added postinstall configs for shadow and pam

author: davidovski <david@davidovski.xyz> 2022-01-18 17:51:07 +0000
committer: davidovski <david@davidovski.xyz> 2022-01-18 17:51:07 +0000
commit: c807eae95eb95c23d7e9e71b91a87ee99fa8401d (patch)
tree: 3a06ffc89e204cff95ae6e588cc5623d36835bc6 /repo
parent: d8828742cf655dc97610ce59ebfab238f16fe7f5 (diff)
2 files changed, 140 insertions, 3 deletions
diff --git a/repo/system/pam.xibuild b/repo/system/pam.xibuild
index 03e5a53..2fccf4e 100644
--- a/repo/system/pam.xibuild
+++ b/repo/system/pam.xibuild
@@ -31,8 +31,8 @@ package () {
 
 postinstall () {
 
-    install -vdm755 /etc/pam.d &&
-    cat > /etc/pam.d/system-account << "EOF" &&
+    install -vdm755 /etc/pam.d 
+    cat > /etc/pam.d/system-account << "EOF" 
 # Begin /etc/pam.d/system-account
 
 account   required    pam_unix.so
@@ -40,7 +40,7 @@ account   required    pam_unix.so
 # End /etc/pam.d/system-account
 EOF
 
-    cat > /etc/pam.d/system-auth << "EOF" &&
+    cat > /etc/pam.d/system-auth << "EOF" 
 # Begin /etc/pam.d/system-auth
 
 auth      required    pam_unix.so
diff --git a/repo/system/shadow.xibuild b/repo/system/shadow.xibuild
index 534707a..eabbd3f 100644
--- a/repo/system/shadow.xibuild
+++ b/repo/system/shadow.xibuild
@@ -36,3 +36,140 @@ package () {
     make DESTDIR=$PKG_DEST -C man install-man
     mkdir -p $PKG_DEST/etc/default
 }
+
+postinstall () {
+    install -v -m644 /etc/login.defs /etc/login.defs.orig &&
+    for FUNCTION in FAIL_DELAY               \
+                    FAILLOG_ENAB             \
+                    LASTLOG_ENAB             \
+                    MAIL_CHECK_ENAB          \
+                    OBSCURE_CHECKS_ENAB      \
+                    PORTTIME_CHECKS_ENAB     \
+                    QUOTAS_ENAB              \
+                    CONSOLE MOTD_FILE        \
+                    FTMP_FILE NOLOGINS_FILE  \
+                    ENV_HZ PASS_MIN_LEN      \
+                    SU_WHEEL_ONLY            \
+                    CRACKLIB_DICTPATH        \
+                    PASS_CHANGE_TRIES        \
+                    PASS_ALWAYS_WARN         \
+                    CHFN_AUTH ENCRYPT_METHOD \
+                    ENVIRON_FILE
+    do
+        sed -i "s/^${FUNCTION}/# &/" /etc/login.defs
+    done
+
+    cat > /etc/pam.d/login << "EOF"
+# Begin /etc/pam.d/login
+
+# Set failure delay before next prompt to 3 seconds
+auth      optional    pam_faildelay.so  delay=3000000
+
+# Check to make sure that the user is allowed to login
+auth      requisite   pam_nologin.so
+
+# Check to make sure that root is allowed to login
+# Disabled by default. You will need to create /etc/securetty
+# file for this module to function. See man 5 securetty.
+#auth      required    pam_securetty.so
+
+# Additional group memberships - disabled by default
+#auth      optional    pam_group.so
+
+# include system auth settings
+auth      include     system-auth
+
+# check access for the user
+account   required    pam_access.so
+
+# include system account settings
+account   include     system-account
+
+# Set default environment variables for the user
+session   required    pam_env.so
+
+# Set resource limits for the user
+session   required    pam_limits.so
+
+# Display date of last login - Disabled by default
+#session   optional    pam_lastlog.so
+
+# Display the message of the day - Disabled by default
+#session   optional    pam_motd.so
+
+# Check user's mail - Disabled by default
+#session   optional    pam_mail.so      standard quiet
+
+# include system session and password settings
+session   include     system-session
+password  include     system-password
+
+# End /etc/pam.d/login
+EOF
+
+    cat > /etc/pam.d/passwd << "EOF"
+# Begin /etc/pam.d/passwd
+
+password  include     system-password
+
+# End /etc/pam.d/passwd
+EOF
+
+    cat > /etc/pam.d/su << "EOF"
+# Begin /etc/pam.d/su
+
+# always allow root
+auth      sufficient  pam_rootok.so
+
+# Allow users in the wheel group to execute su without a password
+# disabled by default
+#auth      sufficient  pam_wheel.so trust use_uid
+
+# include system auth settings
+auth      include     system-auth
+
+# limit su to users in the wheel group
+auth      required    pam_wheel.so use_uid
+
+# include system account settings
+account   include     system-account
+
+# Set default environment variables for the service user
+session   required    pam_env.so
+
+# include system session settings
+session   include     system-session
+
+# End /etc/pam.d/su
+EOF
+
+    cat > /etc/pam.d/chpasswd << "EOF"
+# Begin /etc/pam.d/chpasswd
+
+# always allow root
+auth      sufficient  pam_rootok.so
+
+# include system auth and account settings
+auth      include     system-auth
+account   include     system-account
+password  include     system-password
+
+# End /etc/pam.d/chpasswd
+EOF
+
+sed -e s/chpasswd/newusers/ /etc/pam.d/chpasswd >/etc/pam.d/newusers
+
+    cat > /etc/pam.d/chage << "EOF"
+# Begin /etc/pam.d/chage
+
+# always allow root
+auth      sufficient  pam_rootok.so
+
+# include system auth and account settings
+auth      include     system-auth
+account   include     system-account
+
+# End /etc/pam.d/chage
+EOF
+
+}
author	davidovski <david@davidovski.xyz>	2022-01-18 17:51:07 +0000
committer	davidovski <david@davidovski.xyz>	2022-01-18 17:51:07 +0000
commit	c807eae95eb95c23d7e9e71b91a87ee99fa8401d (patch)
tree	3a06ffc89e204cff95ae6e588cc5623d36835bc6 /repo
parent	d8828742cf655dc97610ce59ebfab238f16fe7f5 (diff)