diff --git a/src/main/kotlin/org/domaindrivenarchitecture/provs/server/infrastructure/ssh.kt b/src/main/kotlin/org/domaindrivenarchitecture/provs/server/infrastructure/ssh.kt index 9c0f361..e1f2203 100644 --- a/src/main/kotlin/org/domaindrivenarchitecture/provs/server/infrastructure/ssh.kt +++ b/src/main/kotlin/org/domaindrivenarchitecture/provs/server/infrastructure/ssh.kt @@ -6,7 +6,9 @@ import org.domaindrivenarchitecture.provs.framework.ubuntu.filesystem.base.check import org.domaindrivenarchitecture.provs.framework.ubuntu.filesystem.base.createFileFromResource import org.domaindrivenarchitecture.provs.framework.ubuntu.install.base.isPackageInstalled +val pathSshConfig = "/etc/ssh/ssh_config" val pathSshdConfig = "/etc/ssh/sshd_config" +val pathSshdHardeningConfig = "/etc/ssh/sshd_config.d/sshd_hardening.conf" val packageNameSshServer = "openssh-server" val resourcePathSsh = "org/domaindrivenarchitecture/provs/server/infrastructure/ssh/" @@ -14,14 +16,34 @@ fun Prov.isSshdConfigExisting(): Boolean { return checkFile(pathSshdConfig) } -fun Prov.configureSshd() = task { - if(isSshdConfigExisting() && isPackageInstalled(packageNameSshServer)) { +fun Prov.isSshConfigExisting(): Boolean { + return checkFile(pathSshConfig) +} + +fun Prov.isSshdHardeningConfigExisting(): Boolean { + return checkFile(pathSshdHardeningConfig) +} + +fun Prov.configureSsh() = task { + if(isSshdConfigExisting() && isSshConfigExisting() && isSshdHardeningConfigExisting() && isPackageInstalled(packageNameSshServer)) { + createFileFromResource( + pathSshConfig, + "ssh_config", + resourcePathSsh, + "644", + true) createFileFromResource( pathSshdConfig, "sshd_config", resourcePathSsh, "644", true) + createFileFromResource( + pathSshdHardeningConfig, + "sshd_hardening.conf", + resourcePathSsh, + "644", + true) cmd("service ssh restart", sudo = true) } else { ProvResult(false)