Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

[COOK-2000] Make mode of sshd_config a configurable option #12

Closed
wants to merge 1 commit into from

3 participants

elliotkendallUCSF Jesse Adams Seth Vargo
elliotkendallUCSF

http://tickets.opscode.com/browse/COOK-2000

The default recipe currently hard-codes mode 0644 for sshd_config. That doesn't agree with the default mode on some platforms (RedHat, others?), and I'm being asked to comply with the CIS benchmark which calls for mode 0600.

This trivial patch adds a config_mode attribute which defaults to 0600 on RHEL/Fedora and 0644 elsewhere, but can be overridden as desired.

Jesse Adams

@elliotkendallUCSF - I marked the ticket as "Fix Provided" so that it will go under Opscode's radar. Thanks for your contribution!

Seth Vargo
Owner

Merged in e4ef9b5

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Showing 1 unique commit by 1 author.

Dec 03, 2012
elliotkendallUCSF elliotkendallUCSF Make mode of sshd_config configurable, with reasonable platform-speci…
…fic defaults
bc98f61
This page is out of date. Refresh to see the latest.

Showing 2 changed files with 8 additions and 1 deletion. Show diff stats Hide diff stats

  1. +7 0 attributes/default.rb
  2. +1 1  recipes/default.rb
7 attributes/default.rb
@@ -37,6 +37,13 @@
37 37 "ssh"
38 38 end
39 39
  40 +default['openssh']['config_mode'] = case node['platform_family']
  41 + when "rhel", "fedora"
  42 + "0600"
  43 + else
  44 + "0644"
  45 + end
  46 +
40 47 # ssh config group
41 48 default['openssh']['client']['host'] = "*"
42 49 # default['openssh']['client']['forward_agent'] = "no"
2  recipes/default.rb
@@ -65,7 +65,7 @@ def listen_addr_for interface, type
65 65
66 66 template "/etc/ssh/sshd_config" do
67 67 source "sshd_config.erb"
68   - mode '0644'
  68 + mode node['openssh']['config_mode']
69 69 owner 'root'
70 70 group 'root'
71 71 variables(:settings => node['openssh']['server'])

Tip: You can add notes to lines in a file. Hover to the left of a line to make a note

Something went wrong with that request. Please try again.