From b7ba39bce9733b9512c351f3795b92dbfa31bfce Mon Sep 17 00:00:00 2001
From: NaeiKinDus <git@0x2a.ninja>
Date: Thu, 8 Aug 2024 00:00:00 +0000
Subject: [PATCH] feat(security): tightened files mode for ssh configuration
 and enabled ipv6 on ssh, along with an increase on max sessions from 3 to 5

---
 .../nullified/infrastructure/roles/security/tasks/main.yml  | 6 +++---
 .../roles/security/templates/openssh-server/sshd_config.j2  | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/collections/ansible_collections/nullified/infrastructure/roles/security/tasks/main.yml b/collections/ansible_collections/nullified/infrastructure/roles/security/tasks/main.yml
index df2d9c3..26e07dc 100644
--- a/collections/ansible_collections/nullified/infrastructure/roles/security/tasks/main.yml
+++ b/collections/ansible_collections/nullified/infrastructure/roles/security/tasks/main.yml
@@ -35,17 +35,17 @@
       ansible.builtin.template:
         src: ../templates/openssh-server/sshd_config.j2
         dest: /etc/ssh/sshd_config
-        mode: '0644'
+        mode: '0600'
     - name: '[ssh] ensure directories exist'
       ansible.builtin.file:
         path: /etc/ssh/sshd_config.d
         state: directory
-        mode: '0755'
+        mode: '0700'
     - name: '[ssh] setup sshd_config.d'
       ansible.builtin.template:
         src: ../templates/openssh-server/sshd_config.d/encryption.conf.j2
         dest: /etc/ssh/sshd_config.d/encryption.conf
-        mode: '0644'
+        mode: '0600'
     - name: '[ssh] remove low security keys'
       ansible.builtin.file:
         path: "/etc/ssh/{{ item }}"
diff --git a/collections/ansible_collections/nullified/infrastructure/roles/security/templates/openssh-server/sshd_config.j2 b/collections/ansible_collections/nullified/infrastructure/roles/security/templates/openssh-server/sshd_config.j2
index 1ee58bb..5ed7a8f 100644
--- a/collections/ansible_collections/nullified/infrastructure/roles/security/templates/openssh-server/sshd_config.j2
+++ b/collections/ansible_collections/nullified/infrastructure/roles/security/templates/openssh-server/sshd_config.j2
@@ -1,14 +1,14 @@
 AcceptEnv                       LANG LC_*
-AddressFamily                   inet
+AddressFamily                   any
 AllowAgentForwarding            no
 ChallengeResponseAuthentication no
 ClientAliveCountMax             2
 ClientAliveInterval             300
 HostKey                         /etc/ssh/ssh_host_ed25519_key
 IgnoreRhosts                    yes
-LogLevel                        VERBOSE
+LogLevel                        INFO
 MaxAuthTries                    3
-MaxSessions                     3
+MaxSessions                     5
 PermitEmptyPasswords            no
 PermitRootLogin                 no
 PrintMotd                       yes