diff options
author | davidovski <david@davidovski.xyz> | 2022-01-18 17:51:07 +0000 |
---|---|---|
committer | davidovski <david@davidovski.xyz> | 2022-01-18 17:51:07 +0000 |
commit | c807eae95eb95c23d7e9e71b91a87ee99fa8401d (patch) | |
tree | 3a06ffc89e204cff95ae6e588cc5623d36835bc6 /repo | |
parent | d8828742cf655dc97610ce59ebfab238f16fe7f5 (diff) |
added postinstall configs for shadow and pam
Diffstat (limited to 'repo')
-rw-r--r-- | repo/system/pam.xibuild | 6 | ||||
-rw-r--r-- | repo/system/shadow.xibuild | 137 |
2 files changed, 140 insertions, 3 deletions
diff --git a/repo/system/pam.xibuild b/repo/system/pam.xibuild index 03e5a53..2fccf4e 100644 --- a/repo/system/pam.xibuild +++ b/repo/system/pam.xibuild @@ -31,8 +31,8 @@ package () { postinstall () { - install -vdm755 /etc/pam.d && - cat > /etc/pam.d/system-account << "EOF" && + install -vdm755 /etc/pam.d + cat > /etc/pam.d/system-account << "EOF" # Begin /etc/pam.d/system-account account required pam_unix.so @@ -40,7 +40,7 @@ account required pam_unix.so # End /etc/pam.d/system-account EOF - cat > /etc/pam.d/system-auth << "EOF" && + cat > /etc/pam.d/system-auth << "EOF" # Begin /etc/pam.d/system-auth auth required pam_unix.so diff --git a/repo/system/shadow.xibuild b/repo/system/shadow.xibuild index 534707a..eabbd3f 100644 --- a/repo/system/shadow.xibuild +++ b/repo/system/shadow.xibuild @@ -36,3 +36,140 @@ package () { make DESTDIR=$PKG_DEST -C man install-man mkdir -p $PKG_DEST/etc/default } + +postinstall () { + install -v -m644 /etc/login.defs /etc/login.defs.orig && + for FUNCTION in FAIL_DELAY \ + FAILLOG_ENAB \ + LASTLOG_ENAB \ + MAIL_CHECK_ENAB \ + OBSCURE_CHECKS_ENAB \ + PORTTIME_CHECKS_ENAB \ + QUOTAS_ENAB \ + CONSOLE MOTD_FILE \ + FTMP_FILE NOLOGINS_FILE \ + ENV_HZ PASS_MIN_LEN \ + SU_WHEEL_ONLY \ + CRACKLIB_DICTPATH \ + PASS_CHANGE_TRIES \ + PASS_ALWAYS_WARN \ + CHFN_AUTH ENCRYPT_METHOD \ + ENVIRON_FILE + do + sed -i "s/^${FUNCTION}/# &/" /etc/login.defs + done + + cat > /etc/pam.d/login << "EOF" +# Begin /etc/pam.d/login + +# Set failure delay before next prompt to 3 seconds +auth optional pam_faildelay.so delay=3000000 + +# Check to make sure that the user is allowed to login +auth requisite pam_nologin.so + +# Check to make sure that root is allowed to login +# Disabled by default. You will need to create /etc/securetty +# file for this module to function. See man 5 securetty. +#auth required pam_securetty.so + +# Additional group memberships - disabled by default +#auth optional pam_group.so + +# include system auth settings +auth include system-auth + +# check access for the user +account required pam_access.so + +# include system account settings +account include system-account + +# Set default environment variables for the user +session required pam_env.so + +# Set resource limits for the user +session required pam_limits.so + +# Display date of last login - Disabled by default +#session optional pam_lastlog.so + +# Display the message of the day - Disabled by default +#session optional pam_motd.so + +# Check user's mail - Disabled by default +#session optional pam_mail.so standard quiet + +# include system session and password settings +session include system-session +password include system-password + +# End /etc/pam.d/login +EOF + + cat > /etc/pam.d/passwd << "EOF" +# Begin /etc/pam.d/passwd + +password include system-password + +# End /etc/pam.d/passwd +EOF + + cat > /etc/pam.d/su << "EOF" +# Begin /etc/pam.d/su + +# always allow root +auth sufficient pam_rootok.so + +# Allow users in the wheel group to execute su without a password +# disabled by default +#auth sufficient pam_wheel.so trust use_uid + +# include system auth settings +auth include system-auth + +# limit su to users in the wheel group +auth required pam_wheel.so use_uid + +# include system account settings +account include system-account + +# Set default environment variables for the service user +session required pam_env.so + +# include system session settings +session include system-session + +# End /etc/pam.d/su +EOF + + cat > /etc/pam.d/chpasswd << "EOF" +# Begin /etc/pam.d/chpasswd + +# always allow root +auth sufficient pam_rootok.so + +# include system auth and account settings +auth include system-auth +account include system-account +password include system-password + +# End /etc/pam.d/chpasswd +EOF + +sed -e s/chpasswd/newusers/ /etc/pam.d/chpasswd >/etc/pam.d/newusers + + cat > /etc/pam.d/chage << "EOF" +# Begin /etc/pam.d/chage + +# always allow root +auth sufficient pam_rootok.so + +# include system auth and account settings +auth include system-auth +account include system-account + +# End /etc/pam.d/chage +EOF + +} |