Lightemerald/linux-scripts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

adding rngd

Browse Source
This commit is contained in:
Lightemerald
2025-12-12 21:32:48 +01:00
parent a4dd702474
commit ef4f6cd2b3
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
arch-hardening.sh
View File

@@ -250,6 +250,10 @@ sudo pacman -S --noconfirm --needed arch-audit
sudo chmod 600 /etc/ssh/sshd_config sudo chmod 600 /etc/ssh/sshd_config
sudo chmod 700 /etc/cron.hourly sudo chmod 700 /etc/cron.hourly
# [CRYP-8004] Presence of hardware random number generator
sudo pacman -S --noconfirm --needed rng-tools
sudo systemctl enable --now rngd
# [AUTH-9230] Ensure password hashing algorithm is set to YESCRYPT and hashing rounds to minimum of 5000 and maximum of 5000000 # [AUTH-9230] Ensure password hashing algorithm is set to YESCRYPT and hashing rounds to minimum of 5000 and maximum of 5000000
sudo sed -i 's/^ENCRYPT_METHOD .*/ENCRYPT_METHOD YESCRYPT/' /etc/login.defs sudo sed -i 's/^ENCRYPT_METHOD .*/ENCRYPT_METHOD YESCRYPT/' /etc/login.defs
sudo sed -i 's/^#SHA_CRYPT_MIN_ROUNDS .*/SHA_CRYPT_MIN_ROUNDS 5000/' /etc/login.defs sudo sed -i 's/^#SHA_CRYPT_MIN_ROUNDS .*/SHA_CRYPT_MIN_ROUNDS 5000/' /etc/login.defs