keremet/mkimage-profiles
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
0a66396735
mkimage-profiles/features.in/control/config.mk
Michael Shigorin 1e39ab3a30 control: added some actual ldv@'s settings 
As noted in the comment, these include a few quite strong ones:
- sshd(8) will only allow in "wheel" and "users" members
  by keys, no password access is allowed;
- password change even by root is subject to quality checks;
- su(8) is only useful to lower privileges and not gain those
  (so root access is available either through local console
  or via use of ssh keys).

Don't use if frowned upon.
2016-02-10 15:11:41 +03:00

24 lines
759 B
Makefile
Raw Blame History

use/control:
@$(call add_feature)
@$(call add,THE_PACKAGES,control)
@$(call xport,CONTROL)
# some presets
use/control/sudo-su: use/control
@$(call add,CONTROL,su:public sudo:public)
# recommended by ldv@ ;-)
# note that:
# - sshd-allow-groups results in "AllowGroups wheel users"
# - unprivileged su is used to drop privileges, not gain those
use/control/server/ldv: use/control
@$(call add,CONTROL,mount:unprivileged)
@$(call add,CONTROL,passwdqc-enforce:everyone)
@$(call add,CONTROL,ping:netadmin)
@$(call add,CONTROL,ping6:restricted)
@$(call add,CONTROL,postqueue:mailadm)
@$(call add,CONTROL,sftp:disabled)
@$(call add,CONTROL,sshd-allow-groups:enabled)
@$(call add,CONTROL,sshd-password-auth:disabled)
@$(call add,CONTROL,su:restricted)
Reference in New Issue View Git Blame Copy Permalink