Add SSH hardening and kernel security configurations
- config/ssh/sshd_config_hardening: Enhanced SSH security settings - config/ssh/banner: Legal warning banner for SSH connections - config/sysctl/99-security.conf: Kernel network and memory protection parameters - Includes deployment instructions for system-level hardening
This commit is contained in:
22
config/ssh/sshd_config_hardening
Normal file
22
config/ssh/sshd_config_hardening
Normal file
@@ -0,0 +1,22 @@
|
||||
# SSH Hardening Configuration
|
||||
# Deploy by appending to: /etc/ssh/sshd_config
|
||||
#
|
||||
# Setup commands:
|
||||
# sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.backup
|
||||
# sudo cat config/ssh/sshd_config_hardening >> /etc/ssh/sshd_config
|
||||
# sudo sshd -t
|
||||
# sudo systemctl restart sshd
|
||||
|
||||
# Enhanced security settings
|
||||
ClientAliveInterval 300
|
||||
ClientAliveCountMax 2
|
||||
Compression no
|
||||
LogLevel VERBOSE
|
||||
MaxSessions 3
|
||||
TCPKeepAlive no
|
||||
X11Forwarding no
|
||||
AllowAgentForwarding no
|
||||
AllowTcpForwarding no
|
||||
GatewayPorts no
|
||||
PermitTunnel no
|
||||
Banner /etc/ssh/banner
|
||||
Reference in New Issue
Block a user