Merge "alphabet-compliance: Update the README" into release-R93
diff --git a/alphabet-compliance/scripts/3220-ensure-ICMP-redirects-not-accepted.sh b/alphabet-compliance/scripts/3220-ensure-ICMP-redirects-not-accepted.sh
new file mode 100644
index 0000000..d6ef92c
--- /dev/null
+++ b/alphabet-compliance/scripts/3220-ensure-ICMP-redirects-not-accepted.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+## Section: 3.2.2 Ensure ICMP redirects are not accepted ##
+sysctl -w net.ipv6.conf.all.accept_redirects=0
+sysctl -w net.ipv6.conf.default.accept_redirects=0
+sysctl -w net.ipv6.route.flush=1
diff --git a/alphabet-compliance/scripts/5270-configure-ssh-MaxAuthTries.sh b/alphabet-compliance/scripts/5270-configure-ssh-MaxAuthTries.sh
new file mode 100644
index 0000000..2340727
--- /dev/null
+++ b/alphabet-compliance/scripts/5270-configure-ssh-MaxAuthTries.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+## Section: 5.2.7 Ensure SSH MaxAuthTries is set to 4 or less ##
+echo "MaxAuthTries 4" >> /etc/ssh/sshd_config
diff --git a/alphabet-compliance/scripts/5340-set-password-hashing-algorithm.sh b/alphabet-compliance/scripts/5340-set-password-hashing-algorithm.sh
index e7da5fb..4ac3a37 100644
--- a/alphabet-compliance/scripts/5340-set-password-hashing-algorithm.sh
+++ b/alphabet-compliance/scripts/5340-set-password-hashing-algorithm.sh
@@ -14,4 +14,4 @@
 # limitations under the License.
 
 ## Section: 5.3.4 Ensure password hashing algorithm is SHA-512 (Not Scored) ##
-sed -i '/password/s/md5/sha2/' /etc/pam.d/system-auth
+sed -i '/password/s/md5/sha512/' /etc/pam.d/system-auth