starlingx
/
tools
Code Issues Proposed changes
tools/debian-mirror-tools/config/debian/common
History
Carmen Rata 5527d0df46 Disallow remote login as root 
This commit fixes a security vulnerability found by a NESSUS Scan
in the sshd configuration. The ssh login as root is allowed in
"/etc/ssh/sshd_config" due to "PermitRootLogin" set to "yes".
It should be disallowed, and the setting of "PermitRootLogin"
should be "no". The fix is to remove the section pertaining to
"Allow root ssh login" in "base_bullseye.yaml", which is a leftover
cleanup from the Debian integration.

Test Plan:
PASS: Verify the stx build installs correctly in an AIO-SX system
configuration.
PASS: Verify the "PermitRootLogin" is set to "no" in
"/etc/ssh/sshd_config" file.
PASS: Verify that remote ssh as user root is not successful.

Closes-Bug: 2051473

Signed-off-by: Carmen Rata <carmen.rata@windriver.com>
Change-Id: Iee29cf2d5ade6268dcafcb0f3eb12d5f9afefc88
 		2024-01-29 15:12:10 +00:00
..
base-bullseye.lst curl: Upgrade to 7.74.0-1.3+deb11u11 2024-01-14 02:35:09 +00:00
base-bullseye.yaml Disallow remote login as root 2024-01-29 15:12:10 +00:00
base-initramfs-bullseye.yaml Remove kernel pkgs with abiname in yaml config files 2023-09-22 02:30:41 -04:00
never_reuse.lst Add never_reuse.lst for some special packages 2023-04-26 18:23:24 +08:00