9.2.1_enable_cracklib.sh 9.2.2_enable_lockout_failed_password.sh 9.2.3_limit_password_reuse.sh 9.3.10_disable_sshd_setenv.sh 9.3.11_sshd_ciphers.sh 9.3.12_sshd_idle_timeout.sh 9.3.13_sshd_limit_access.sh 9.3.14_ssh_banner.sh 9.3.2_sshd_loglevel.sh 9.3.1_sshd_protocol.sh 9.3.3_sshd_conf_perm_ownership.sh 9.3.4_disable_x11_forwarding.sh 9.3.5_sshd_maxauthtries.sh 9.3.6_enable_sshd_ignorerhosts.sh 9.3.7_disable_sshd_hostbasedauthentication.sh 9.3.8_disable_root_login.sh 9.3.9_disable_sshd_permitemptypasswords.sh

2025-06-22 02:33:42 +02:00 · 2016-04-15 14:24:45 +02:00
parent 0407ebe362
commit 823cd217a0
36 changed files with 1496 additions and 3 deletions
--- a/etc/conf.d/9.2.1_enable_cracklib.cfg
+++ b/etc/conf.d/9.2.1_enable_cracklib.cfg
@ -0,0 +1,2 @@
+# Configuration for script of same name
+status=enabled
--- a/etc/conf.d/9.2.2_enable_lockout_failed_password.cfg
+++ b/etc/conf.d/9.2.2_enable_lockout_failed_password.cfg
@ -0,0 +1,2 @@
+# Configuration for script of same name
+status=enabled
--- a/etc/conf.d/9.2.3_limit_password_reuse.cfg
+++ b/etc/conf.d/9.2.3_limit_password_reuse.cfg
@ -0,0 +1,2 @@
+# Configuration for script of same name
+status=enabled
--- a/etc/conf.d/9.3.10_disable_sshd_setenv.cfg
+++ b/etc/conf.d/9.3.10_disable_sshd_setenv.cfg
@ -0,0 +1,2 @@
+# Configuration for script of same name
+status=enabled
--- a/etc/conf.d/9.3.11_sshd_ciphers.cfg
+++ b/etc/conf.d/9.3.11_sshd_ciphers.cfg
@ -0,0 +1,2 @@
+# Configuration for script of same name
+status=enabled
--- a/etc/conf.d/9.3.12_sshd_idle_timeout.cfg
+++ b/etc/conf.d/9.3.12_sshd_idle_timeout.cfg
@ -0,0 +1,5 @@
+# Configuration for script of same name
+status=enabled
+# In seconds, value of ClientAliveInterval, ClientAliveCountMax bedoing set to 0
+# Settles sshd idle timeout
+SSHD_TIMEOUT=900 
--- a/etc/conf.d/9.3.13_sshd_limit_access.cfg
+++ b/etc/conf.d/9.3.13_sshd_limit_access.cfg
@ -0,0 +1,9 @@
+# Configuration for script of same name
+status=enabled
+
+# Put here ssh user hardening list, there is a default in script to not break your configuration
+# However, it can erase current configuration
+ALLOWED_USERS=''
+ALLOWED_GROUPS=''
+DENIED_USERS=''
+DENIED_GROUPS=''
--- a/etc/conf.d/9.3.14_ssh_banner.cfg
+++ b/etc/conf.d/9.3.14_ssh_banner.cfg
@ -0,0 +1,4 @@
+# Configuration for script of same name
+status=enabled
+# Put here banner file, default to /etc/issue.net
+BANNER_FILE=""
--- a/etc/conf.d/9.3.1_sshd_protocol.cfg
+++ b/etc/conf.d/9.3.1_sshd_protocol.cfg
@ -0,0 +1,2 @@
+# Configuration for script of same name
+status=enabled
--- a/etc/conf.d/9.3.2_sshd_loglevel.cfg
+++ b/etc/conf.d/9.3.2_sshd_loglevel.cfg
@ -0,0 +1,2 @@
+# Configuration for script of same name
+status=enabled
--- a/etc/conf.d/9.3.3_sshd_conf_perm_ownership.cfg
+++ b/etc/conf.d/9.3.3_sshd_conf_perm_ownership.cfg
@ -0,0 +1,2 @@
+# Configuration for script of same name
+status=enabled
--- a/etc/conf.d/9.3.4_disable_x11_forwarding.cfg
+++ b/etc/conf.d/9.3.4_disable_x11_forwarding.cfg
@ -0,0 +1,2 @@
+# Configuration for script of same name
+status=enabled
--- a/etc/conf.d/9.3.5_sshd_maxauthtries.cfg
+++ b/etc/conf.d/9.3.5_sshd_maxauthtries.cfg
@ -0,0 +1,2 @@
+# Configuration for script of same name
+status=enabled
--- a/etc/conf.d/9.3.6_enable_sshd_ignorerhosts.cfg
+++ b/etc/conf.d/9.3.6_enable_sshd_ignorerhosts.cfg
@ -0,0 +1,2 @@
+# Configuration for script of same name
+status=enabled
--- a/etc/conf.d/9.3.7_disable_sshd_hostbasedauthentication.cfg
+++ b/etc/conf.d/9.3.7_disable_sshd_hostbasedauthentication.cfg
@ -0,0 +1,2 @@
+# Configuration for script of same name
+status=enabled
--- a/etc/conf.d/9.3.8_disable_root_login.cfg
+++ b/etc/conf.d/9.3.8_disable_root_login.cfg
@ -0,0 +1,2 @@
+# Configuration for script of same name
+status=enabled
--- a/etc/conf.d/9.3.9_disable_sshd_permitemptypasswords.cfg
+++ b/etc/conf.d/9.3.9_disable_sshd_permitemptypasswords.cfg
@ -0,0 +1,2 @@
+# Configuration for script of same name
+status=enabled