edwin
/
ubuntu-24.04-lts-cloud-script
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update 'cloud_setup.sh'

Browse Source
main
Edwin Lyon 2 months ago
parent 8bba0b6480
commit d2abbadcc1
1 changed files with 10 additions and 11 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 19
      cloud_setup.sh

19
cloud_setup.sh
Unescape View File

@ -47,20 +47,19 @@ cat <<-EOF > /etc/ssh/sshd_config
HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
AcceptEnv LANG LC_*
AllowGroups root sudo
Banner /etc/issue.net
ChallengeResponseAuthentication no
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr
ClientAliveCountMax 0
ClientAliveInterval 300
Compression no
HostbasedAuthentication no
IgnoreUserKnownHosts yes
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
LoginGraceTime 20
LogLevel VERBOSE
Macs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256
MaxAuthTries 3
MaxSessions 3
MaxStartups 10:30:60
@ -72,7 +71,7 @@ PermitUserEnvironment no
PrintLastLog yes
PrintMotd no
StrictModes yes
Subsystem sftp internal-sftp
Subsystem sftp /usr/lib/ssh/sftp-server -f AUTHPRIV -l INFO
UseDNS no
UsePAM yes
X11Forwarding no
@ -246,17 +245,17 @@ EOF
echo 'session optional pam_apparmor.so order=user,group,default' > /etc/pam.d/apparmor
# Rsyslog enable log shipping to centralized syslog server
echo '*.* @@10.128.100.2:514' >> /etc/rsyslog.d/50-default.conf
#echo '*.* @@10.128.100.2:514' >> /etc/rsyslog.d/50-default.conf
# Disable IPv6 in UFW
sed -i "/ipv6=/Id" /etc/default/ufw
echo "IPV6=no" | sudo tee -a /etc/default/ufw
# Enable UFW firewall
ufw allow 22/tcp
ufw allow 80/tcp
ufw allow 443/tcp
ufw enable
#ufw allow 22/tcp
#ufw allow 80/tcp
#ufw allow 443/tcp
#ufw enable
# Enable Services
systemctl enable auditd

Write Preview
Loading…
Cancel
Save