[D-community-commits] r352 - in trunk/fai-config-dir: files/etc/logcheck/ignore.d.server files/etc/logcheck/ignore.d.server/local-ssh scripts/DEFAULT

[holger at alioth.debian.org]

Author: holger
Date: 2008-10-22 13:21:03 +0000 (Wed, 22 Oct 2008)
New Revision: 352

Added:
   trunk/fai-config-dir/files/etc/logcheck/ignore.d.server/local-ssh/
   trunk/fai-config-dir/files/etc/logcheck/ignore.d.server/local-ssh/DEFAULT
   trunk/fai-config-dir/scripts/DEFAULT/50-ssh
   trunk/fai-config-dir/scripts/DEFAULT/55-ssh
Log:
disable root login and be quiet about attempts to do so

Added: trunk/fai-config-dir/files/etc/logcheck/ignore.d.server/local-ssh/DEFAULT
===================================================================
--- trunk/fai-config-dir/files/etc/logcheck/ignore.d.server/local-ssh/DEFAULT	                        (rev 0)
+++ trunk/fai-config-dir/files/etc/logcheck/ignore.d.server/local-ssh/DEFAULT	2008-10-22 13:21:03 UTC (rev 352)
@@ -0,0 +1 @@
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Failed password for root from [.0-9]+ port [0-9]+ ssh2$

Added: trunk/fai-config-dir/scripts/DEFAULT/50-ssh
===================================================================
--- trunk/fai-config-dir/scripts/DEFAULT/50-ssh	                        (rev 0)
+++ trunk/fai-config-dir/scripts/DEFAULT/50-ssh	2008-10-22 13:21:03 UTC (rev 352)
@@ -0,0 +1,16 @@
+#! /usr/sbin/cfagent -f
+
+control:
+   any::
+   actionsequence = ( files directories editfiles )
+   EditFileSize = ( 30000 )
+
+files:
+   any::
+
+editfiles:
+   any::
+	# disable root logins
+	{ ${target}/etc/ssh/sshd_config
+	  ReplaceAll "PermitRootLogin yes" With "PermitRootLogin no"
+	}


Property changes on: trunk/fai-config-dir/scripts/DEFAULT/50-ssh
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/fai-config-dir/scripts/DEFAULT/55-ssh
===================================================================
--- trunk/fai-config-dir/scripts/DEFAULT/55-ssh	                        (rev 0)
+++ trunk/fai-config-dir/scripts/DEFAULT/55-ssh	2008-10-22 13:21:03 UTC (rev 352)
@@ -0,0 +1,9 @@
+#! /bin/sh
+
+#
+#        (c) 2008 Holger Levsen         holger at layer-acht.org
+#        GPL2 licenced
+#
+
+$ROOTCMD /etc/init.d/ssh restart
+


Property changes on: trunk/fai-config-dir/scripts/DEFAULT/55-ssh
___________________________________________________________________
Name: svn:executable
   + *