ubuntu, otherwise chef uses init

spec/recipes/default_spec.rb

@@ -23,6 +23,10 @@
     ChefSpec::ServerRunner.new.converge(described_recipe)
   end
 
+  before do
+    stub_command("test $(awk '$5 < 2047 && $5 ~ /^[0-9]+$/ { print $5 }' /etc/ssh/moduli | uniq | wc -c) -eq 0").and_return(true)
+  end
+
   # check that the recipes are executed
   it 'includes server recipe' do
     expect(chef_run).to include_recipe('ssh-hardening::server')

spec/recipes/server_spec.rb

@@ -21,12 +21,17 @@
 describe 'ssh-hardening::server' do
   let(:helper_lib) { DevSec::Ssh }
   let(:ssh_config_file) { '/etc/ssh/sshd_config' }
+  let(:dh_primes_ok) { true }
 
   # converge
   cached(:chef_run) do
     ChefSpec::ServerRunner.new.converge(described_recipe)
   end
 
+  before do
+    stub_command("test $(awk '$5 < 2047 && $5 ~ /^[0-9]+$/ { print $5 }' /etc/ssh/moduli | uniq | wc -c) -eq 0").and_return(dh_primes_ok)
+  end
+
   it 'installs openssh-server' do
     expect(chef_run).to install_package('openssh-server')
   end
@@ -327,6 +332,28 @@
     end
   end
 
+  describe 'DH primes handling' do
+    let(:chef_run) do
+      ChefSpec::ServerRunner.new.converge(described_recipe)
+    end
+
+    context 'when there are no small primes' do
+      let(:dh_primes_ok) { true }
+
+      it 'should not remove small primes from DH moduli' do
+        expect(chef_run).not_to run_ruby_block('remove small primes from DH moduli')
+      end
+    end
+
+    context 'when there are small primes present' do
+      let(:dh_primes_ok) { false }
+
+      it 'should invoke small primes from DH module' do
+        expect(chef_run).to run_ruby_block('remove small primes from DH moduli')
+      end
+    end
+  end
+
   describe 'debian banner' do
     cached(:chef_run) do
       ChefSpec::ServerRunner.new(platform: 'ubuntu', version: '16.04').converge(described_recipe)