521659bbfb
- ssh-check — parse sshd_config + drop-ins, merge last-wins, lint against hardened baseline (pw-auth=no, root=prohibit-password, maxauthtries≤3, AllowUsers whitelist, no CBC ciphers, ETM MACs, no ssh-rsa host key). 4 modules: main (clap CLI) + parse + rules + check. Tests: 9 pass (hardened baseline, password-auth-yes-fails, cbc-cipher-fails, allow-users-not-in-whitelist-fails, missing-required-fails, etc.). - firewall-diff — diff intent YAML against `ufw status numbered` output. Defensive-only (never runs ufw). Stdin or --status-file input. Parses (v6) families, normalises "Anywhere"→"any". Exit 2 on any missing/ extra rule. 4 modules: main + intent + ufw + diff. Tests: 8 pass (load-minimal-intent, exact-match-clean, missing-rule-surfaced, extra-live-rule-surfaced, inactive-ufw-fails, integration). Workspace: clap 4 + serde + serde_yaml + serde_json. release opt-level=z, LTO, strip. Constructor Pattern: largest file check.rs 213 LOC (93 non- test); every function under 30 LOC. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
19 lines
364 B
TOML
19 lines
364 B
TOML
[workspace]
|
|
resolver = "2"
|
|
members = ["ssh-check", "firewall-diff"]
|
|
|
|
[workspace.package]
|
|
edition = "2021"
|
|
rust-version = "1.75"
|
|
|
|
[workspace.dependencies]
|
|
clap = { version = "4", features = ["derive"] }
|
|
serde = { version = "1", features = ["derive"] }
|
|
serde_yaml = "0.9"
|
|
serde_json = "1"
|
|
|
|
[profile.release]
|
|
opt-level = "z"
|
|
lto = true
|
|
strip = true
|
|
codegen-units = 1
|