From d94f54736f48a089c5fa19632c2c42e8da3db5a8 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Sun, 20 Aug 2023 12:26:00 -0400 Subject: disable all ssh utilities in disable-common.inc --- etc/inc/allow-ssh.inc | 2 +- etc/inc/disable-common.inc | 11 ++--------- 2 files changed, 3 insertions(+), 10 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/allow-ssh.inc b/etc/inc/allow-ssh.inc index 024d87be7..6b2c5846e 100644 --- a/etc/inc/allow-ssh.inc +++ b/etc/inc/allow-ssh.inc @@ -6,7 +6,7 @@ noblacklist ${HOME}/.ssh noblacklist /etc/ssh noblacklist /etc/ssh/ssh_config noblacklist /etc/ssh/ssh_config.d -noblacklist ${PATH}/ssh +noblacklist ${PATH}/ssh* noblacklist /tmp/ssh-* # Arch Linux and derivatives noblacklist /usr/lib/ssh diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc index ce4f08958..438e90499 100644 --- a/etc/inc/disable-common.inc +++ b/etc/inc/disable-common.inc @@ -319,16 +319,10 @@ read-only ${HOME}/.zshenv read-only ${HOME}/.zshrc read-only ${HOME}/.zshrc.local -# Remote access +# Remote access - ${HOME}/.ssh directory blacklisted in top secret section below blacklist ${HOME}/.rhosts blacklist ${HOME}/.shosts -blacklist ${HOME}/.ssh/authorized_keys -blacklist ${HOME}/.ssh/authorized_keys2 -blacklist ${HOME}/.ssh/environment -blacklist ${HOME}/.ssh/rc blacklist /etc/hosts.equiv -read-only ${HOME}/.ssh/config -read-only ${HOME}/.ssh/config.d # Initialization files that allow arbitrary command execution read-only ${HOME}/.caffrc @@ -536,7 +530,6 @@ blacklist ${PATH}/umount blacklist ${PATH}/unix_chkpwd blacklist ${PATH}/xev blacklist ${PATH}/xinput -# from 0.9.67 blacklist /usr/lib/openssh blacklist /usr/lib/ssh blacklist /usr/libexec/openssh @@ -672,7 +665,7 @@ blacklist ${PATH}/unbound-host # prevent an intruder to guess passwords using regular network tools blacklist ${PATH}/ftp -blacklist ${PATH}/ssh +blacklist ${PATH}/ssh* blacklist ${PATH}/telnet # rest of ${RUNUSER} -- cgit v1.2.3-54-g00ecf