secure-sshd/sshd-service-setup.sh

raw link view readme
1 #+ we're locking this down pretty hard-- need to give this user sudo access via wheel lest we be stuck
2 useradd alloweduser01 -G wheel
3 echo "mypassword" | passwd alloweduser01 --stdin
4
5 yum install firewalld -y
6 systemctl start firewalld
7 systemctl enable firewalld
8 sed "s/\"22\"/\"2222\"/;s/>SSH</>SSH Alt.*/d" /usr/lib/firewalld/services/ssh.xml > /etc/firewalld/services/ssh-alt.xml
9 firewall-cmd --permanent --zone=public --add-interface=eth0
10 firewall-cmd --permanent --add-service=ssh-alt
11 firewall-cmd --reload
12
13 yum install setroubleshoot -y
14 semanage port -a -t ssh_port_t -p tcp 2222
15
16 sed -i.original "s/#Port 22/Port 2222/" /etc/ssh/sshd_config
17 sed -i "s/PasswordAuthentication.*/PasswordAuthentication yes/" /etc/ssh/sshd_config
18
19 cat >> /etc/ssh/sshd_config << EOF
20 AllowUsers alloweduser01
21 EOF
22
23 cat >> /etc/hosts.allow << EOF
24 sshd: 10.18.
25 EOF
26
27 cat >> /etc/hosts.deny << EOF
28 sshd: ALL
29 EOF
30
31 systemctl restart sshd
32