harden

Documentation

Index

• Constants
• Variables
• func OS(item command.OperationItem) command.RunErr
• type ExternalItem
• type InternalItem
• type Object
• type SSHItem
• type SudoUser

Constants

const (
	SetTMOUTShell = `` /* 161-byte string literal not displayed */

	SetPasswdPolicyShell = `` /* 1080-byte string literal not displayed */

	DenySSHRootLoginShell = `
sed -i "/PermitRootLogin/d" /etc/ssh/sshd_config
echo "PermitRootLogin no" >> /etc/ssh/sshd_config
service sshd restart
`

	HardenSystemLogShell = `
touch /var/log/secure
chown root:root /var/log/secure
chmod 600 /var/log/secure
`
	DenySSHUseDnsShell = `
sed -i "/UseDNS/d" /etc/ssh/sshd_config
echo "UseDNS no" >> /etc/ssh/sshd_config
service sshd restart
`
	DenySSHdAgentForwardingShell = `` /* 226-byte string literal not displayed */

	DeleteCommonUserCronShell = `
rm -f /etc/cron.deny
`
	DeleteZombieProcessCronShell = `` /* 231-byte string literal not displayed */

	HideOSVersionShell = `
mv /etc/issue /etc/issue.bak || true
mv /etc/issue.net /etc/issue.net.bak || true
`
	UnsetRebootByKeyBoardShell = `
rm -rf /usr/lib/systemd/system/ctrl-alt-del.target || true
`
	UnsetICMPTimeStampShell = `` /* 229-byte string literal not displayed */

	LockKeyFileShell = `` /* 160-byte string literal not displayed */

)

Variables

var SetErrPasswdRetryShellTmpl = template.Must(template.New("delUserListTmpl").Parse(dedent.Dedent(
	`{{- if .RetryCount }}
sed -i "/MaxAuthTries/d" /etc/ssh/sshd_config
echo "MaxAuthTries {{ .RetryCount }}" >> /etc/ssh/sshd_config
service sshd restart
{{- end }}
`)))

Functions

func OS

func OS(item command.OperationItem) command.RunErr

Types

type ExternalItem

type ExternalItem struct {
	Harden struct {
		Common struct {
			DenyPing             bool     `yaml:"denyPing"`
			DenyICMPTimeStamp    bool     `yaml:"denyICMPTimeStamp"`
			DenyRebootByKeyBoard bool     `yaml:"denyRebootByKeyBoard"`
			DelUnusedUser        bool     `yaml:"delUnusedUser"`
			HideOSVersion        bool     `yaml:"hideOSVersion"`
			LockKeyFile          bool     `yaml:"lockKeyFile"`
			SetTMOUT             bool     `yaml:"setTMOUT"`
			SetPasswdPolicy      bool     `yaml:"setPasswdPolicy"`
			SetSysLog            bool     `yaml:"setSysLog"`
			PasswdErrRetryCount  int      `yaml:"passwdErrRetryCount"`
			SudoUser             SudoUser `yaml:"sudoUser"`
			UnuseUsers           []string `yaml:"unuseUsers"`
		} `yaml:"common"`
		Ssh  SSHItem `yaml:"ssh"`
		Cron struct {
			DelCommonUserCron       bool `yaml:"delCommonUserCron"`
			SetDelZombieProcessCron bool `yaml:"setDelZombieProcessCron"`
		} `yaml:"cron"`
	} `yaml:"harden"`
}

type InternalItem

type InternalItem struct {
	DenyPing             bool
	DenyICMPTimeStamp    bool
	DenyRebootByKeyBoard bool
	DelUnusedUser        bool
	HideOSVersion        bool
	LockKeyFile          bool
	SetTMOUT             bool
	SetPasswdPolicy      bool
	SetSysLog            bool
	PasswdErrRetryCount  int
	UnUseUsers           []string

	// ssh
	DenySSHUseDns          bool
	DenySSHAgentForwarding bool
	DenyRootLogin          bool
	ModifyServePort        int

	// sudo user
	SetSudoUser bool
	SudoUser    string
	SudoPasswd  string

	// cron
	DelCommonUserCron       bool
	SetDelZombieProcessCron bool
}

type Object

type Object struct {
	Servers     []runner.ServerInternal
	B           []byte
	LocalRun    bool
	SkipConfirm bool
	Logger      *logrus.Logger

	HardenItem ExternalItem
	InternalItem
	// contains filtered or unexported fields
}

Object 加固对象

type SSHItem

type SSHItem struct {
	DenyRootLogin          bool `yaml:"denyRootLogin"`
	DenySSHUseDns          bool `yaml:"denySSHUseDns"`
	DenySSHAgentForwarding bool `yaml:"denySSHAgentForwarding"`
	ModifyServePort        int  `yaml:"modifyServePort"`
}

type SudoUser

type SudoUser struct {
	SetSudoUser bool   `yaml:"setSudoUser"`
	SudoUser    string `yaml:"sudoUser"`
	SudoPasswd  string `yaml:"sudoPasswd"`
}