From 74e3707f64f7ab6975f0ffe11f0fd5d243eea4ea Mon Sep 17 00:00:00 2001
From: Tulili <tulilirockz.pub+git@gmail.com>
Date: Thu, 27 Jul 2023 00:30:02 -0300
Subject: [PATCH] feat: some ssh hardening

---
 scripts/post/ubuntu-session-gdm.sh       | 3 ---
 usr/etc/ssh/ssh_config.d/60-harden.conf  | 3 +++
 usr/etc/ssh/sshd_config.d/60-harden.conf | 5 +++++
 3 files changed, 8 insertions(+), 3 deletions(-)
 delete mode 100644 scripts/post/ubuntu-session-gdm.sh
 create mode 100644 usr/etc/ssh/ssh_config.d/60-harden.conf
 create mode 100644 usr/etc/ssh/sshd_config.d/60-harden.conf

diff --git a/scripts/post/ubuntu-session-gdm.sh b/scripts/post/ubuntu-session-gdm.sh
deleted file mode 100644
index 2bdfc83d19..0000000000
--- a/scripts/post/ubuntu-session-gdm.sh
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/sh
-
-printf "[daemon]\nDefaultSession=Ubuntu\n" | sudo tee -a /etc/gdm/custom.conf
\ No newline at end of file
diff --git a/usr/etc/ssh/ssh_config.d/60-harden.conf b/usr/etc/ssh/ssh_config.d/60-harden.conf
new file mode 100644
index 0000000000..8ba31e5246
--- /dev/null
+++ b/usr/etc/ssh/ssh_config.d/60-harden.conf
@@ -0,0 +1,3 @@
+ServerAliveInterval 60
+ServerAliveCountMax 10
+TCPKeepAlive no
diff --git a/usr/etc/ssh/sshd_config.d/60-harden.conf b/usr/etc/ssh/sshd_config.d/60-harden.conf
new file mode 100644
index 0000000000..512889cccf
--- /dev/null
+++ b/usr/etc/ssh/sshd_config.d/60-harden.conf
@@ -0,0 +1,5 @@
+LoginGraceTime 15s
+MaxAuthTries 3
+AllowAgentForwarding no
+PrintMotd yes
+TCPKeepAlive no