From: "Peter Müller" <peter.mueller@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] OpenSSH: restrict file permissions for sshd_config to 0600
Date: Sun, 30 May 2021 12:33:31 +0200 [thread overview]
Message-ID: <67fe68bc-5337-daa6-c150-1d0e334d309a@ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 841 bytes --]
This file does not have to be readable by anybody else than the user
running an OpenSSH server. While it does not really contain confidential
information, exposing it to the rest of the world makes no sense either.
This will silence a Lynis warning. :-)
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
---
lfs/openssh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lfs/openssh b/lfs/openssh
index 3117e996c..ced1a7db9 100644
--- a/lfs/openssh
+++ b/lfs/openssh
@@ -84,7 +84,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
cd $(DIR_APP) && make install
# install custom OpenSSH server configuration
- install -v -m 644 $(DIR_SRC)/config/ssh/sshd_config \
+ install -v -m 600 $(DIR_SRC)/config/ssh/sshd_config \
/etc/ssh/sshd_config
# install custom OpenSSH client configuration
--
2.26.2
reply other threads:[~2021-05-30 10:33 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=67fe68bc-5337-daa6-c150-1d0e334d309a@ipfire.org \
--to=peter.mueller@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox