diff options
Diffstat (limited to 'meta-security/meta-hardening/recipes-connectivity')
-rw-r--r-- | meta-security/meta-hardening/recipes-connectivity/openssh/openssh_%.bbappend | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/meta-security/meta-hardening/recipes-connectivity/openssh/openssh_%.bbappend b/meta-security/meta-hardening/recipes-connectivity/openssh/openssh_%.bbappend new file mode 100644 index 000000000..67be3f313 --- /dev/null +++ b/meta-security/meta-hardening/recipes-connectivity/openssh/openssh_%.bbappend @@ -0,0 +1,13 @@ +do_install_append_harden () { + # to hardend + sed -i -e 's:#AllowTcpForwarding yes:AllowTcpForwarding no:' ${D}${sysconfdir}/ssh/sshd_config + sed -i -e 's:ClientAliveCountMax 4:ClientAliveCountMax 2:' ${D}${sysconfdir}/ssh/sshd_config + sed -i -e 's:#LogLevel INFO:LogLevel VERBOSE:' ${D}${sysconfdir}/ssh/sshd_config + sed -i -e 's:#MaxSessions.*:MaxSessions 2:' ${D}${sysconfdir}/ssh/sshd_config + sed -i -e 's:#TCPKeepAlive yes:TCPKeepAlive no:' ${D}${sysconfdir}/ssh/sshd_config + sed -i -e 's:#AllowAgentForwarding yes:AllowAgentForwarding no:' ${D}${sysconfdir}/ssh/sshd_config + + if [ "${@bb.utils.contains('DISABLE_ROOT', 'True', 'yes', 'no', d)}" = "yes" ]; then + sed -i -e 's:#PermitRootLogin.*:PermitRootLogin prohibit-password:' ${D}${sysconfdir}/ssh/sshd_config + fi +} |