KNEL/FetchApply
2
0
Fork 0
Code Pull Requests Actions Packages Releases 1 Activity

had inverse logic. fixed. still shouldn't have caused script to error though... hmm...

Browse Source
This commit is contained in:
Charles N Wyble - admin
2025-07-02 18:15:03 -05:00
parent 02a874f713
commit 0937036155
1 changed files with 31 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
ProjectCode/Modules/Security/secharden-ssh.sh
View File

@ -2,12 +2,6 @@
set -x set -x
export framework_include_file
framework_include_file=""
export project_include_file
project_include_file=""
for framework_include_file in ../../../Framework-Includes/*; do for framework_include_file in ../../../Framework-Includes/*; do
source "$framework_include_file" source "$framework_include_file"
done done
@ -16,7 +10,6 @@ for project_include_file in ../../../Project-Includes/*; do
source "$project_include_file" source "$project_include_file"
done done
export SUBODEV_CHECK export SUBODEV_CHECK
SUBODEV_CHECK="$(getent passwd | grep -c subodev || true)" SUBODEV_CHECK="$(getent passwd | grep -c subodev || true)"
@ -32,6 +25,9 @@ LOCALUSER_SSH_DIR="/home/localuser/.ssh"
export SUBODEV_SSH_DIR export SUBODEV_SSH_DIR
SUBODEV_SSH_DIR="/home/subodev/.ssh" SUBODEV_SSH_DIR="/home/subodev/.ssh"
export NOT_UBUNTU_CHECK
NOT_UBUNTU_CHECK="$(distro | grep -c -v Ubuntu)"
if [ ! -d $ROOT_SSH_DIR ]; then if [ ! -d $ROOT_SSH_DIR ]; then
mkdir /root/.ssh/ mkdir /root/.ssh/
fi fi
@ -40,15 +36,14 @@ curl --silent "${DL_ROOT}"/ProjectCode/ConfigFiles/SSH/AuthorizedKeys/root-ssh-a
chmod 400 /root/.ssh/authorized_keys chmod 400 /root/.ssh/authorized_keys
chown root: /root/.ssh/authorized_keys chown root: /root/.ssh/authorized_keys
if [ "$LOCALUSER_CHECK" -gt 0 ]; then if [ "$LOCALUSER_CHECK" -gt 0 ]; then
if [ ! -d $LOCALUSER_SSH_DIR ]; then if [ ! -d $LOCALUSER_SSH_DIR ]; then
mkdir -p /home/localuser/.ssh/ mkdir -p /home/localuser/.ssh/
fi fi
curl --silent "${DL_ROOT}"/ProjectCode/ConfigFiles/SSH/AuthorizedKeys/localuser-ssh-authorized-keys > /home/localuser/.ssh/authorized_keys \ curl --silent "${DL_ROOT}"/ProjectCode/ConfigFiles/SSH/AuthorizedKeys/localuser-ssh-authorized-keys >/home/localuser/.ssh/authorized_keys &&
&& chown localuser /home/localuser/.ssh/authorized_keys \ chown localuser /home/localuser/.ssh/authorized_keys &&
&& chmod 400 /home/localuser/.ssh/authorized_keys chmod 400 /home/localuser/.ssh/authorized_keys
fi fi
if [ "$SUBODEV_CHECK" = 1 ]; then if [ "$SUBODEV_CHECK" = 1 ]; then
@ -57,19 +52,17 @@ if [ ! -d $SUBODEV_SSH_DIR ]; then
mkdir /home/subodev/.ssh/ mkdir /home/subodev/.ssh/
fi fi
curl --silent "${DL_ROOT}"/ProjectCode/ConfigFiles/SSH/AuthorizedKeys/localuser-ssh-authorized-keys > /home/subodev/.ssh/authorized_keys \ curl --silent "${DL_ROOT}"/ProjectCode/ConfigFiles/SSH/AuthorizedKeys/localuser-ssh-authorized-keys >/home/subodev/.ssh/authorized_keys &&
&& chmod 400 /home/subodev/.ssh/authorized_keys \ chmod 400 /home/subodev/.ssh/authorized_keys &&
&& chown subodev: /home/subodev/.ssh/authorized_keys chown subodev: /home/subodev/.ssh/authorized_keys
fi fi
cat ../../ConfigFiles/SSH/Configs/tsys-sshd-config >/etc/ssh/sshd_config cat ../../ConfigFiles/SSH/Configs/tsys-sshd-config >/etc/ssh/sshd_config
export UBUNTU_CHECK
UBUNTU_CHECK="$(distro|grep -c Ubuntu)"
#Don't deploy this config to a ubuntu server, it breaks openssh server. Works on kali/debian. #Don't deploy this config to a ubuntu server, it breaks openssh server. Works on kali/debian.
if [ $UBUNTU_CHECK -eq 0 ]; then if [ "$NOT_UBUNTU_CHECK" -eq 1 ]; then
cat ../../ConfigFiles/SSH/Configs/ssh-audit-hardening.conf >/etc/ssh/sshd_config.d/ssh-audit_hardening.conf cat ../../ConfigFiles/SSH/Configs/ssh-audit-hardening.conf >/etc/ssh/sshd_config.d/ssh-audit_hardening.conf
fi fi