#!/bin/sh
#SYSTEMS: Solaris, Linux
#Check the version of ssh, if installed.
MSG="# Checking ssh..."
SYSTEM=`uname -s`
######Solaris & Linux######
if [ "$SYSTEM" = "SunOS" -o "$SYSTEM" = "Linux" ]; then
  echo ""; echo "$MSG"
  # Bad ssh versions are OpenSSH 3.3 or earlier and SSH Communication Security's SSH 3.0.0 or earlier.
  PS=`ps -ef | grep sshd | grep -v grep` 
  if [ "$PS" = "" ]; then #Do not see a sshd daemon running... 
    exit 0 # The SSH daemon 'sshd' does not appear to be running on this system... exit
  else   # Find ssh and execute ssh -V
    SSH=`which ssh`
    if [ "$SSH" = "" ]; then  #can't find ssh...
      echo "--WARN-- [SSH001w] The sshd daemon is running but cannot find the ssh program to determine the version."
      exit 0
    fi
    VERSION=`ssh -V 2>&1`
    OPEN=`echo $VERSION | grep "OpenSSH"`
    SECURE=`echo $VERSION | grep "SSH Secure Shell"`
    #
    if [ "$OPEN" != "" ]; then   #OpenSSH
      VER=`echo "$OPEN" | awk -F'_' '{printf("%s", $2)}' | awk -F',' '{printf("%s", $1)}'`
      echo "--WARN-- [SSH002w] The sshd daemon is running.  The version of OpenSSH on your system is $VER.  Versions 3.3 and earlier likely contain vulnerabilities."
      exit 0
    fi
    if [ "$SECURE" != "" ]; then #SSH Secure Shell (non-commercial)
      VER=`echo "$SECURE" | awk '{printf("%s",$4)}'`
      echo "--WARN-- [SSH002w] The sshd daemon is running.  The version of SSH on your system is $VER.  Versions 3.0.0 and earlier likely contain vulnerabilities."
      exit 0
    fi
  fi
  # if you got this far its because we did not recognize a bad $VERSION string...
fi


