V8.02.644.2025.05.31

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

lib/lib_hardening_ssh.sh

@@ -13,15 +13,15 @@
 #######################################
 # SSH Hardening Ultra via TCP Wrapper
 # Globals:
-#   WORKDIR
-#   handler_jumphost
+#   ARY_HANDLER_JUMPHOST
+#   VAR_WORKDIR
 # Arguments:
 #  None
 #######################################
 hardening_ssh() {
-  if ((${#handler_jumphost[@]} > 0)); then
+  if ((${#ARY_HANDLER_JUMPHOST[@]} > 0)); then
     declare allowed=""
-    cat << 'EOF' >| "${WORKDIR}/hosts.allow"
+    cat << 'EOF' >| "${VAR_WORKDIR}/hosts.allow"
 # /etc/hosts.allow: list of hosts that are allowed to access the system.
 #                   See the manual pages hosts_access(5) and hosts_options(5).
 #
@@ -34,10 +34,10 @@ hardening_ssh() {
 
 EOF
 
-    allowed=$(echo "${handler_jumphost[*]}" | tr '\n' ' ')
-    printf 'sshd: %s\n' "${allowed}" >> "${WORKDIR}/hosts.allow"
+    allowed=$(echo "${ARY_HANDLER_JUMPHOST[*]}" | tr '\n' ' ')
+    printf 'sshd: %s\n' "${allowed}" >> "${VAR_WORKDIR}/hosts.allow"
 
-    cat << 'EOF' >| "${WORKDIR}/hosts.deny"
+    cat << 'EOF' >| "${VAR_WORKDIR}/hosts.deny"
 # /etc/hosts.deny: list of hosts that are _not_ allowed to access the system.
 #                  See the manual pages hosts_access(5) and hosts_options(5).
 #
@@ -52,7 +52,7 @@ EOF
 #
 # You may wish to enable this to ensure any programs that don't
 # validate looked-up hostnames still leave understandable logs. In past
-# versions of Debian this has been the default.
+# versions of Debian, this has been the default.
 # ALL: PARANOID
 
 ALL: ALL