From 29a3993155a2dbdd750ae3aefca40ff57db65b40 Mon Sep 17 00:00:00 2001
From: Tommy <contact@tommytran.io>
Date: Fri, 17 May 2024 15:34:33 -0700
Subject: [PATCH] Add ssh hardening

Signed-off-by: Tommy <contact@tommytran.io>
---
 Fedora-Server-40.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Fedora-Server-40.sh b/Fedora-Server-40.sh
index 57e37a8..bb2af66 100644
--- a/Fedora-Server-40.sh
+++ b/Fedora-Server-40.sh
@@ -53,6 +53,9 @@ sudo /usr/bin/sed -i 's/\s+nullok//g' /etc/pam.d/system-auth
 unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/ssh/ssh_config.d/10-custom.conf | sudo tee /etc/ssh/ssh_config.d/10-custom.conf
 sudo chmod 644 /etc/ssh/ssh_config.d/10-custom.conf
 unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/ssh/sshd_config.d/10-custom.conf | sudo tee /etc/ssh/sshd_config.d/10-custom.conf
+unpriv curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/systemd/system/sshd.service.d/local.conf | sudo tee /etc/systemd/system/ssh.service.d/override.conf
+sudo systemctl daemon-reload
+sudo systemctl restart sshd
 
 # Security kernel settings
 unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/modprobe.d/30_security-misc.conf | sudo tee /etc/modprobe.d/30_security-misc.conf