Closed JGoutin closed 2 years ago
To disable devsec SSH hardening role changes, runs the following (Can be run from SSH without issue):
sudo dnf erase openssh-server openssh-clients -y
sudo dnf install openssh-server openssh-clients -y
sudo rm /etc/sysconfig/sshd.rpmsave /etc/ssh/sshd_config.rpmsave /etc/pam.d/sshd.rpmsave /etc/ssh/revoked_keys /etc/ssh/ssh_config.rpmsave /etc/ssh/moduli.rpmsave
sudo systemctl restart sshd
:warning: This should be done before upgrading to Fedora 34, because this hardening role may breaks sshd and make connexion impossible after update.
Then re-apply the "common" role.
Removed dev-sec roles for 2.0.0 milestone, with partial Fedora specific security hardening implemented.
Replace dev-sec roles Because:
Theses roles are great on Ubuntu and CentOS, but something more specific to Fedora is required.
So the idea is to progressively integrates some of the security changes directly in the "common"/"mysql"/"nginx" roles. Most of the changes should be optional and reversible.
Status: