Update SSHD and Kernel configs

Signed-off-by: Tommy <contact@tommytran.io>

Docker-Compose.yml

@@ -59,9 +59,10 @@ systemd:
       mask: true
 storage:
   files:
-    - path: /etc/ssh/sshd_config.d/60-disable-GSSAPI.conf
+    - path: /etc/ssh/sshd_config.d/10-custom.conf
       contents:
         inline: |
+          X11Forwarding no 
           GSSAPIAuthentication no
     - path: /etc/zincati/config.d/51-rollout-wariness.toml
       contents:
@@ -114,18 +115,12 @@ storage:
       contents: 
         inline: | 
           * hard core 0
-    - path: /etc/ssh/ssh_config.d/60-disable-GSSAPI.conf
+    - path: /etc/ssh/ssh_config.d/10-custom.conf
       overwrite: true
       contents: 
         inline: | 
+          X11Forwarding no 
           GSSAPIAuthentication no
-    - path: /etc/sysctl.d/20-silence-audit.conf
-      contents:
-        inline: |
-          # Raise console message logging level from DEBUG (7) to WARNING (4)
-          # so that audit messages don't get interspersed on the console that
-          # may frustrate a user trying to interactively log in.
-          kernel.printk=4
   links:
     - path: /etc/localtime
       target: ../usr/share/zoneinfo/America/New_York
@@ -185,3 +180,4 @@ kernel_arguments:
     - sysctl.kernel.perf_event_paranoid=3
     - sysctl.net.ipv6.conf.all.accept_ra=0
     - sysctl.net.ipv6.conf.default.accept_ra=0
+    - sysctl.kernel.printk=4

Generic.yml

@@ -77,9 +77,10 @@ systemd:
       mask: true
 storage:
   files:
-    - path: /etc/ssh/sshd_config.d/60-disable-GSSAPI.conf
+    - path: /etc/ssh/sshd_config.d/10-custom.conf
       contents:
         inline: |
+          X11Forwarding no 
           GSSAPIAuthentication no
     - path: /etc/zincati/config.d/51-rollout-wariness.toml
       contents:
@@ -120,18 +121,12 @@ storage:
       contents: 
         inline: | 
           * hard core 0
-    - path: /etc/ssh/ssh_config.d/60-disable-GSSAPI.conf
+    - path: /etc/ssh/ssh_config.d/10-custom.conf
       overwrite: true
       contents: 
-        inline: | 
-          GSSAPIAuthentication no
-    - path: /etc/sysctl.d/20-silence-audit.conf
-      contents:
         inline: |
-          # Raise console message logging level from DEBUG (7) to WARNING (4)
-          # so that audit messages don't get interspersed on the console that
-          # may frustrate a user trying to interactively log in.
-          kernel.printk=4
+          X11Forwarding no 
+          GSSAPIAuthentication no
   links:
     - path: /etc/localtime
       target: ../usr/share/zoneinfo/America/New_York
@@ -188,4 +183,5 @@ kernel_arguments:
     - sysctl.vm.swappiness=1
     - sysctl.kernel.perf_event_paranoid=3
     - sysctl.net.ipv6.conf.all.accept_ra=0
-    - sysctl.net.ipv6.conf.default.accept_ra=0
+    - sysctl.net.ipv6.conf.default.accept_ra=0
+    - kernel.printk=4

GitLab.yml

@@ -79,9 +79,10 @@ systemd:
       mask: true
 storage:
   files:
-    - path: /etc/ssh/sshd_config.d/60-disable-GSSAPI.conf
+    - path: /etc/ssh/sshd_config.d/10-custom.conf
       contents:
         inline: |
+          X11Forwarding no 
           GSSAPIAuthentication no
     - path: /etc/zincati/config.d/51-rollout-wariness.toml
       contents:
@@ -122,18 +123,12 @@ storage:
       contents: 
         inline: | 
           * hard core 0
-    - path: /etc/ssh/ssh_config.d/60-disable-GSSAPI.conf
+    - path: /etc/ssh/ssh_config.d/10-custom.conf
       overwrite: true
       contents: 
         inline: | 
+          X11Forwarding no 
           GSSAPIAuthentication no
-    - path: /etc/sysctl.d/20-silence-audit.conf
-      contents:
-        inline: |
-          # Raise console message logging level from DEBUG (7) to WARNING (4)
-          # so that audit messages don't get interspersed on the console that
-          # may frustrate a user trying to interactively log in.
-          kernel.printk=4
   links:
     - path: /etc/localtime
       target: ../usr/share/zoneinfo/America/New_York
@@ -190,4 +185,6 @@ kernel_arguments:
     - sysctl.vm.swappiness=1
     - sysctl.kernel.perf_event_paranoid=3
     - sysctl.net.ipv6.conf.all.accept_ra=0
-    - sysctl.net.ipv6.conf.default.accept_ra=0
+    - sysctl.net.ipv6.conf.default.accept_ra=0
+    - sysctl.kernel.printk=4
+    

OnlyOffice.yml

@@ -78,9 +78,10 @@ systemd:
       mask: true
 storage:
   files:
-    - path: /etc/ssh/sshd_config.d/60-disable-GSSAPI.conf
+    - path: /etc/ssh/sshd_config.d/10-custom.conf
       contents:
         inline: |
+          X11Forwarding no 
           GSSAPIAuthentication no
     - path: /etc/zincati/config.d/51-rollout-wariness.toml
       contents:
@@ -121,18 +122,12 @@ storage:
       contents: 
         inline: | 
           * hard core 0
-    - path: /etc/ssh/ssh_config.d/60-disable-GSSAPI.conf
+    - path: /etc/ssh/ssh_config.d/10-custom.conf
       overwrite: true
       contents: 
         inline: | 
+          X11Forwarding no 
           GSSAPIAuthentication no
-    - path: /etc/sysctl.d/20-silence-audit.conf
-      contents:
-        inline: |
-          # Raise console message logging level from DEBUG (7) to WARNING (4)
-          # so that audit messages don't get interspersed on the console that
-          # may frustrate a user trying to interactively log in.
-          kernel.printk=4
   links:
     - path: /etc/localtime
       target: ../usr/share/zoneinfo/America/New_York
@@ -189,4 +184,5 @@ kernel_arguments:
     - sysctl.vm.swappiness=1
     - sysctl.kernel.perf_event_paranoid=3
     - sysctl.net.ipv6.conf.all.accept_ra=0
-    - sysctl.net.ipv6.conf.default.accept_ra=0
+    - sysctl.net.ipv6.conf.default.accept_ra=0
+    - sysctl.kernel.printk=4