Skip to content

Commit

Permalink
Make sshd_config mode 600 for rhel systems (chr4-cookbooks#18)
Browse files Browse the repository at this point in the history 
* make sshd_config mode 600 for rhel systems

* bump version

* change attribute name to sshd_config_mode, and undo version bump
  • Loading branch information
@er0 @chr4
er0 authored and chr4 committed Aug 17, 2017
1 parent dec9c0d commit 196e035
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 1 deletion.
9 changes: 9 additions & 0 deletions attributes/default.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,15 @@
'GSSAPIAuthentication' => 'no'
}

# sshd_config permissions
default['sshd']['sshd_config_mode'] =
case node['platform_family']
when 'debian', 'mac_os_x'
'0o644'
when 'rhel', 'fedora'
'0o600'
end

# Initialize sftp subsystem
default['sshd']['sshd_config']['Subsystem'] =
case node['platform_family']
Expand Down
2 changes: 1 addition & 1 deletion definitions/openssh_server.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ class Chef::Recipe
template filename do
owner 'root'
group node['root_group']
mode 0o644
mode node['sshd']['sshd_config_mode']
cookbook cookbook
source source
variables config: sshd_config
Expand Down

0 comments on commit 196e035

Please sign in to comment.