V8.02.644.2025.05.31
All checks were successful
Retrieve the DNSSEC status at the time of updating the repository. / build-dnssec-diagram (push) Successful in 30s
All checks were successful
Retrieve the DNSSEC status at the time of updating the repository. / build-dnssec-diagram (push) Successful in 30s
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
@@ -13,15 +13,15 @@
|
||||
#######################################
|
||||
# SSH Hardening Ultra via TCP Wrapper
|
||||
# Globals:
|
||||
# WORKDIR
|
||||
# handler_jumphost
|
||||
# ARY_HANDLER_JUMPHOST
|
||||
# VAR_WORKDIR
|
||||
# Arguments:
|
||||
# None
|
||||
#######################################
|
||||
hardening_ssh() {
|
||||
if ((${#handler_jumphost[@]} > 0)); then
|
||||
if ((${#ARY_HANDLER_JUMPHOST[@]} > 0)); then
|
||||
declare allowed=""
|
||||
cat << 'EOF' >| "${WORKDIR}/hosts.allow"
|
||||
cat << 'EOF' >| "${VAR_WORKDIR}/hosts.allow"
|
||||
# /etc/hosts.allow: list of hosts that are allowed to access the system.
|
||||
# See the manual pages hosts_access(5) and hosts_options(5).
|
||||
#
|
||||
@@ -34,10 +34,10 @@ hardening_ssh() {
|
||||
|
||||
EOF
|
||||
|
||||
allowed=$(echo "${handler_jumphost[*]}" | tr '\n' ' ')
|
||||
printf 'sshd: %s\n' "${allowed}" >> "${WORKDIR}/hosts.allow"
|
||||
allowed=$(echo "${ARY_HANDLER_JUMPHOST[*]}" | tr '\n' ' ')
|
||||
printf 'sshd: %s\n' "${allowed}" >> "${VAR_WORKDIR}/hosts.allow"
|
||||
|
||||
cat << 'EOF' >| "${WORKDIR}/hosts.deny"
|
||||
cat << 'EOF' >| "${VAR_WORKDIR}/hosts.deny"
|
||||
# /etc/hosts.deny: list of hosts that are _not_ allowed to access the system.
|
||||
# See the manual pages hosts_access(5) and hosts_options(5).
|
||||
#
|
||||
@@ -52,7 +52,7 @@ EOF
|
||||
#
|
||||
# You may wish to enable this to ensure any programs that don't
|
||||
# validate looked-up hostnames still leave understandable logs. In past
|
||||
# versions of Debian this has been the default.
|
||||
# versions of Debian, this has been the default.
|
||||
# ALL: PARANOID
|
||||
|
||||
ALL: ALL
|
||||
|
||||
Reference in New Issue
Block a user