Изменена логика добавления SSH drop-in

This commit is contained in:
deadcxap
2025-08-24 09:47:30 +03:00
parent 4d9039a081
commit 07df08daa7
+7 -7
View File
@@ -136,7 +136,7 @@ configure_ssh() {
base=\$(basename \"\$f\")
case \"\$base\" in
[0-9][0-9]-*.conf)
[[ \$base == 99-* ]] && mv \"\$f\" \"\${f%.conf}.disabled\"
[[ \$base == 00-* ]] && mv \"\$f\" \"\${f%.conf}.disabled\"
;;
*)
mv \"\$f\" \"\${f%.conf}.disabled\"
@@ -144,14 +144,14 @@ configure_ssh() {
esac
done
shopt -u nullglob
max=\$(find \"\$dir\" -maxdepth 1 -type f -name '[0-9][0-9]-*.conf' | sed -n 's#.*/\\([0-9][0-9]\\)-.*#\\1#p' | sort -n | tail -1)
if [ -z \"\$max\" ]; then
next=10
min=\$(find "\$dir" -maxdepth 1 -type f -name '[0-9][0-9]-*.conf' | sed -n 's#.*/\([0-9][0-9]\)-.*#\1#p' | sort -n | head -1)
if [ -z "\$min" ]; then
next=0
else
next=\$((10#\$max + 10))
[ \"\$next\" -gt 99 ] && next=99
next=\$((10#\$min - 10))
[ "\$next" -lt 0 ] && next=0
fi
newfile=\$(printf '%s/%02d-hardening.conf' \"\$dir\" \"\$next\")
newfile=\$(printf '%s/%02d-hardening.conf' "\$dir" "\$next")
printf \"%s\n\" 'PasswordAuthentication no' 'PermitRootLogin no' 'KbdInteractiveAuthentication no' > \"\$newfile\"
chown root:root \"\$newfile\"
chmod 0644 \"\$newfile\"