1
0
mirror of https://github.com/tommytran732/Fedora-CoreOS-Ignition synced 2024-12-22 14:42:16 -05:00

Update SSHD and Kernel configs

Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2022-09-12 17:58:29 -04:00
parent 254eeaef42
commit c75d4a363a
No known key found for this signature in database
GPG Key ID: 060B29EB996BD9F2
8 changed files with 29 additions and 44 deletions

File diff suppressed because one or more lines are too long

View File

@ -59,9 +59,10 @@ systemd:
mask: true
storage:
files:
- path: /etc/ssh/sshd_config.d/60-disable-GSSAPI.conf
- path: /etc/ssh/sshd_config.d/10-custom.conf
contents:
inline: |
X11Forwarding no
GSSAPIAuthentication no
- path: /etc/zincati/config.d/51-rollout-wariness.toml
contents:
@ -114,18 +115,12 @@ storage:
contents:
inline: |
* hard core 0
- path: /etc/ssh/ssh_config.d/60-disable-GSSAPI.conf
- path: /etc/ssh/ssh_config.d/10-custom.conf
overwrite: true
contents:
inline: |
X11Forwarding no
GSSAPIAuthentication no
- path: /etc/sysctl.d/20-silence-audit.conf
contents:
inline: |
# Raise console message logging level from DEBUG (7) to WARNING (4)
# so that audit messages don't get interspersed on the console that
# may frustrate a user trying to interactively log in.
kernel.printk=4
links:
- path: /etc/localtime
target: ../usr/share/zoneinfo/America/New_York
@ -185,3 +180,4 @@ kernel_arguments:
- sysctl.kernel.perf_event_paranoid=3
- sysctl.net.ipv6.conf.all.accept_ra=0
- sysctl.net.ipv6.conf.default.accept_ra=0
- sysctl.kernel.printk=4

File diff suppressed because one or more lines are too long

View File

@ -77,9 +77,10 @@ systemd:
mask: true
storage:
files:
- path: /etc/ssh/sshd_config.d/60-disable-GSSAPI.conf
- path: /etc/ssh/sshd_config.d/10-custom.conf
contents:
inline: |
X11Forwarding no
GSSAPIAuthentication no
- path: /etc/zincati/config.d/51-rollout-wariness.toml
contents:
@ -120,18 +121,12 @@ storage:
contents:
inline: |
* hard core 0
- path: /etc/ssh/ssh_config.d/60-disable-GSSAPI.conf
- path: /etc/ssh/ssh_config.d/10-custom.conf
overwrite: true
contents:
inline: |
GSSAPIAuthentication no
- path: /etc/sysctl.d/20-silence-audit.conf
contents:
inline: |
# Raise console message logging level from DEBUG (7) to WARNING (4)
# so that audit messages don't get interspersed on the console that
# may frustrate a user trying to interactively log in.
kernel.printk=4
X11Forwarding no
GSSAPIAuthentication no
links:
- path: /etc/localtime
target: ../usr/share/zoneinfo/America/New_York
@ -188,4 +183,5 @@ kernel_arguments:
- sysctl.vm.swappiness=1
- sysctl.kernel.perf_event_paranoid=3
- sysctl.net.ipv6.conf.all.accept_ra=0
- sysctl.net.ipv6.conf.default.accept_ra=0
- sysctl.net.ipv6.conf.default.accept_ra=0
- kernel.printk=4

File diff suppressed because one or more lines are too long

View File

@ -79,9 +79,10 @@ systemd:
mask: true
storage:
files:
- path: /etc/ssh/sshd_config.d/60-disable-GSSAPI.conf
- path: /etc/ssh/sshd_config.d/10-custom.conf
contents:
inline: |
X11Forwarding no
GSSAPIAuthentication no
- path: /etc/zincati/config.d/51-rollout-wariness.toml
contents:
@ -122,18 +123,12 @@ storage:
contents:
inline: |
* hard core 0
- path: /etc/ssh/ssh_config.d/60-disable-GSSAPI.conf
- path: /etc/ssh/ssh_config.d/10-custom.conf
overwrite: true
contents:
inline: |
X11Forwarding no
GSSAPIAuthentication no
- path: /etc/sysctl.d/20-silence-audit.conf
contents:
inline: |
# Raise console message logging level from DEBUG (7) to WARNING (4)
# so that audit messages don't get interspersed on the console that
# may frustrate a user trying to interactively log in.
kernel.printk=4
links:
- path: /etc/localtime
target: ../usr/share/zoneinfo/America/New_York
@ -190,4 +185,6 @@ kernel_arguments:
- sysctl.vm.swappiness=1
- sysctl.kernel.perf_event_paranoid=3
- sysctl.net.ipv6.conf.all.accept_ra=0
- sysctl.net.ipv6.conf.default.accept_ra=0
- sysctl.net.ipv6.conf.default.accept_ra=0
- sysctl.kernel.printk=4

File diff suppressed because one or more lines are too long

View File

@ -78,9 +78,10 @@ systemd:
mask: true
storage:
files:
- path: /etc/ssh/sshd_config.d/60-disable-GSSAPI.conf
- path: /etc/ssh/sshd_config.d/10-custom.conf
contents:
inline: |
X11Forwarding no
GSSAPIAuthentication no
- path: /etc/zincati/config.d/51-rollout-wariness.toml
contents:
@ -121,18 +122,12 @@ storage:
contents:
inline: |
* hard core 0
- path: /etc/ssh/ssh_config.d/60-disable-GSSAPI.conf
- path: /etc/ssh/ssh_config.d/10-custom.conf
overwrite: true
contents:
inline: |
X11Forwarding no
GSSAPIAuthentication no
- path: /etc/sysctl.d/20-silence-audit.conf
contents:
inline: |
# Raise console message logging level from DEBUG (7) to WARNING (4)
# so that audit messages don't get interspersed on the console that
# may frustrate a user trying to interactively log in.
kernel.printk=4
links:
- path: /etc/localtime
target: ../usr/share/zoneinfo/America/New_York
@ -189,4 +184,5 @@ kernel_arguments:
- sysctl.vm.swappiness=1
- sysctl.kernel.perf_event_paranoid=3
- sysctl.net.ipv6.conf.all.accept_ra=0
- sysctl.net.ipv6.conf.default.accept_ra=0
- sysctl.net.ipv6.conf.default.accept_ra=0
- sysctl.kernel.printk=4