From: dave kormann <davek@research.att.com>
Date: Mon, 16 Nov 2020 04:57:24 +0000 (-0500)
Subject: FIX: Compliance with Akraino security requirements
X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=commitdiff_plain;h=407c56bb4dab1eac542f37c5b0b25cb63133b2f0;hp=407c56bb4dab1eac542f37c5b0b25cb63133b2f0;p=ta%2Finfra-ansible.git

FIX: Compliance with Akraino security requirements

This change modifies the SSH and sysctl configurations to comply
with Akraino requirements.  Among the changes:

o Zeroize kernel pointer values in logs
o Allow only members of the 'cloudadmin' group to log in via SSH
o Limit active SSH sessions to 2 per user
o Configure USBGuard with a rudimentary set of permissions

Signed-off-by: dave kormann  <davek@research.att.com>
Change-Id: If52aa278b502f487091ed864b8e82acc7ff8f732
---