From 63bf34c59c3fda632842b99d3afc4219aeb06e03 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mich=C3=A9e=20Lengronne?= <michee.lengronne@coppint.com>
Date: Fri, 22 May 2020 10:33:16 +0200
Subject: [PATCH] privilege separation deprecated
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Michée Lengronne <michee.lengronne@coppint.com>
---
 controls/sshd_spec.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/controls/sshd_spec.rb b/controls/sshd_spec.rb
index 15ecca0..2956143 100644
--- a/controls/sshd_spec.rb
+++ b/controls/sshd_spec.rb
@@ -207,9 +207,9 @@
 control 'sshd-16' do
   impact 1.0
   title 'Server: Use privilege separation'
-  desc 'UsePrivilegeSeparation is an option, when enabled will allow the OpenSSH server to run a small (necessary) amount of code as root and the of the code in a chroot jail environment. This enables ssh to deal incoming network traffic in an unprivileged child process to avoid privilege escalation by an attacker.'
+  desc 'UsePrivilegeSeparation is deprecated.'
   describe sshd_config(sshd_custom_path + '/sshd_config') do
-    its('UsePrivilegeSeparation') { should eq(sshd_valid_privseparation) }
+    its('UsePrivilegeSeparation') { should eq nil }
   end
 end