mirror of
https://github.com/tommytran732/Fedora-CoreOS-Ignition
synced 2024-11-22 17:21:34 -05:00
Update SSHD and Kernel configs
Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
parent
254eeaef42
commit
c75d4a363a
File diff suppressed because one or more lines are too long
@ -59,9 +59,10 @@ systemd:
|
|||||||
mask: true
|
mask: true
|
||||||
storage:
|
storage:
|
||||||
files:
|
files:
|
||||||
- path: /etc/ssh/sshd_config.d/60-disable-GSSAPI.conf
|
- path: /etc/ssh/sshd_config.d/10-custom.conf
|
||||||
contents:
|
contents:
|
||||||
inline: |
|
inline: |
|
||||||
|
X11Forwarding no
|
||||||
GSSAPIAuthentication no
|
GSSAPIAuthentication no
|
||||||
- path: /etc/zincati/config.d/51-rollout-wariness.toml
|
- path: /etc/zincati/config.d/51-rollout-wariness.toml
|
||||||
contents:
|
contents:
|
||||||
@ -114,18 +115,12 @@ storage:
|
|||||||
contents:
|
contents:
|
||||||
inline: |
|
inline: |
|
||||||
* hard core 0
|
* hard core 0
|
||||||
- path: /etc/ssh/ssh_config.d/60-disable-GSSAPI.conf
|
- path: /etc/ssh/ssh_config.d/10-custom.conf
|
||||||
overwrite: true
|
overwrite: true
|
||||||
contents:
|
contents:
|
||||||
inline: |
|
inline: |
|
||||||
|
X11Forwarding no
|
||||||
GSSAPIAuthentication no
|
GSSAPIAuthentication no
|
||||||
- path: /etc/sysctl.d/20-silence-audit.conf
|
|
||||||
contents:
|
|
||||||
inline: |
|
|
||||||
# Raise console message logging level from DEBUG (7) to WARNING (4)
|
|
||||||
# so that audit messages don't get interspersed on the console that
|
|
||||||
# may frustrate a user trying to interactively log in.
|
|
||||||
kernel.printk=4
|
|
||||||
links:
|
links:
|
||||||
- path: /etc/localtime
|
- path: /etc/localtime
|
||||||
target: ../usr/share/zoneinfo/America/New_York
|
target: ../usr/share/zoneinfo/America/New_York
|
||||||
@ -185,3 +180,4 @@ kernel_arguments:
|
|||||||
- sysctl.kernel.perf_event_paranoid=3
|
- sysctl.kernel.perf_event_paranoid=3
|
||||||
- sysctl.net.ipv6.conf.all.accept_ra=0
|
- sysctl.net.ipv6.conf.all.accept_ra=0
|
||||||
- sysctl.net.ipv6.conf.default.accept_ra=0
|
- sysctl.net.ipv6.conf.default.accept_ra=0
|
||||||
|
- sysctl.kernel.printk=4
|
||||||
|
File diff suppressed because one or more lines are too long
14
Generic.yml
14
Generic.yml
@ -77,9 +77,10 @@ systemd:
|
|||||||
mask: true
|
mask: true
|
||||||
storage:
|
storage:
|
||||||
files:
|
files:
|
||||||
- path: /etc/ssh/sshd_config.d/60-disable-GSSAPI.conf
|
- path: /etc/ssh/sshd_config.d/10-custom.conf
|
||||||
contents:
|
contents:
|
||||||
inline: |
|
inline: |
|
||||||
|
X11Forwarding no
|
||||||
GSSAPIAuthentication no
|
GSSAPIAuthentication no
|
||||||
- path: /etc/zincati/config.d/51-rollout-wariness.toml
|
- path: /etc/zincati/config.d/51-rollout-wariness.toml
|
||||||
contents:
|
contents:
|
||||||
@ -120,18 +121,12 @@ storage:
|
|||||||
contents:
|
contents:
|
||||||
inline: |
|
inline: |
|
||||||
* hard core 0
|
* hard core 0
|
||||||
- path: /etc/ssh/ssh_config.d/60-disable-GSSAPI.conf
|
- path: /etc/ssh/ssh_config.d/10-custom.conf
|
||||||
overwrite: true
|
overwrite: true
|
||||||
contents:
|
contents:
|
||||||
inline: |
|
inline: |
|
||||||
|
X11Forwarding no
|
||||||
GSSAPIAuthentication no
|
GSSAPIAuthentication no
|
||||||
- path: /etc/sysctl.d/20-silence-audit.conf
|
|
||||||
contents:
|
|
||||||
inline: |
|
|
||||||
# Raise console message logging level from DEBUG (7) to WARNING (4)
|
|
||||||
# so that audit messages don't get interspersed on the console that
|
|
||||||
# may frustrate a user trying to interactively log in.
|
|
||||||
kernel.printk=4
|
|
||||||
links:
|
links:
|
||||||
- path: /etc/localtime
|
- path: /etc/localtime
|
||||||
target: ../usr/share/zoneinfo/America/New_York
|
target: ../usr/share/zoneinfo/America/New_York
|
||||||
@ -189,3 +184,4 @@ kernel_arguments:
|
|||||||
- sysctl.kernel.perf_event_paranoid=3
|
- sysctl.kernel.perf_event_paranoid=3
|
||||||
- sysctl.net.ipv6.conf.all.accept_ra=0
|
- sysctl.net.ipv6.conf.all.accept_ra=0
|
||||||
- sysctl.net.ipv6.conf.default.accept_ra=0
|
- sysctl.net.ipv6.conf.default.accept_ra=0
|
||||||
|
- kernel.printk=4
|
File diff suppressed because one or more lines are too long
15
GitLab.yml
15
GitLab.yml
@ -79,9 +79,10 @@ systemd:
|
|||||||
mask: true
|
mask: true
|
||||||
storage:
|
storage:
|
||||||
files:
|
files:
|
||||||
- path: /etc/ssh/sshd_config.d/60-disable-GSSAPI.conf
|
- path: /etc/ssh/sshd_config.d/10-custom.conf
|
||||||
contents:
|
contents:
|
||||||
inline: |
|
inline: |
|
||||||
|
X11Forwarding no
|
||||||
GSSAPIAuthentication no
|
GSSAPIAuthentication no
|
||||||
- path: /etc/zincati/config.d/51-rollout-wariness.toml
|
- path: /etc/zincati/config.d/51-rollout-wariness.toml
|
||||||
contents:
|
contents:
|
||||||
@ -122,18 +123,12 @@ storage:
|
|||||||
contents:
|
contents:
|
||||||
inline: |
|
inline: |
|
||||||
* hard core 0
|
* hard core 0
|
||||||
- path: /etc/ssh/ssh_config.d/60-disable-GSSAPI.conf
|
- path: /etc/ssh/ssh_config.d/10-custom.conf
|
||||||
overwrite: true
|
overwrite: true
|
||||||
contents:
|
contents:
|
||||||
inline: |
|
inline: |
|
||||||
|
X11Forwarding no
|
||||||
GSSAPIAuthentication no
|
GSSAPIAuthentication no
|
||||||
- path: /etc/sysctl.d/20-silence-audit.conf
|
|
||||||
contents:
|
|
||||||
inline: |
|
|
||||||
# Raise console message logging level from DEBUG (7) to WARNING (4)
|
|
||||||
# so that audit messages don't get interspersed on the console that
|
|
||||||
# may frustrate a user trying to interactively log in.
|
|
||||||
kernel.printk=4
|
|
||||||
links:
|
links:
|
||||||
- path: /etc/localtime
|
- path: /etc/localtime
|
||||||
target: ../usr/share/zoneinfo/America/New_York
|
target: ../usr/share/zoneinfo/America/New_York
|
||||||
@ -191,3 +186,5 @@ kernel_arguments:
|
|||||||
- sysctl.kernel.perf_event_paranoid=3
|
- sysctl.kernel.perf_event_paranoid=3
|
||||||
- sysctl.net.ipv6.conf.all.accept_ra=0
|
- sysctl.net.ipv6.conf.all.accept_ra=0
|
||||||
- sysctl.net.ipv6.conf.default.accept_ra=0
|
- sysctl.net.ipv6.conf.default.accept_ra=0
|
||||||
|
- sysctl.kernel.printk=4
|
||||||
|
|
File diff suppressed because one or more lines are too long
@ -78,9 +78,10 @@ systemd:
|
|||||||
mask: true
|
mask: true
|
||||||
storage:
|
storage:
|
||||||
files:
|
files:
|
||||||
- path: /etc/ssh/sshd_config.d/60-disable-GSSAPI.conf
|
- path: /etc/ssh/sshd_config.d/10-custom.conf
|
||||||
contents:
|
contents:
|
||||||
inline: |
|
inline: |
|
||||||
|
X11Forwarding no
|
||||||
GSSAPIAuthentication no
|
GSSAPIAuthentication no
|
||||||
- path: /etc/zincati/config.d/51-rollout-wariness.toml
|
- path: /etc/zincati/config.d/51-rollout-wariness.toml
|
||||||
contents:
|
contents:
|
||||||
@ -121,18 +122,12 @@ storage:
|
|||||||
contents:
|
contents:
|
||||||
inline: |
|
inline: |
|
||||||
* hard core 0
|
* hard core 0
|
||||||
- path: /etc/ssh/ssh_config.d/60-disable-GSSAPI.conf
|
- path: /etc/ssh/ssh_config.d/10-custom.conf
|
||||||
overwrite: true
|
overwrite: true
|
||||||
contents:
|
contents:
|
||||||
inline: |
|
inline: |
|
||||||
|
X11Forwarding no
|
||||||
GSSAPIAuthentication no
|
GSSAPIAuthentication no
|
||||||
- path: /etc/sysctl.d/20-silence-audit.conf
|
|
||||||
contents:
|
|
||||||
inline: |
|
|
||||||
# Raise console message logging level from DEBUG (7) to WARNING (4)
|
|
||||||
# so that audit messages don't get interspersed on the console that
|
|
||||||
# may frustrate a user trying to interactively log in.
|
|
||||||
kernel.printk=4
|
|
||||||
links:
|
links:
|
||||||
- path: /etc/localtime
|
- path: /etc/localtime
|
||||||
target: ../usr/share/zoneinfo/America/New_York
|
target: ../usr/share/zoneinfo/America/New_York
|
||||||
@ -190,3 +185,4 @@ kernel_arguments:
|
|||||||
- sysctl.kernel.perf_event_paranoid=3
|
- sysctl.kernel.perf_event_paranoid=3
|
||||||
- sysctl.net.ipv6.conf.all.accept_ra=0
|
- sysctl.net.ipv6.conf.all.accept_ra=0
|
||||||
- sysctl.net.ipv6.conf.default.accept_ra=0
|
- sysctl.net.ipv6.conf.default.accept_ra=0
|
||||||
|
- sysctl.kernel.printk=4
|
Loading…
Reference in New Issue
Block a user