1
0
mirror of https://github.com/tommytran732/Fedora-CoreOS-Ignition synced 2024-11-22 17:21:34 -05:00

Update SSHD and Kernel configs

Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2022-09-12 17:58:29 -04:00
parent 254eeaef42
commit c75d4a363a
No known key found for this signature in database
GPG Key ID: 060B29EB996BD9F2
8 changed files with 29 additions and 44 deletions

File diff suppressed because one or more lines are too long

View File

@ -59,9 +59,10 @@ systemd:
mask: true mask: true
storage: storage:
files: files:
- path: /etc/ssh/sshd_config.d/60-disable-GSSAPI.conf - path: /etc/ssh/sshd_config.d/10-custom.conf
contents: contents:
inline: | inline: |
X11Forwarding no
GSSAPIAuthentication no GSSAPIAuthentication no
- path: /etc/zincati/config.d/51-rollout-wariness.toml - path: /etc/zincati/config.d/51-rollout-wariness.toml
contents: contents:
@ -114,18 +115,12 @@ storage:
contents: contents:
inline: | inline: |
* hard core 0 * hard core 0
- path: /etc/ssh/ssh_config.d/60-disable-GSSAPI.conf - path: /etc/ssh/ssh_config.d/10-custom.conf
overwrite: true overwrite: true
contents: contents:
inline: | inline: |
X11Forwarding no
GSSAPIAuthentication no GSSAPIAuthentication no
- path: /etc/sysctl.d/20-silence-audit.conf
contents:
inline: |
# Raise console message logging level from DEBUG (7) to WARNING (4)
# so that audit messages don't get interspersed on the console that
# may frustrate a user trying to interactively log in.
kernel.printk=4
links: links:
- path: /etc/localtime - path: /etc/localtime
target: ../usr/share/zoneinfo/America/New_York target: ../usr/share/zoneinfo/America/New_York
@ -185,3 +180,4 @@ kernel_arguments:
- sysctl.kernel.perf_event_paranoid=3 - sysctl.kernel.perf_event_paranoid=3
- sysctl.net.ipv6.conf.all.accept_ra=0 - sysctl.net.ipv6.conf.all.accept_ra=0
- sysctl.net.ipv6.conf.default.accept_ra=0 - sysctl.net.ipv6.conf.default.accept_ra=0
- sysctl.kernel.printk=4

File diff suppressed because one or more lines are too long

View File

@ -77,9 +77,10 @@ systemd:
mask: true mask: true
storage: storage:
files: files:
- path: /etc/ssh/sshd_config.d/60-disable-GSSAPI.conf - path: /etc/ssh/sshd_config.d/10-custom.conf
contents: contents:
inline: | inline: |
X11Forwarding no
GSSAPIAuthentication no GSSAPIAuthentication no
- path: /etc/zincati/config.d/51-rollout-wariness.toml - path: /etc/zincati/config.d/51-rollout-wariness.toml
contents: contents:
@ -120,18 +121,12 @@ storage:
contents: contents:
inline: | inline: |
* hard core 0 * hard core 0
- path: /etc/ssh/ssh_config.d/60-disable-GSSAPI.conf - path: /etc/ssh/ssh_config.d/10-custom.conf
overwrite: true overwrite: true
contents: contents:
inline: | inline: |
X11Forwarding no
GSSAPIAuthentication no GSSAPIAuthentication no
- path: /etc/sysctl.d/20-silence-audit.conf
contents:
inline: |
# Raise console message logging level from DEBUG (7) to WARNING (4)
# so that audit messages don't get interspersed on the console that
# may frustrate a user trying to interactively log in.
kernel.printk=4
links: links:
- path: /etc/localtime - path: /etc/localtime
target: ../usr/share/zoneinfo/America/New_York target: ../usr/share/zoneinfo/America/New_York
@ -189,3 +184,4 @@ kernel_arguments:
- sysctl.kernel.perf_event_paranoid=3 - sysctl.kernel.perf_event_paranoid=3
- sysctl.net.ipv6.conf.all.accept_ra=0 - sysctl.net.ipv6.conf.all.accept_ra=0
- sysctl.net.ipv6.conf.default.accept_ra=0 - sysctl.net.ipv6.conf.default.accept_ra=0
- kernel.printk=4

File diff suppressed because one or more lines are too long

View File

@ -79,9 +79,10 @@ systemd:
mask: true mask: true
storage: storage:
files: files:
- path: /etc/ssh/sshd_config.d/60-disable-GSSAPI.conf - path: /etc/ssh/sshd_config.d/10-custom.conf
contents: contents:
inline: | inline: |
X11Forwarding no
GSSAPIAuthentication no GSSAPIAuthentication no
- path: /etc/zincati/config.d/51-rollout-wariness.toml - path: /etc/zincati/config.d/51-rollout-wariness.toml
contents: contents:
@ -122,18 +123,12 @@ storage:
contents: contents:
inline: | inline: |
* hard core 0 * hard core 0
- path: /etc/ssh/ssh_config.d/60-disable-GSSAPI.conf - path: /etc/ssh/ssh_config.d/10-custom.conf
overwrite: true overwrite: true
contents: contents:
inline: | inline: |
X11Forwarding no
GSSAPIAuthentication no GSSAPIAuthentication no
- path: /etc/sysctl.d/20-silence-audit.conf
contents:
inline: |
# Raise console message logging level from DEBUG (7) to WARNING (4)
# so that audit messages don't get interspersed on the console that
# may frustrate a user trying to interactively log in.
kernel.printk=4
links: links:
- path: /etc/localtime - path: /etc/localtime
target: ../usr/share/zoneinfo/America/New_York target: ../usr/share/zoneinfo/America/New_York
@ -191,3 +186,5 @@ kernel_arguments:
- sysctl.kernel.perf_event_paranoid=3 - sysctl.kernel.perf_event_paranoid=3
- sysctl.net.ipv6.conf.all.accept_ra=0 - sysctl.net.ipv6.conf.all.accept_ra=0
- sysctl.net.ipv6.conf.default.accept_ra=0 - sysctl.net.ipv6.conf.default.accept_ra=0
- sysctl.kernel.printk=4

File diff suppressed because one or more lines are too long

View File

@ -78,9 +78,10 @@ systemd:
mask: true mask: true
storage: storage:
files: files:
- path: /etc/ssh/sshd_config.d/60-disable-GSSAPI.conf - path: /etc/ssh/sshd_config.d/10-custom.conf
contents: contents:
inline: | inline: |
X11Forwarding no
GSSAPIAuthentication no GSSAPIAuthentication no
- path: /etc/zincati/config.d/51-rollout-wariness.toml - path: /etc/zincati/config.d/51-rollout-wariness.toml
contents: contents:
@ -121,18 +122,12 @@ storage:
contents: contents:
inline: | inline: |
* hard core 0 * hard core 0
- path: /etc/ssh/ssh_config.d/60-disable-GSSAPI.conf - path: /etc/ssh/ssh_config.d/10-custom.conf
overwrite: true overwrite: true
contents: contents:
inline: | inline: |
X11Forwarding no
GSSAPIAuthentication no GSSAPIAuthentication no
- path: /etc/sysctl.d/20-silence-audit.conf
contents:
inline: |
# Raise console message logging level from DEBUG (7) to WARNING (4)
# so that audit messages don't get interspersed on the console that
# may frustrate a user trying to interactively log in.
kernel.printk=4
links: links:
- path: /etc/localtime - path: /etc/localtime
target: ../usr/share/zoneinfo/America/New_York target: ../usr/share/zoneinfo/America/New_York
@ -190,3 +185,4 @@ kernel_arguments:
- sysctl.kernel.perf_event_paranoid=3 - sysctl.kernel.perf_event_paranoid=3
- sysctl.net.ipv6.conf.all.accept_ra=0 - sysctl.net.ipv6.conf.all.accept_ra=0
- sysctl.net.ipv6.conf.default.accept_ra=0 - sysctl.net.ipv6.conf.default.accept_ra=0
- sysctl.kernel.printk=4