30-security.sh
32 lines
| 859 B
| application/x-sh
|
BashLexer
/ bootstrap.d / 30-security.sh
Filip Pytloun
|
r56 | # | ||
# Setup users and security settings | ||||
# | ||||
Jan Wagner
|
r67 | # Load utility functions | ||
Filip Pytloun
|
r56 | . ./functions.sh | ||
# Generate crypt(3) password string | ||||
Jan Wagner
|
r75 | ENCRYPTED_PASSWORD=`mkpasswd -m sha-512 "${PASSWORD}"` | ||
Filip Pytloun
|
r56 | |||
Jan Wagner
|
r71 | # Setup default user | ||
Filip Pytloun
|
r56 | if [ "$ENABLE_USER" = true ] ; then | ||
chroot_exec adduser --gecos pi --add_extra_groups --disabled-password pi | ||||
chroot_exec usermod -a -G sudo -p "${ENCRYPTED_PASSWORD}" pi | ||||
fi | ||||
Jan Wagner
|
r71 | # Setup root password or not | ||
Jan Wagner
|
r72 | if [ "$ENABLE_ROOT" = true ] ; then | ||
Filip Pytloun
|
r56 | chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root | ||
Jan Wagner
|
r72 | if [ "$ENABLE_ROOT_SSH" = true ] ; then | ||
Jan Wagner
|
r75 | sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" "$R/etc/ssh/sshd_config" | ||
Filip Pytloun
|
r56 | fi | ||
else | ||||
Jan Wagner
|
r70 | # Set no root password to disable root login | ||
Filip Pytloun
|
r56 | chroot_exec usermod -p \'!\' root | ||
fi | ||||
# Enable serial console systemd style | ||||
if [ "$ENABLE_CONSOLE" = true ] ; then | ||||
chroot_exec systemctl enable serial-getty\@ttyAMA0.service | ||||
fi | ||||