30-security.sh
33 lines
| 891 B
| application/x-sh
|
BashLexer
/ bootstrap.d / 30-security.sh
Filip Pytloun
|
r56 | # | ||
# Setup users and security settings | ||||
# | ||||
Jan Wagner
|
r67 | # Load utility functions | ||
Filip Pytloun
|
r56 | . ./functions.sh | ||
# Generate crypt(3) password string | ||||
Jan Wagner
|
r75 | ENCRYPTED_PASSWORD=`mkpasswd -m sha-512 "${PASSWORD}"` | ||
Filip Pytloun
|
r56 | |||
Jan Wagner
|
r71 | # Setup default user | ||
Filip Pytloun
|
r56 | if [ "$ENABLE_USER" = true ] ; then | ||
Stephen A. Brandli
|
r84 | chroot_exec adduser --gecos $USER_NAME --add_extra_groups \ | ||
--disabled-password $USER_NAME | ||||
chroot_exec usermod -a -G sudo -p "${ENCRYPTED_PASSWORD}" $USER_NAME | ||||
Filip Pytloun
|
r56 | fi | ||
Jan Wagner
|
r71 | # Setup root password or not | ||
Jan Wagner
|
r72 | if [ "$ENABLE_ROOT" = true ] ; then | ||
Filip Pytloun
|
r56 | chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root | ||
Jan Wagner
|
r72 | if [ "$ENABLE_ROOT_SSH" = true ] ; then | ||
drtyhlpr
|
r94 | sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" "${ETC_DIR}/ssh/sshd_config" | ||
Filip Pytloun
|
r56 | fi | ||
else | ||||
Jan Wagner
|
r70 | # Set no root password to disable root login | ||
Filip Pytloun
|
r56 | chroot_exec usermod -p \'!\' root | ||
fi | ||||
# Enable serial console systemd style | ||||
if [ "$ENABLE_CONSOLE" = true ] ; then | ||||
chroot_exec systemctl enable serial-getty\@ttyAMA0.service | ||||
fi | ||||