summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordavidovski <david@davidovski.xyz>2022-01-18 17:51:07 +0000
committerdavidovski <david@davidovski.xyz>2022-01-18 17:51:07 +0000
commitc807eae95eb95c23d7e9e71b91a87ee99fa8401d (patch)
tree3a06ffc89e204cff95ae6e588cc5623d36835bc6
parentd8828742cf655dc97610ce59ebfab238f16fe7f5 (diff)
added postinstall configs for shadow and pam
-rw-r--r--repo/system/pam.xibuild6
-rw-r--r--repo/system/shadow.xibuild137
2 files changed, 140 insertions, 3 deletions
diff --git a/repo/system/pam.xibuild b/repo/system/pam.xibuild
index 03e5a53..2fccf4e 100644
--- a/repo/system/pam.xibuild
+++ b/repo/system/pam.xibuild
@@ -31,8 +31,8 @@ package () {
postinstall () {
- install -vdm755 /etc/pam.d &&
- cat > /etc/pam.d/system-account << "EOF" &&
+ install -vdm755 /etc/pam.d
+ cat > /etc/pam.d/system-account << "EOF"
# Begin /etc/pam.d/system-account
account required pam_unix.so
@@ -40,7 +40,7 @@ account required pam_unix.so
# End /etc/pam.d/system-account
EOF
- cat > /etc/pam.d/system-auth << "EOF" &&
+ cat > /etc/pam.d/system-auth << "EOF"
# Begin /etc/pam.d/system-auth
auth required pam_unix.so
diff --git a/repo/system/shadow.xibuild b/repo/system/shadow.xibuild
index 534707a..eabbd3f 100644
--- a/repo/system/shadow.xibuild
+++ b/repo/system/shadow.xibuild
@@ -36,3 +36,140 @@ package () {
make DESTDIR=$PKG_DEST -C man install-man
mkdir -p $PKG_DEST/etc/default
}
+
+postinstall () {
+ install -v -m644 /etc/login.defs /etc/login.defs.orig &&
+ for FUNCTION in FAIL_DELAY \
+ FAILLOG_ENAB \
+ LASTLOG_ENAB \
+ MAIL_CHECK_ENAB \
+ OBSCURE_CHECKS_ENAB \
+ PORTTIME_CHECKS_ENAB \
+ QUOTAS_ENAB \
+ CONSOLE MOTD_FILE \
+ FTMP_FILE NOLOGINS_FILE \
+ ENV_HZ PASS_MIN_LEN \
+ SU_WHEEL_ONLY \
+ CRACKLIB_DICTPATH \
+ PASS_CHANGE_TRIES \
+ PASS_ALWAYS_WARN \
+ CHFN_AUTH ENCRYPT_METHOD \
+ ENVIRON_FILE
+ do
+ sed -i "s/^${FUNCTION}/# &/" /etc/login.defs
+ done
+
+ cat > /etc/pam.d/login << "EOF"
+# Begin /etc/pam.d/login
+
+# Set failure delay before next prompt to 3 seconds
+auth optional pam_faildelay.so delay=3000000
+
+# Check to make sure that the user is allowed to login
+auth requisite pam_nologin.so
+
+# Check to make sure that root is allowed to login
+# Disabled by default. You will need to create /etc/securetty
+# file for this module to function. See man 5 securetty.
+#auth required pam_securetty.so
+
+# Additional group memberships - disabled by default
+#auth optional pam_group.so
+
+# include system auth settings
+auth include system-auth
+
+# check access for the user
+account required pam_access.so
+
+# include system account settings
+account include system-account
+
+# Set default environment variables for the user
+session required pam_env.so
+
+# Set resource limits for the user
+session required pam_limits.so
+
+# Display date of last login - Disabled by default
+#session optional pam_lastlog.so
+
+# Display the message of the day - Disabled by default
+#session optional pam_motd.so
+
+# Check user's mail - Disabled by default
+#session optional pam_mail.so standard quiet
+
+# include system session and password settings
+session include system-session
+password include system-password
+
+# End /etc/pam.d/login
+EOF
+
+ cat > /etc/pam.d/passwd << "EOF"
+# Begin /etc/pam.d/passwd
+
+password include system-password
+
+# End /etc/pam.d/passwd
+EOF
+
+ cat > /etc/pam.d/su << "EOF"
+# Begin /etc/pam.d/su
+
+# always allow root
+auth sufficient pam_rootok.so
+
+# Allow users in the wheel group to execute su without a password
+# disabled by default
+#auth sufficient pam_wheel.so trust use_uid
+
+# include system auth settings
+auth include system-auth
+
+# limit su to users in the wheel group
+auth required pam_wheel.so use_uid
+
+# include system account settings
+account include system-account
+
+# Set default environment variables for the service user
+session required pam_env.so
+
+# include system session settings
+session include system-session
+
+# End /etc/pam.d/su
+EOF
+
+ cat > /etc/pam.d/chpasswd << "EOF"
+# Begin /etc/pam.d/chpasswd
+
+# always allow root
+auth sufficient pam_rootok.so
+
+# include system auth and account settings
+auth include system-auth
+account include system-account
+password include system-password
+
+# End /etc/pam.d/chpasswd
+EOF
+
+sed -e s/chpasswd/newusers/ /etc/pam.d/chpasswd >/etc/pam.d/newusers
+
+ cat > /etc/pam.d/chage << "EOF"
+# Begin /etc/pam.d/chage
+
+# always allow root
+auth sufficient pam_rootok.so
+
+# include system auth and account settings
+auth include system-auth
+account include system-account
+
+# End /etc/pam.d/chage
+EOF
+
+}