Differences

This shows you the differences between two versions of the page.

--- hardening_enterprise_filefabric [2019_01_23 14:05] – kamran
+++ hardening-enterprise-filefabric [2019_04_11 16:30] – [SSH Settings EFF Version <= 1901] steven
@@ Line 44: / Line 44: @@
 </code>
-===== SSH Settings =====
+===== SSH Settings EFF Version <= 1901 =====
-This is only required for EFF instances that were initially deployed as > 1901, that are configured with a low security cipher. Please make the following changes.
+This is only required for EFF instances that were initially deployed before 1901, that are configured with a low security cipher. Please make the following changes.
 As the root user edit the following file with the vi or nano editors:
@@ Line 58: / Line 57: @@
 </code>
-with
+with these 3 lines
 <code>
+KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
 Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
+MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
+</code>
+After saving the file restart sshd service
+<code>
+systemctl restart sshd
 </code>
@@ Line 75: / Line 84: @@
 </code>
-=====  Remove Apache HTTPD server Configuration =====
+=====  Remove Apache HTTPD server Configuration EFF version <= 1901 =====
 The icons directory is listed , this is not a security risk but some scanning tools can mark it as security risk.