KNEL/FetchApply
2
0
Fork 0
Code Pull Requests Actions Packages Releases 1 Activity

ubuntu bug workaround

Browse Source
This commit is contained in:
Charles N Wyble - admin
2025-07-02 12:23:31 -05:00
parent 0ee847f556
commit 197d8e2d27
1 changed files with 16 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
ProjectCode/Modules/Security/secharden-ssh.sh
View File

@ -1,21 +1,21 @@
#!/bin/bash #!/bin/bash
#Framework variables are read from hee #Framework variables are read from hee
source $FRAMEWORK_CONFIGS_FULL_PATH/FrameworkVars source "$FRAMEWORK_CONFIGS_FULL_PATH"/FrameworkVars
#Boilerplate and support functions #Boilerplate and support functions
FrameworkIncludeFiles="$(ls -1 --color=none $FRAMEWORK_INCLUDES_FULL_PATH/*)" FrameworkIncludeFiles="$(ls -1 --color=none "$FRAMEWORK_INCLUDES_FULL_PATH"/*)"
IFS=$'\n\t' IFS=$'\n\t'
for file in ${FrameworkIncludeFiles[@]}; do for file in "${FrameworkIncludeFiles[@]}"; do
. "$file" . "$file"
done done
unset IFS unset IFS
ProjectIncludeFiles="$(ls -1 --color=none $PROJECT_INCLUDES_FULL_PATH/*)" ProjectIncludeFiles="$(ls -1 --color=none "$PROJECT_INCLUDES_FULL_PATH"/*)"
IFS=$'\n\t' IFS=$'\n\t'
for file in ${ProjectIncludeFiles[@]}; do for file in "${ProjectIncludeFiles[@]}"; do
. "$file" . "$file"
done done
unset IFS unset IFS
@ -39,7 +39,7 @@ if [ ! -d $ROOT_SSH_DIR ]; then
mkdir /root/.ssh/ mkdir /root/.ssh/
fi fi
curl --silent ${DL_ROOT}/ProjectCode/ConfigFiles/SSH/AuthorizedKeys/root-ssh-authorized-keys > /root/.ssh/authorized_keys curl --silent "${DL_ROOT}"/ProjectCode/ConfigFiles/SSH/AuthorizedKeys/root-ssh-authorized-keys > /root/.ssh/authorized_keys
chmod 400 /root/.ssh/authorized_keys chmod 400 /root/.ssh/authorized_keys
chown root: /root/.ssh/authorized_keys chown root: /root/.ssh/authorized_keys
@ -49,7 +49,7 @@ if [ "$LOCALUSER_CHECK" -gt 0 ]; then
mkdir -p /home/localuser/.ssh/ mkdir -p /home/localuser/.ssh/
fi fi
curl --silent ${DL_ROOT}/ProjectCode/ConfigFiles/SSH/AuthorizedKeys/localuser-ssh-authorized-keys > /home/localuser/.ssh/authorized_keys \ curl --silent "${DL_ROOT}"/ProjectCode/ConfigFiles/SSH/AuthorizedKeys/localuser-ssh-authorized-keys > /home/localuser/.ssh/authorized_keys \
&& chown localuser /home/localuser/.ssh/authorized_keys \ && chown localuser /home/localuser/.ssh/authorized_keys \
&& chmod 400 /home/localuser/.ssh/authorized_keys && chmod 400 /home/localuser/.ssh/authorized_keys
fi fi
@ -60,12 +60,20 @@ if [ ! -d $SUBODEV_SSH_DIR ]; then
fi fi
fi fi
curl --silent ${DL_ROOT}/ProjectCode/ConfigFiles/SSH/AuthorizedKeys/localuser-ssh-authorized-keys > /home/subodev/.ssh/authorized_keys \ curl --silent "${DL_ROOT}"/ProjectCode/ConfigFiles/SSH/AuthorizedKeys/localuser-ssh-authorized-keys > /home/subodev/.ssh/authorized_keys \
&& chmod 400 /home/subodev/.ssh/authorized_keys \ && chmod 400 /home/subodev/.ssh/authorized_keys \
&& chown subodev: /home/subodev/.ssh/authorized_keys && chown subodev: /home/subodev/.ssh/authorized_keys
cat ../../ConfigFiles/SSH/Configs/tsys-sshd-config > /etc/ssh/sshd_config cat ../../ConfigFiles/SSH/Configs/tsys-sshd-config > /etc/ssh/sshd_config
export UBUNTU_CHECK
UBUNTU_CHECK="$(distro|grep -c Ubuntu)"
#Don't deploy this config to a ubuntu server, it breaks openssh server. Works on kali/debian.
if [ $UBUNTU_CHECK -eq 0 ]; then
cat ../../ConfigFiles/SSH/Configs/ssh-audit-hardening.conf > /etc/ssh/sshd_config.d/ssh-audit_hardening.conf cat ../../ConfigFiles/SSH/Configs/ssh-audit-hardening.conf > /etc/ssh/sshd_config.d/ssh-audit_hardening.conf
fi
# Perms on sshd_config # Perms on sshd_config
chmod og-rwx /etc/ssh/sshd_config chmod og-rwx /etc/ssh/sshd_config