forked from pyllyukko/harden.yml
-
Notifications
You must be signed in to change notification settings - Fork 0
/
vars.yml
40 lines (40 loc) · 931 Bytes
/
vars.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
---
allowed_group: users
log_retention_time_in_months: 6
slackware_services:
- inetd
- yp
- cups
- cups-browsed
debian_services:
- avahi-daemon
- bluetooth
- hciuart
- cups
- cups-browsed
- atd
- ModemManager
- triggerhappy
- xinetd
- inetd
# for servers
#- triggerhappy
#- wpa_supplicant
#- alsa-restore
#- alsa-state
#- hciuart
allowed_services:
- sshd
allowed_tcp_ports:
- 22
sshd_config:
Ciphers: aes256-ctr,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
MACs: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
KexAlgorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256
HostKeyAlgorithms: ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,ssh-rsa
MaxAuthTries: 3
# Value from system-hardening-10.2.txt
fail_delay: 20
timeout: 15
nproc_limit: 4096
crypt_rounds: 500000