KNEL/FetchApply
2
0
Fork 0
Code Pull Requests Actions Packages Releases 1 Activity

lots of things

Browse Source
This commit is contained in:
Charles N Wyble
2025-06-29 19:54:10 -05:00
parent 23cba4713b
commit 7a5b90ae84
25 changed files with 278 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
Modules/Security/secharden-ssh.sh
View File

@@ -1,20 +1,13 @@
#!/bin/bash
iptables -I INPUT -p tcp --dport 22 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 10 --hitcount 10 -j DROP
ip6tables -I INPUT -p tcp --dport 22 -m state --state NEW -m recent --set
ip6tables -I INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 10 --hitcount 10 -j DROP
service netfilter-persistent save
curl --silent ${DL_ROOT}/ConfigFiles/SSH/Configs/tsys-sshd-config > /etc/ssh/sshd_config
curl --silent ${DL_ROOT}/ConfigFiles/SSH/Configs/ssh-audit_hardening.conf > /etc/ssh/sshd_config.d/ssh-audit_hardening.conf
# Perms on sshd_config
# X11 forwarding disabled
# MaxAuthTries set to 4 or less
# login disabled
# only strong mAC algos are used
# idle timeout
# login grace time
# ssh access is limited
# ssh warning banner is configured
# allowtcpforwarding is disabled
# maxstartups is configured
chmod og-rwx /etc/ssh/sshd_config
chmod og-rwx /etc/ssh/sshd_config.d/*
#todo
# root login disabled
# only strong mAC algos are used