Merge "alphabet-compliance: Change password hashing algorithm to sha512" into main-R93
diff --git a/alphabet-compliance/scripts/3220-ensure-ICMP-redirects-not-accepted.sh b/alphabet-compliance/scripts/3220-ensure-ICMP-redirects-not-accepted.sh
new file mode 100644
index 0000000..d6ef92c
--- /dev/null
+++ b/alphabet-compliance/scripts/3220-ensure-ICMP-redirects-not-accepted.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+## Section: 3.2.2 Ensure ICMP redirects are not accepted ##
+sysctl -w net.ipv6.conf.all.accept_redirects=0
+sysctl -w net.ipv6.conf.default.accept_redirects=0
+sysctl -w net.ipv6.route.flush=1
diff --git a/alphabet-compliance/scripts/5270-configure-ssh-MaxAuthTries.sh b/alphabet-compliance/scripts/5270-configure-ssh-MaxAuthTries.sh
new file mode 100644
index 0000000..2340727
--- /dev/null
+++ b/alphabet-compliance/scripts/5270-configure-ssh-MaxAuthTries.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+## Section: 5.2.7 Ensure SSH MaxAuthTries is set to 4 or less ##
+echo "MaxAuthTries 4" >> /etc/ssh/sshd_config