From a9fb87809eccdc7ea7736659ceec929a028761d4 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Peter=20M=C3=BCller?= <peter.mueller@ipfire.org>
Date: Sun, 30 May 2021 12:33:31 +0200
Subject: [PATCH] OpenSSH: restrict file permissions for sshd_config to 0600
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

This file does not have to be readable by anybody else than the user
running an OpenSSH server. While it does not really contain confidential
information, exposing it to the rest of the world makes no sense either.

This will silence a Lynis warning. :-)

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 lfs/openssh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lfs/openssh b/lfs/openssh
index 3117e996c9..ced1a7db97 100644
--- a/lfs/openssh
+++ b/lfs/openssh
@@ -84,7 +84,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	cd $(DIR_APP) && make install
 
 	# install custom OpenSSH server configuration
-	install -v -m 644 $(DIR_SRC)/config/ssh/sshd_config \
+	install -v -m 600 $(DIR_SRC)/config/ssh/sshd_config \
 		/etc/ssh/sshd_config
 
 	# install custom OpenSSH client configuration
-- 
2.39.5