Compare commits

...

3 Commits

5 changed files with 96 additions and 2 deletions

View File

@ -3,11 +3,24 @@ skip-test=AUTH-9286
skip-test=PRNT-2307
skip-test=USB-1000
skip-test=STRG-1846
skip-test=STRG-1840
skip-test=PRNT-2308
skip-test=FILE-6310
skip-test=BOOT-5122
skip-test=BOOT-5260
skip-test=KRNL-5788
skip-test=AUTH-9308
# Disable /etc/issue checking
skip-test=BANN-7126
skip-test=BANN-7130
# Disable some SSH feature checks that we intend to keep
skip-test=SSH-7408:tcpkeepalive
skip-test=SSH-7408:allowtcpforwarding
skip-test=SSH-7408:compression
skip-test=SSH-7408:port
skip-test=BANN-7126
skip-test=BANN-7130
# Old packages
skip-test=CUST-0810
skip-test=CUST-0285

9
rc.local/etc/rc.local Normal file
View File

@ -0,0 +1,9 @@
#!/bin/bash
# /etc/rc.local
# file needed to correctly load kernel parameters at boot time
# on Ubuntu (ex. to disable ipv6) without modifying grub
/etc/sysctl.d
/etc/init.d/procps restart
exit 0

View File

@ -0,0 +1,62 @@
# /etc/security/limits.conf
#
#This file sets the resource limits for the users logged in via PAM.
#It does not affect resource limits of the system services.
#
#Also note that configuration files in /etc/security/limits.d directory,
#which are read in alphabetical order, override the settings in this
#file in case the domain is the same or more specific.
#That means for example that setting a limit for wildcard domain here
#can be overriden with a wildcard setting in a config file in the
#subdirectory, but a user specific setting here can be overriden only
#with a user specific setting in the subdirectory.
#
#Each line describes a limit for a user in the form:
#
#<domain> <type> <item> <value>
#
#Where:
#<domain> can be:
# - a user name
# - a group name, with @group syntax
# - the wildcard *, for default entry
# - the wildcard %, can be also used with %group syntax,
# for maxlogin limit
#
#<type> can have the two values:
# - "soft" for enforcing the soft limits
# - "hard" for enforcing hard limits
#
#<item> can be one of the following:
# - core - limits the core file size (KB)
# - data - max data size (KB)
# - fsize - maximum filesize (KB)
# - memlock - max locked-in-memory address space (KB)
# - nofile - max number of open file descriptors
# - rss - max resident set size (KB)
# - stack - max stack size (KB)
# - cpu - max CPU time (MIN)
# - nproc - max number of processes
# - as - address space limit (KB)
# - maxlogins - max number of logins for this user
# - maxsyslogins - max number of logins on the system
# - priority - the priority to run user process with
# - locks - max number of file locks the user can hold
# - sigpending - max number of pending signals
# - msgqueue - max memory used by POSIX message queues (bytes)
# - nice - max nice priority allowed to raise to values: [-20, 19]
# - rtprio - max realtime priority
#
#<domain> <type> <item> <value>
#
* soft core 0
* hard core 0
#* hard rss 10000
#@student hard nproc 20
#@faculty soft nproc 20
#@faculty hard nproc 50
#ftp hard nproc 0
#@student - maxlogins 4
# End of file

View File

@ -10,12 +10,18 @@ PermitRootLogin WITHOUT-PASSWORD
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
IgnoreRhosts yes
MaxSessions 4
MaxAuthTries 4
ClientAliveCountMax 2
LogLevel VERBOSE
PasswordAuthentication no
ChallengeResponseAuthentication no
GSSAPIAuthentication no
UsePAM yes
PrintMotd no
X11Forwarding no
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
Subsystem sftp /usr/lib/openssh/sftp-server

View File

@ -35,6 +35,10 @@ net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_timestamps = 1
# Uncomment do disable ipv6
#net.ipv6.conf.all.disable_ipv6=1
#net.ipv6.conf.default.disable_ipv6=1
#net.ipv6.conf.lo.disable_ipv6=1
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.all.accept_source_route = 0