external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-04-21 03:02:09 +00:00
Code Issues Releases Wiki Activity

only enabled recommended MAC and ciphers per research. Added this after it was revealed via OpenVAS

Browse Source
This commit is contained in:
ChiefGyk 2016-07-14 19:36:11 -04:00
parent 82903cd09e
commit 6b6bda520a
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
setup/system.sh
View File

@ -219,6 +219,11 @@ APT::Periodic::Unattended-Upgrade "1";
APT::Periodic::Verbose "1"; APT::Periodic::Verbose "1";
EOF EOF
# Harden SSH and disable weak ciphers
echo "Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128" >> /etc/ssh/sshd_config
echo "MACs hmac-sha1,umac-64@openssh.com,hmac-ripemd160" >> /etc/ssh/sshd_config
# ### Firewall # ### Firewall
# Various virtualized environments like Docker and some VPSs don't provide #NODOC # Various virtualized environments like Docker and some VPSs don't provide #NODOC
@ -298,3 +303,4 @@ cat conf/fail2ban/jail.local \
cp conf/fail2ban/dovecotimap.conf /etc/fail2ban/filter.d/dovecotimap.conf cp conf/fail2ban/dovecotimap.conf /etc/fail2ban/filter.d/dovecotimap.conf
restart_service fail2ban restart_service fail2ban