aviallon/nixos-lib
1
0
Fork 0
mirror of https://github.com/aviallon/nixos-lib.git synced 2026-04-06 01:38:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

[Hardening] prohibit root ssh login entirely in hardcore mode

Browse source
This commit is contained in:
Antoine Viallon 2024-03-08 23:27:30 +01:00
parent 3080d90d2c
commit 06398f02a6
Signed by: aviallon
GPG key ID: 186FC35EDEB25716
1 changed files with 4 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

5
security/hardening.nix
View file

@ -43,7 +43,10 @@ in
security.sudo.execWheelOnly = true; security.sudo.execWheelOnly = true;
services.openssh.settings.PermitRootLogin = "prohibit-password"; services.openssh.settings.PermitRootLogin =
if cfg.hardcore then
"no"
else "prohibit-password";
security.apparmor.enable = true; security.apparmor.enable = true;
services.dbus.apparmor = "enabled"; services.dbus.apparmor = "enabled";