linx/StateGrid
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

modified: install_shell/audit_patch.sh

Browse Source 
deleted:    install_shell/cgroup-d5000-install/42-2014-01-15-062120/README
	deleted:    install_shell/cgroup-d5000-install/42-2014-01-15-062120/install.sh
	modified:   install_shell/cgroup-d5000-install/install.sh
	modified:   install_shell/create_users.sh
	modified:   install_shell/ntpd_cron_patch.sh
	modified:   install_shell/other.sh
	modified:   install_shell/set_network.sh
	modified:   install_shell/set_ssh.sh
	modified:   setup.sh

Signed-off-by: Qin Bo <bqin@linx-info.com>
This commit is contained in:
Qin Bo
2014-02-19 11:12:23 +08:00
parent 2235771f09
commit 39d88f389f
10 changed files with 1 additions and 261 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
install_shell/set_ssh.sh
View File

@@ -5,43 +5,6 @@
# sshd_config
SSHD_CONFIG=/etc/ssh/sshd_config
check_config $SSHD_CONFIG ChallengeResponseAuthentication no
if [ $rtn -eq 1 ]; then
sed -i '/ChallengeResponseAuthentication/s@yes@no@' $SSHD_CONFIG
elif [ $rtn -eq 2 ]; then
echo 'ChallengeResponseAuthentication no' >> $SSHD_CONFIG
fi
check_config $SSHD_CONFIG UsePAM yes
if [ $rtn -eq 1 ]; then
sed -i '/UsePAM/s@no@yes@' $SSHD_CONFIG
elif [ $rtn -eq 2 ]; then
echo 'UsePAM yes' >> $SSHD_CONFIG
fi
check_config $SSHD_CONFIG X11Forwarding yes
if [ $rtn -eq 1 ]; then
sed -i '/X11Forwarding/s@no@yes@' $SSHD_CONFIG
elif [ $rtn -eq 2 ]; then
echo 'X11Forwarding yes' >> $SSHD_CONFIG
fi
check_config $SSHD_CONFIG UseDNS no
if [ $rtn -eq 1 ]; then
sed -i '/UseDNS/s@yes@no@' $SSHD_CONFIG
elif [ $rtn -eq 2 ]; then
echo 'UseDNS no' >> $SSHD_CONFIG
fi
check_config $SSHD_CONFIG MaxStartups 60
if [ $rtn -eq 1 ]; then
sed -i '/MaxStartups/d' $SSHD_CONFIG
echo 'MaxStartups 60' >> $SSHD_CONFIG
elif [ $rtn -eq 2 ]; then
echo 'MaxStartups 60' >> $SSHD_CONFIG
fi
SSH_CONFIG=/etc/ssh/ssh_config
check_config $SSH_CONFIG StrictHostKeyChecking no
@@ -60,25 +23,6 @@ elif [ $rtn -eq 2 ]; then
echo 'IgnoreUserKnownHosts yes' >> $SSHD_CONFIG
fi
sed -i '/AddressFamily/d' $SSHD_CONFIG
sed -i "/^ListenAddress/i\AddressFamily inet" ${SSHD_CONFIG}
# openssh-cap.conf
cat > /etc/security/capability/openssh-cap.conf <<EOF
/usr/sbin/sshd
{
cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_sys_resource+ep
}
EOF
setcap -f /etc/security/capability/openssh-cap.conf
grep 'pam_limits.so' /etc/pam.d/kde &>/dev/null
if [ ! $? -eq 0 ]; then
echo "session required /lib64/security/pam_limits.so" >> /etc/pam.d/kde
fi
# To create ssh key..
USERNAME=$1