capturing current reality
This commit is contained in:
10
slack/prod/tsys-base/files/etc/issue
Normal file
10
slack/prod/tsys-base/files/etc/issue
Normal file
@@ -0,0 +1,10 @@
|
||||
===============================================================================
|
||||
|
||||
This is a private computer system. These resources, including all
|
||||
related equipment, networks, and devices, are provided for authorized
|
||||
use only. The system may be monitored for all lawful purposes. Evidence
|
||||
of unauthorized use collected during monitoring may be used for criminal
|
||||
prosecution by staff, legal counsel, and law enforcement agencies.
|
||||
|
||||
===============================================================================
|
||||
|
||||
10
slack/prod/tsys-base/files/etc/issue.net
Normal file
10
slack/prod/tsys-base/files/etc/issue.net
Normal file
@@ -0,0 +1,10 @@
|
||||
===============================================================================
|
||||
|
||||
This is a private computer system. These resources, including all
|
||||
related equipment, networks, and devices, are provided for authorized
|
||||
use only. The system may be monitored for all lawful purposes. Evidence
|
||||
of unauthorized use collected during monitoring may be used for criminal
|
||||
prosecution by staff, legal counsel, and law enforcement agencies.
|
||||
|
||||
===============================================================================
|
||||
|
||||
30
slack/prod/tsys-base/files/etc/ssh/sshd_config
Normal file
30
slack/prod/tsys-base/files/etc/ssh/sshd_config
Normal file
@@ -0,0 +1,30 @@
|
||||
#Official Turn Net Systems SSHD configuration
|
||||
#Created by Charles Wyble
|
||||
#Sourced from
|
||||
#https://stribika.github.io/2015/01/04/secure-secure-shell.html
|
||||
#https://infosec.mozilla.org/guidelines/openssh
|
||||
|
||||
#Eliminated all the stock bits that had good/sane defaults, below values are set intentionally
|
||||
|
||||
HostKey /etc/ssh/ssh_host_ed25519_key
|
||||
HostKey /etc/ssh/ssh_host_rsa_key
|
||||
PermitRootLogin without-password
|
||||
AuthenticationMethods publickey
|
||||
SyslogFacility AUTH
|
||||
LogLevel VERBOSE
|
||||
StrictModes yes
|
||||
PubkeyAuthentication yes
|
||||
PasswordAuthentication no
|
||||
ChallengeResponseAuthentication no
|
||||
PermitEmptyPasswords no
|
||||
X11Forwarding no
|
||||
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
|
||||
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
|
||||
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256
|
||||
PrintMotd yes
|
||||
Banner /etc/ssh/tsys-banner
|
||||
Subsystem sftp /usr/lib/openssh/sftp-server
|
||||
#Review the following:
|
||||
UsePAM yes
|
||||
AllowAgentForwarding yes
|
||||
|
||||
Reference in New Issue
Block a user