Disallow remote login as root
This commit fixes a security vulnerability found by a NESSUS Scan in the sshd configuration. The ssh login as root is allowed in "/etc/ssh/sshd_config" due to "PermitRootLogin" set to "yes". It should be disallowed, and the setting of "PermitRootLogin" should be "no". The fix is to remove the section pertaining to "Allow root ssh login" in "base_bullseye.yaml", which is a leftover cleanup from the Debian integration. Test Plan: PASS: Verify the stx build installs correctly in an AIO-SX system configuration. PASS: Verify the "PermitRootLogin" is set to "no" in "/etc/ssh/sshd_config" file. PASS: Verify that remote ssh as user root is not successful. Closes-Bug: 2051473 Signed-off-by: Carmen Rata <carmen.rata@windriver.com> Change-Id: Iee29cf2d5ade6268dcafcb0f3eb12d5f9afefc88
This commit is contained in:
parent
fcf426cf15
commit
5527d0df46
|
@ -58,10 +58,6 @@ rootfs-post-scripts:
|
|||
- |-
|
||||
# Set bash as default shell
|
||||
ln -snf --relative $IMAGE_ROOTFS/bin/bash $IMAGE_ROOTFS/bin/sh
|
||||
- |-
|
||||
# Allow root ssh login
|
||||
export PATH=/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
|
||||
chroot $IMAGE_ROOTFS sed -i 's/^[#[:space:]]*PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config
|
||||
- |-
|
||||
# FIXME: OSTree will not set up a link to scratch automagically. Need to
|
||||
# relocate scratch to a more ostree friendly locale
|
||||
|
|
Loading…
Reference in New Issue