diff --git a/CMakeLists.txt b/CMakeLists.txt index 3d7ce94..d23af8a 100755 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -16,7 +16,6 @@ set(CMAKE_CXX_EXTENSIONS NO) add_compile_options(-Wall -Wextra -Wpedantic -Wno-format-security) option(ENABLE_TESTS "Enable tests" OFF) - add_custom_target(CONFIG_IDE SOURCES ${CMAKE_CURRENT_LIST_DIR}/rsc/rublon.config.defaults) add_custom_target(INSTSCRIPTS_IDE SUORCES ${CMAKE_CURRENT_LIST_DIR}/service/postinst) @@ -36,10 +35,22 @@ install( GROUP_READ ) +install( + FILES + ${CMAKE_CURRENT_LIST_DIR}/service/01_rublon_ssh.conf.default + DESTINATION + share/rublon + COMPONENT + PAM + PERMISSIONS + OWNER_READ + OWNER_WRITE + GROUP_READ +) + if (${ENABLE_TESTS}) enable_testing() endif() add_subdirectory(PAM/ssh) - include(pack.cmake) diff --git a/pack.cmake b/pack.cmake index 6b8b484..9fa3f53 100755 --- a/pack.cmake +++ b/pack.cmake @@ -28,8 +28,12 @@ set(CPACK_DEB_COMPONENT_INSTALL YES) set(CPACK_DEBIAN_PACKAGE_SHLIBDEPS YES) set(CPACK_GENERATOR "DEB") +#set(CPACK_GENERATOR "RPM") +#set(CPACK_RPM_SPEC_MORE_DEFINE "%define _build_id_links none") +#set(CPACK_RPM_FILE_NAME RPM-DEFAULT) # set(CPACK_DEBIAN_DEV_PACKAGE_DEPENDS "libcurl4(>= 7.0.0), libc(>= 2.0)") # set(CPACK_DEBIAN_PACKAGE_DEPENDS "libcurl4(>= 7.0.0), libc(>= 2.0), libssl(>= 1.0)") -set(CPACK_DEBIAN_PACKAGE_CONTROL_EXTRA "${CMAKE_CURRENT_SOURCE_DIR}/service/postinst") +set(CPACK_DEBIAN_PACKAGE_CONTROL_EXTRA + "${CMAKE_CURRENT_SOURCE_DIR}/service/postinst;${CMAKE_CURRENT_SOURCE_DIR}/service/postrm") include(CPack) diff --git a/service/01_rublon_ssh.conf.default b/service/01_rublon_ssh.conf.default new file mode 100644 index 0000000..57bf611 --- /dev/null +++ b/service/01_rublon_ssh.conf.default @@ -0,0 +1,4 @@ +UsePAM yes +PasswordAuthentication yes +ChallengeResponseAuthentication yes +#KbdInteractiveAuthentication no \ No newline at end of file diff --git a/service/postinst b/service/postinst index 1bd2921..cfc7710 100755 --- a/service/postinst +++ b/service/postinst @@ -3,6 +3,7 @@ SSHD_CONF=/etc/ssh/sshd_config SSHD_PAM_CONF=/etc/pam.d/sshd RUBLON_CONFIG=/etc/rublon.config +RUBLON_SSH_CONFIG=/etc/ssh/sshd_config.d/01_rublon_ssh.conf if [ ! -f /etc/rublon.config ] then @@ -11,24 +12,24 @@ then chmod 640 $RUBLON_CONFIG fi +if [ ! -f /etc/ssh/sshd_config.d/01_rublon_ssh.conf ] +then + cp -a /usr/share/rublon/01_rublon_ssh.conf.default $RUBLON_SSH_CONFIG + chown root:root $RUBLON_SSH_CONFIG + chmod 640 $RUBLON_SSH_CONFIG +fi if [ -f /etc/os-release ] then . /etc/os-release fi -grep -qe "^PasswordAuthentication" $SSHD_CONF && \ - sed -i 's/^#*PasswordAuthentication[[:space:]]\+.*/PasswordAuthentication yes/' $SSHD_CONF || \ - echo "PasswordAuthentication yes" >> $SSHD_CONF - -grep -qe "^ChallengeResponseAuthentication" $SSHD_CONF && \ - sed -i 's/^#*ChallengeResponseAuthentication[[:space:]]\+.*/ChallengeResponseAuthentication yes/' $SSHD_CONF || \ - echo "ChallengeResponseAuthentication yes" >> $SSHD_CONF - -grep -qe "^UsePAM" $SSHD_CONF && \ - sed -i 's/^#*UsePAM[[:space:]]\+.*/UsePAM yes/' $SSHD_CONF || \ - echo "UsePAM yes" >> $SSHD_CONF - -sed -i 's/KbdInteractiveAuthentication/#KbdInteractiveAuthentication/' $SSHD_CONF +if [ $ID == "rhel" ] +then + cd /home/vagrant/Rublon-Linux/service + checkmodule -M -m -o login_rublon.mod login_rublon.te + semodule_package -o login_rublon.pp -m login_rublon.mod + semodule -i login_rublon.pp +fi grep -qe 'auth required pam_rublon.so' $SSHD_PAM_CONF || sed -i '$aauth required pam_rublon.so' $SSHD_PAM_CONF grep -qe 'account required pam_rublon.so' $SSHD_PAM_CONF || sed -i '$aaccount required pam_rublon.so' $SSHD_PAM_CONF diff --git a/service/postrm b/service/postrm new file mode 100644 index 0000000..5d5f817 --- /dev/null +++ b/service/postrm @@ -0,0 +1,22 @@ +#!/bin/bash + +RUBLON_CONFIG=/etc/rublon.config +RUBLON_SSH_CONFIG=/etc/ssh/sshd_config.d/01_rublon_ssh.conf +SSHD_PAM_CONF=/etc/pam.d/sshd + +if [ $1 == 'purge' ] +then + if [ -f $RUBLON_CONFIG ] + then + rm $RUBLON_CONFIG + fi + + if [ -f $RUBLON_SSH_CONFIG ] + then + rm $RUBLON_SSH_CONFIG + fi +fi + +sed -i '/auth required pam_rublon.so/d' $SSHD_PAM_CONF +sed -i '/account required pam_rublon.so/d' $SSHD_PAM_CONF +