Fix toml inputs:

- lock on idle - ntp-servers - allow users - allow groups - log-level(ssh) - max auth tries - max sessions - login grace time - client alive interval - client alive count max - auth timeout(priv-esc)
abhishekmj303 · Dec 20, 2023 · c168a52 · c168a52
1 parent 24e70e0
commit c168a52
Show file tree

Hide file tree

Showing 5 changed files with 54 additions and 54 deletions.
diff --git a/config/sampleconfig.toml b/config/sampleconfig.toml
@@ -33,7 +33,7 @@ mode = "complain" # enforce, complain
 [gdm] # GNOME Display Manager
 remove = false
 disable_user_list = true
-lock_on_idle = 100 # in seconds, 0 to disable
+lock_on_idle = {enable = true, value = 100} # in seconds, 0 to disable
 no_override_lockscreen = true
 disable_automount = false
 lock_automount = false
@@ -42,7 +42,7 @@ no_override_autorun = true
 
 [time-sync] # Time synchronization
 enable_ntp = true
-ntp_servers = [ "http://time-a-g.nist.gov/", "132.163.97.3", "http://time-d-b.nist.gov/"]
+ntp_servers = {enable = true, value = ["http://time-a-g.nist.gov/", "132.163.97.3", "http://time-d-b.nist.gov/"]}
 enable_ntp_user = true
 
 [services] # Services
@@ -90,9 +90,9 @@ enable_default_deny = true # Deny all traffic by default
 
 [ssh]
 configure_permissions = {sshd_config = true, private_host_key = true, public_host_key = true}
-allow_users = ["user1", "user2"]
-allow_groups = ["group1", "group2"]
-log_level = "VERBOSE" # INFO, VERBOSE
+allow_users = {enable = true, value = ["user1", "user2"]}
+allow_groups = {enable = true, value = ["group1", "group2"]}
+log_level = {enable = true, value = "VERBOSE"} # INFO, VERBOSE
 enable_pam = true
 disable_root_login = true
 disable_host_based_auth = true
@@ -105,17 +105,17 @@ enable_strong_mac_algorithms = true
 enable_strong_key_exchange_algorithms = true
 disable_tcp_forwarding = false
 configure_warning_banner = true
-max_auth_tries = 4
+max_auth_tries = {enable = true, value = 4}
 configure_max_startups = true
-max_sessions = 10
-login_grace_time = 60 # in seconds
-client_alive_interval = 300 # in seconds
-client_alive_count_max = 3
+max_sessions = {enable = true, value = 10}
+login_grace_time = {enable = true, value = 60} # in seconds
+client_alive_interval = {enable = true, value = 300} # in seconds
+client_alive_count_max = {enable = true, value = 3}
 
 [privilege_escalation] # Privilege Escalation
 use_pty = true
 enable_logfile = true
 disable_nopassword = false
 enable_reauthentication = true
-authentication_timeout = 15 # in minutes
+authentication_timeout = {enable = true, value = 15} # in minutes
 restrict_su = true
diff --git a/config/server/level-1.toml b/config/server/level-1.toml
@@ -33,7 +33,7 @@ mode = "complain" # enforce, complain
 [gdm] # GNOME Display Manager
 remove = false
 disable_user_list = true
-lock_on_idle = 100 # in seconds, 0 to disable
+lock_on_idle = {enable = true, value = 100} # in seconds, 0 to disable
 no_override_lockscreen = true
 disable_automount = true
 lock_automount = true
@@ -42,7 +42,7 @@ no_override_autorun = true
 
 [time-sync] # Time synchronization
 enable_ntp = true
-ntp_servers = [ "http://time-a-g.nist.gov/", "132.163.97.3", "http://time-d-b.nist.gov/"]
+ntp_servers = {enable = true, value = ["http://time-a-g.nist.gov/", "132.163.97.3", "http://time-d-b.nist.gov/"]}
 enable_ntp_user = true
 
 [services] # Services
@@ -90,9 +90,9 @@ enable_default_deny = true # Deny all traffic by default
 
 [ssh]
 configure_permissions = {sshd_config = true, private_host_key = true, public_host_key = true}
-allow_users = ["user1", "user2"]
-allow_groups = ["group1", "group2"]
-log_level = "VERBOSE" # INFO, VERBOSE
+allow_users = {enable = true, value = ["user1", "user2"]}
+allow_groups = {enable = true, value = ["group1", "group2"]}
+log_level = {enable = true, value = "VERBOSE"} # INFO, VERBOSE
 enable_pam = true
 disable_root_login = true
 disable_host_based_auth = true
@@ -105,17 +105,17 @@ enable_strong_mac_algorithms = true
 enable_strong_key_exchange_algorithms = true
 disable_tcp_forwarding = false
 configure_warning_banner = true
-max_auth_tries = 4
+max_auth_tries = {enable = true, value = 4}
 configure_max_startups = true
-max_sessions = 10
-login_grace_time = 60 # in seconds
-client_alive_interval = 300 # in seconds
-client_alive_count_max = 3
+max_sessions = {enable = true, value = 10}
+login_grace_time = {enable = true, value = 60} # in seconds
+client_alive_interval = {enable = true, value = 300} # in seconds
+client_alive_count_max = {enable = true, value = 3}
 
 [privilege_escalation] # Privilege Escalation
 use_pty = true
 enable_logfile = true
 disable_nopasswd = false
 enable_reauthentication = true
-authentication_timeout = 15 # in minutes
+authentication_timeout = {enable = true, value = 15} # in minutes
 restrict_su = true
diff --git a/config/server/level-2.toml b/config/server/level-2.toml
@@ -32,7 +32,7 @@ mode = "enforce" # enforce, complain
 [gdm] # GNOME Display Manager
 remove = true
 disable_user_list = true
-lock_on_idle = 100 # in seconds, 0 to disable
+lock_on_idle = {enable = true, value = 100} # in seconds, 0 to disable
 no_override_lockscreen = true
 disable_automount = true
 lock_automount = true
@@ -41,7 +41,7 @@ no_override_autorun = true
 
 [time-sync] # Time synchronization
 enable_ntp = true
-ntp_servers = [ "http://time-a-g.nist.gov/", "132.163.97.3", "http://time-d-b.nist.gov/"]
+ntp_servers = {enable = true, value = ["http://time-a-g.nist.gov/", "132.163.97.3", "http://time-d-b.nist.gov/"]}
 enable_ntp_user = true
 
 [services] # Services
@@ -89,9 +89,9 @@ enable_default_deny = true # Deny all traffic by default
 
 [ssh]
 configure_permissions = {sshd_config = true, private_host_key = true, public_host_key = true}
-allow_users = ["user1", "user2"]
-allow_groups = ["group1", "group2"]
-log_level = "VERBOSE" # INFO, VERBOSE
+allow_users = {enable = true, value = ["user1", "user2"]}
+allow_groups = {enable = true, value = ["group1", "group2"]}
+log_level = {enable = true, value = "VERBOSE"} # INFO, VERBOSE
 enable_pam = true
 disable_root_login = true
 disable_host_based_auth = true
@@ -104,17 +104,17 @@ enable_strong_mac_algorithms = true
 enable_strong_key_exchange_algorithms = true
 disable_tcp_forwarding = true
 configure_warning_banner = true
-max_auth_tries = 4
+max_auth_tries = {enable = true, value = 4}
 configure_max_startups = true
-max_sessions = 10
-login_grace_time = 60 # in seconds
-client_alive_interval = 45 # in seconds
-client_alive_count_max = 3
+max_sessions = {enable = true, value = 10}
+login_grace_time = {enable = true, value = 60} # in seconds
+client_alive_interval = {enable = true, value = 300} # in seconds
+client_alive_count_max = {enable = true, value = 3}
 
 [privilege_escalation] # Privilege Escalation
 use_pty = true
 enable_logfile = true
 disable_nopasswd = false
 enable_reauthentication = true
-authentication_timeout = 15 # in minutes
+authentication_timeout = {enable = true, value = 15} # in minutes
 restrict_su = true
diff --git a/config/workstation/level-1.toml b/config/workstation/level-1.toml
@@ -33,7 +33,7 @@ mode = "complain" # enforce, complain
 [gdm] # GNOME Display Manager
 remove = false
 disable_user_list = true
-lock_on_idle = 100 # in seconds, 0 to disable
+lock_on_idle = {enable = true, value = 100} # in seconds, 0 to disable
 no_override_lockscreen = true
 disable_automount = false
 lock_automount = false
@@ -42,7 +42,7 @@ no_override_autorun = true
 
 [time-sync] # Time synchronization
 enable_ntp = true
-ntp_servers = [ "http://time-a-g.nist.gov/", "132.163.97.3", "http://time-d-b.nist.gov/"]
+ntp_servers = {enable = true, value = ["http://time-a-g.nist.gov/", "132.163.97.3", "http://time-d-b.nist.gov/"]}
 enable_ntp_user = true
 
 [services] # Services
@@ -90,9 +90,9 @@ enable_default_deny = true # Deny all traffic by default
 
 [ssh]
 configure_permissions = {sshd_config = true, private_host_key = true, public_host_key = true}
-allow_users = ["user1", "user2"]
-allow_groups = ["group1", "group2"]
-log_level = "VERBOSE" # INFO, VERBOSE
+allow_users = {enable = true, value = ["user1", "user2"]}
+allow_groups = {enable = true, value = ["group1", "group2"]}
+log_level = {enable = true, value = "VERBOSE"} # INFO, VERBOSE
 enable_pam = true
 disable_root_login = true
 disable_host_based_auth = true
@@ -105,17 +105,17 @@ enable_strong_mac_algorithms = true
 enable_strong_key_exchange_algorithms = true
 disable_tcp_forwarding = false
 configure_warning_banner = true
-max_auth_tries = 4
+max_auth_tries = {enable = true, value = 4}
 configure_max_startups = true
-max_sessions = 10
-login_grace_time = 60 # in seconds
+max_sessions = {enable = true, value = 10}
+login_grace_time = {enable = true, value = 60} # in seconds
 client_alive_interval = 300 # in seconds
-client_alive_count_max = 3
+client_alive_count_max = {enable = true, value = 3}
 
 [privilege_escalation] # Privilege Escalation
 use_pty = true
 enable_logfile = true
 disable_nopasswd = false
 enable_reauthentication = true
-authentication_timeout = 15 # in minutes
+authentication_timeout = {enable = true, value = 15} # in minutes
 restrict_su = true
diff --git a/config/workstation/level-2.toml b/config/workstation/level-2.toml
@@ -32,7 +32,7 @@ mode = "enforce" # enforce, complain
 [gdm] # GNOME Display Manager
 remove = false
 disable_user_list = true
-lock_on_idle = 100 # in seconds, 0 to disable
+lock_on_idle = {enable = true, value = 100} # in seconds, 0 to disable
 no_override_lockscreen = true
 disable_automount = false
 lock_automount = false
@@ -41,7 +41,7 @@ no_override_autorun = true
 
 [time-sync] # Time synchronization
 enable_ntp = true
-ntp_servers = [ "http://time-a-g.nist.gov/", "132.163.97.3", "http://time-d-b.nist.gov/"]
+ntp_servers = {enable = true, value = ["http://time-a-g.nist.gov/", "132.163.97.3", "http://time-d-b.nist.gov/"]}
 enable_ntp_user = true
 
 [services] # Services
@@ -89,9 +89,9 @@ enable_default_deny = true # Deny all traffic by default
 
 [ssh]
 configure_permissions = {sshd_config = true, private_host_key = true, public_host_key = true}
-allow_users = ["user1", "user2"]
-allow_groups = ["group1", "group2"]
-log_level = "VERBOSE" # INFO, VERBOSE
+allow_users = {enable = true, value = ["user1", "user2"]}
+allow_groups = {enable = true, value = ["group1", "group2"]}
+log_level = {enable = true, value = "VERBOSE"} # INFO, VERBOSE
 enable_pam = true
 disable_root_login = true
 disable_host_based_auth = true
@@ -104,17 +104,17 @@ enable_strong_mac_algorithms = true
 enable_strong_key_exchange_algorithms = true
 disable_tcp_forwarding = true
 configure_warning_banner = true
-max_auth_tries = 4
+max_auth_tries = {enable = true, value = 4}
 configure_max_startups = true
-max_sessions = 10
-login_grace_time = 60 # in seconds
-client_alive_interval = 45 # in seconds
-client_alive_count_max = 3
+max_sessions = {enable = true, value = 10}
+login_grace_time = {enable = true, value = 60} # in seconds
+client_alive_interval = {enable = true, value = 300} # in seconds
+client_alive_count_max = {enable = true, value = 3}
 
 [privilege_escalation] # Privilege Escalation
 use_pty = true
 enable_logfile = true
 disable_nopasswd = false
 enable_reauthentication = true
-authentication_timeout = 15 # in minutes
+authentication_timeout = {enable = true, value = 15} # in minutes
 restrict_su = true