chef-ssh-hardening
chef-ssh-hardening copied to clipboard
dev-sec
This chef cookbook provides secure ssh-client and ssh-server configurations.
**Is your feature request related to a problem? Please describe.** I have changed the `ports` attribute in order to avoid attackers to find it to easily but this cookbook change...
This change is automatically generated by the Cookstyle Bot using the latest version of Cookstyle (7.31.1). Adopting changes suggested by Cookstyle improves cookbook readability, avoids common coding mistakes, and eases...
![cookstyle[bot] avatar](https://avatars.githubusercontent.com/in/78849?v=4 "cookstyle[bot] avatar"){kind=avatar}
Simple change to add support for CentOS 8 alternatives Rocky Linux and Almalinux Ref: https://docs.chef.io/infra_language/checking_platforms/
**Is your feature request related to a problem? Please describe.** The test specs from [ssh-baseline](https://github.com/dev-sec/ssh-baseline) are failing with Debian 11 because this repo is missing the logic for handling Debian...
**Describe the bug** SSH hardening regressed on Amazon Linux 1, no package `policycoreutils-python-utils` exists. **Expected behavior** Cookbook completes w/o error. **Actual behavior** ```paste below Chef::Exceptions::Package ------------------------- No candidate version available...
attributes/default.rb if node['platform_family'] == 'fedora' || # rubocop:disable Style/ConditionalAssignment node['platform_family'] == 'rhel' && node['platform_version'].to_f >= 8 default['ssh-hardening']['selinux']['package'] = 'policycoreutils-python-utils' else default['ssh-hardening']['selinux']['package'] = 'policycoreutils-python' end
**Is your feature request related to a problem? Please describe.** Set by this cookbook, on CentOS 7 there is no syslog facility named `AUTH` available by default causing all logging...
Brings in-line with https://github.com/dev-sec/ssh-baseline/pull/186 Closes #229
