mirror of
https://git.yoctoproject.org/meta-security
synced 2026-01-11 15:00:34 +00:00
9cd85e054f
Commit352e6498amissed updating the override syntax for the "harden" distro override. Fixes:352e6498a("meta-hardening: Convert to new override syntax") Signed-off-by: Akshay Bhat <akshay.bhat@timesys.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
14 lines
788 B
Plaintext
14 lines
788 B
Plaintext
do_install:append:harden () {
|
|
# to hardend
|
|
sed -i -e 's:#AllowTcpForwarding yes:AllowTcpForwarding no:' ${D}${sysconfdir}/ssh/sshd_config
|
|
sed -i -e 's:ClientAliveCountMax 4:ClientAliveCountMax 2:' ${D}${sysconfdir}/ssh/sshd_config
|
|
sed -i -e 's:#LogLevel INFO:LogLevel VERBOSE:' ${D}${sysconfdir}/ssh/sshd_config
|
|
sed -i -e 's:#MaxSessions.*:MaxSessions 2:' ${D}${sysconfdir}/ssh/sshd_config
|
|
sed -i -e 's:#TCPKeepAlive yes:TCPKeepAlive no:' ${D}${sysconfdir}/ssh/sshd_config
|
|
sed -i -e 's:#AllowAgentForwarding yes:AllowAgentForwarding no:' ${D}${sysconfdir}/ssh/sshd_config
|
|
|
|
if [ "${@bb.utils.contains('DISABLE_ROOT', 'True', 'yes', 'no', d)}" = "yes" ]; then
|
|
sed -i -e 's:#PermitRootLogin.*:PermitRootLogin prohibit-password:' ${D}${sysconfdir}/ssh/sshd_config
|
|
fi
|
|
}
|