diff options
| author | Jason M. Bills <jason.m.bills@linux.intel.com> | 2020-12-08 00:38:17 +0300 |
|---|---|---|
| committer | Jason M. Bills <jason.m.bills@linux.intel.com> | 2020-12-08 00:38:17 +0300 |
| commit | 8d6ae7f2a817751fad151168fa10ce28ee0869d8 (patch) | |
| tree | 281032f7ec07c41589aa094bd165cc2a98f2d3a7 /meta-security/meta-hardening/recipes-connectivity/openssh/openssh_%.bbappend | |
| parent | c16fb8893b19075db4bcf3b5bf33c1db8c3ca2bd (diff) | |
| parent | 5da3c2284560a7e08ffafd03c5b5ba44a3242228 (diff) | |
| download | openbmc-8d6ae7f2a817751fad151168fa10ce28ee0869d8.tar.xz | |
Merge tag '0.26' of ssh://git-amr-1.devtools.intel.com:29418/openbmc-openbmc into update
Diffstat (limited to 'meta-security/meta-hardening/recipes-connectivity/openssh/openssh_%.bbappend')
| -rw-r--r-- | meta-security/meta-hardening/recipes-connectivity/openssh/openssh_%.bbappend | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/meta-security/meta-hardening/recipes-connectivity/openssh/openssh_%.bbappend b/meta-security/meta-hardening/recipes-connectivity/openssh/openssh_%.bbappend new file mode 100644 index 000000000..67be3f313 --- /dev/null +++ b/meta-security/meta-hardening/recipes-connectivity/openssh/openssh_%.bbappend @@ -0,0 +1,13 @@ +do_install_append_harden () { + # to hardend + sed -i -e 's:#AllowTcpForwarding yes:AllowTcpForwarding no:' ${D}${sysconfdir}/ssh/sshd_config + sed -i -e 's:ClientAliveCountMax 4:ClientAliveCountMax 2:' ${D}${sysconfdir}/ssh/sshd_config + sed -i -e 's:#LogLevel INFO:LogLevel VERBOSE:' ${D}${sysconfdir}/ssh/sshd_config + sed -i -e 's:#MaxSessions.*:MaxSessions 2:' ${D}${sysconfdir}/ssh/sshd_config + sed -i -e 's:#TCPKeepAlive yes:TCPKeepAlive no:' ${D}${sysconfdir}/ssh/sshd_config + sed -i -e 's:#AllowAgentForwarding yes:AllowAgentForwarding no:' ${D}${sysconfdir}/ssh/sshd_config + + if [ "${@bb.utils.contains('DISABLE_ROOT', 'True', 'yes', 'no', d)}" = "yes" ]; then + sed -i -e 's:#PermitRootLogin.*:PermitRootLogin prohibit-password:' ${D}${sysconfdir}/ssh/sshd_config + fi +} |