diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/allow-ssh.inc | 2 | ||||
-rw-r--r-- | etc/inc/disable-common.inc | 11 |
2 files changed, 3 insertions, 10 deletions
diff --git a/etc/inc/allow-ssh.inc b/etc/inc/allow-ssh.inc index 024d87be7..6b2c5846e 100644 --- a/etc/inc/allow-ssh.inc +++ b/etc/inc/allow-ssh.inc | |||
@@ -6,7 +6,7 @@ noblacklist ${HOME}/.ssh | |||
6 | noblacklist /etc/ssh | 6 | noblacklist /etc/ssh |
7 | noblacklist /etc/ssh/ssh_config | 7 | noblacklist /etc/ssh/ssh_config |
8 | noblacklist /etc/ssh/ssh_config.d | 8 | noblacklist /etc/ssh/ssh_config.d |
9 | noblacklist ${PATH}/ssh | 9 | noblacklist ${PATH}/ssh* |
10 | noblacklist /tmp/ssh-* | 10 | noblacklist /tmp/ssh-* |
11 | # Arch Linux and derivatives | 11 | # Arch Linux and derivatives |
12 | noblacklist /usr/lib/ssh | 12 | noblacklist /usr/lib/ssh |
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc index ce4f08958..438e90499 100644 --- a/etc/inc/disable-common.inc +++ b/etc/inc/disable-common.inc | |||
@@ -319,16 +319,10 @@ read-only ${HOME}/.zshenv | |||
319 | read-only ${HOME}/.zshrc | 319 | read-only ${HOME}/.zshrc |
320 | read-only ${HOME}/.zshrc.local | 320 | read-only ${HOME}/.zshrc.local |
321 | 321 | ||
322 | # Remote access | 322 | # Remote access - ${HOME}/.ssh directory blacklisted in top secret section below |
323 | blacklist ${HOME}/.rhosts | 323 | blacklist ${HOME}/.rhosts |
324 | blacklist ${HOME}/.shosts | 324 | blacklist ${HOME}/.shosts |
325 | blacklist ${HOME}/.ssh/authorized_keys | ||
326 | blacklist ${HOME}/.ssh/authorized_keys2 | ||
327 | blacklist ${HOME}/.ssh/environment | ||
328 | blacklist ${HOME}/.ssh/rc | ||
329 | blacklist /etc/hosts.equiv | 325 | blacklist /etc/hosts.equiv |
330 | read-only ${HOME}/.ssh/config | ||
331 | read-only ${HOME}/.ssh/config.d | ||
332 | 326 | ||
333 | # Initialization files that allow arbitrary command execution | 327 | # Initialization files that allow arbitrary command execution |
334 | read-only ${HOME}/.caffrc | 328 | read-only ${HOME}/.caffrc |
@@ -536,7 +530,6 @@ blacklist ${PATH}/umount | |||
536 | blacklist ${PATH}/unix_chkpwd | 530 | blacklist ${PATH}/unix_chkpwd |
537 | blacklist ${PATH}/xev | 531 | blacklist ${PATH}/xev |
538 | blacklist ${PATH}/xinput | 532 | blacklist ${PATH}/xinput |
539 | # from 0.9.67 | ||
540 | blacklist /usr/lib/openssh | 533 | blacklist /usr/lib/openssh |
541 | blacklist /usr/lib/ssh | 534 | blacklist /usr/lib/ssh |
542 | blacklist /usr/libexec/openssh | 535 | blacklist /usr/libexec/openssh |
@@ -672,7 +665,7 @@ blacklist ${PATH}/unbound-host | |||
672 | 665 | ||
673 | # prevent an intruder to guess passwords using regular network tools | 666 | # prevent an intruder to guess passwords using regular network tools |
674 | blacklist ${PATH}/ftp | 667 | blacklist ${PATH}/ftp |
675 | blacklist ${PATH}/ssh | 668 | blacklist ${PATH}/ssh* |
676 | blacklist ${PATH}/telnet | 669 | blacklist ${PATH}/telnet |
677 | 670 | ||
678 | # rest of ${RUNUSER} | 671 | # rest of ${RUNUSER} |