aviallon/nixos-lib
1
0
Fork 0
mirror of https://github.com/aviallon/nixos-lib.git synced 2026-04-06 01:38:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

[Hardening] Forbid sudo usage by non-wheel users

Browse source
This commit is contained in:
Antoine Viallon 2023-01-01 20:04:23 +01:00
parent bab9dfb6c8
commit c4dda59100
Signed by: aviallon
GPG key ID: 186FC35EDEB25716
1 changed files with 2 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
hardening.nix
View file

@ -47,6 +47,8 @@ in
aviallon.hardening.expensive = mkIf cfg.hardcore (mkForce true); aviallon.hardening.expensive = mkIf cfg.hardcore (mkForce true);
security.sudo.execWheelOnly = true;
services.openssh.permitRootLogin = "prohibit-password"; services.openssh.permitRootLogin = "prohibit-password";
security.apparmor.enable = true; security.apparmor.enable = true;