Added configuration script for pubkey
This commit is contained in:
parent
e4b90e4cc3
commit
c482441d32
@ -59,7 +59,7 @@ install(
|
||||
)
|
||||
|
||||
add_subdirectory(lib)
|
||||
add_subdirectory(bin)
|
||||
#add_subdirectory(bin)
|
||||
|
||||
# if(${ENABLE_TESTS})
|
||||
# add_subdirectory(tests)
|
||||
|
||||
@ -23,7 +23,7 @@ set(CPACK_DEBIAN_PACKAGE_MAINTAINER "Bartosz Wieczorek")
|
||||
#set(CPACK_RESOURCE_FILE_LICENSE "${CMAKE_CURRENT_SOURCE_DIR}/LICENSE")
|
||||
#set(CPACK_RESOURCE_FILE_README "${CMAKE_CURRENT_SOURCE_DIR}/README.md")
|
||||
|
||||
set(CPACK_DEBIAN_FILE_NAME DEB-DEFAULT)
|
||||
set(CPACK_DEBIAN_FILE_NAME ${CPACK_PACKAGE_NAME}-${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}.${CPACK_PACKAGE_VERSION_PATCH}_${LSB_RELEASE_ID_SHORT}${os_version_suffix}.deb)
|
||||
set(CPACK_DEB_COMPONENT_INSTALL YES)
|
||||
|
||||
set(CPACK_DEBIAN_PACKAGE_SHLIBDEPS YES)
|
||||
@ -44,8 +44,8 @@ list(APPEND CPACK_RPM_EXCLUDE_FROM_AUTO_FILELIST_ADDITION
|
||||
"/usr/lib64/security"
|
||||
)
|
||||
set(CPACK_RPM_SPEC_MORE_DEFINE "%define _build_id_links none")
|
||||
set(CPACK_RPM_FILE_NAME RPM-DEFAULT)
|
||||
set(CPACK_RPM_PACKAGE_REQUIRES_PRE "policycoreutils")
|
||||
set(CPACK_RPM_FILE_NAME "${CPACK_PACKAGE_NAME}-${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}.${CPACK_PACKAGE_VERSION_PATCH}_${LSB_RELEASE_ID_SHORT}${os_version_suffix}.rpm" )
|
||||
set(CPACK_RPM_PACKAGE_REQUIRES_PRE "policycoreutils-python-utils")
|
||||
if(${os_version_suffix} MATCHES ".el8")
|
||||
set(CPACK_RPM_POST_INSTALL_SCRIPT_FILE "${CMAKE_CURRENT_SOURCE_DIR}/service/helpers/postinst_rhel_8")
|
||||
set(CPACK_RPM_POST_UNINSTALL_SCRIPT_FILE "${CMAKE_CURRENT_SOURCE_DIR}/service/helpers/postrm_rhel_8")
|
||||
|
||||
@ -1,7 +1,6 @@
|
||||
UsePAM yes
|
||||
ChallengeResponseAuthentication yes
|
||||
#KbdInteractiveAuthentication no
|
||||
|
||||
LoginGraceTime 15m
|
||||
AuthenticationMethods publickey,keyboard-interactive
|
||||
MaxAuthTries 3
|
||||
PubkeyAuthentication yes
|
||||
|
||||
@ -2,15 +2,8 @@
|
||||
|
||||
SSHD_CONF=/etc/ssh/sshd_config
|
||||
SSHD_PAM_CONF=/etc/pam.d/sshd
|
||||
RUBLON_CONFIG=/etc/rublon.config
|
||||
RUBLON_SSH_CONFIG=/etc/ssh/sshd_config.d/01-rublon-ssh.conf
|
||||
|
||||
if [ ! -f $RUBLON_CONFIG ]
|
||||
then
|
||||
cp -a /usr/share/rublon/rublon.config.defaults $RUBLON_CONFIG
|
||||
chown root:root $RUBLON_CONFIG
|
||||
chmod 640 $RUBLON_CONFIG
|
||||
fi
|
||||
cp -a /usr/share/rublon/01-rublon-ssh_pubkey.conf.default $RUBLON_SSH_CONFIG
|
||||
chown root:root $RUBLON_SSH_CONFIG
|
||||
chmod 640 $RUBLON_SSH_CONFIG
|
||||
@ -19,10 +12,14 @@ if [ -f /etc/os-release ]
|
||||
then
|
||||
. /etc/os-release
|
||||
fi
|
||||
grep -qe 'auth requisite pam_rublon.so' $SSHD_PAM_CONF || sed -i '$aauth requisite pam_rublon.so' $SSHD_PAM_CONF
|
||||
|
||||
if [ ${OS} == "Ubuntu"]
|
||||
then
|
||||
grep -qe 'account required pam_rublon.so' $SSHD_PAM_CONF || sed -i '$aaccount required pam_rublon.so' $SSHD_PAM_CONF
|
||||
fi
|
||||
|
||||
grep -qe 'auth required pam_rublon.so' $SSHD_PAM_CONF || sed -i '$aauth required pam_rublon.so' $SSHD_PAM_CONF
|
||||
grep -qe 'account required pam_rublon.so' $SSHD_PAM_CONF || sed -i '$aaccount required pam_rublon.so' $SSHD_PAM_CONF
|
||||
grep -qe '@include common-auth' $SSHD_PAM_CONF || sed -i 's/@include common-auth/#@include common-auth/' $SSHD_PAM_CONF
|
||||
|
||||
deb-systemd-invoke restart ssh.service
|
||||
systemctrl restart sshd
|
||||
|
||||
|
||||
@ -23,9 +23,7 @@ checkmodule -M -m -o login_rublon.mod login_rublon.te
|
||||
semodule_package -o login_rublon.pp -m login_rublon.mod
|
||||
semodule -i login_rublon.pp
|
||||
|
||||
sed -i '1 i\Include 01-rublon-ssh.conf' $SSHD_CONF
|
||||
grep -qe '#auth substack password-auth' $SSHD_PAM_CONF || sed -i -e 's/auth substack password-auth/#auth substack password-auth/g' $SSHD_PAM_CONF
|
||||
grep -qe 'auth requisite pam_unix.so' $SSHD_PAM_CONF || sed -i '$aauth requisite pam_unix.so' $SSHD_PAM_CONF
|
||||
sed -i '1 i\Include /etc/ssh/01-rublon-ssh.conf' $SSHD_CONF
|
||||
grep -qe 'auth required pam_rublon.so' $SSHD_PAM_CONF || sed -i '$aauth required pam_rublon.so' $SSHD_PAM_CONF
|
||||
grep -qe 'account required pam_rublon.so' $SSHD_PAM_CONF || sed -i '$aaccount required pam_rublon.so' $SSHD_PAM_CONF
|
||||
|
||||
|
||||
@ -9,10 +9,12 @@ then
|
||||
fi
|
||||
|
||||
if [ -f $RUBLON_SSH_CONFIG ]
|
||||
then
|
||||
theni:q
|
||||
|
||||
rm $RUBLON_SSH_CONFIG
|
||||
fi
|
||||
|
||||
grep -qe 'auth substack password-auth' $SSHD_PAM_CONF || sed -i -e 's/#auth substack password-auth/auth substack password-auth/g' $SSHD_PAM_CONF
|
||||
sed -i '/auth required pam_rublon.so/d' $SSHD_PAM_CONF
|
||||
sed -i '/account required pam_rublon.so/d' $SSHD_PAM_CONF
|
||||
|
||||
|
||||
@ -17,5 +17,4 @@ grep -qe 'auth substack password-auth' $SSHD_PAM_CONF || sed -i -e 's/
|
||||
sed -i '/auth required pam_rublon.so/d' $SSHD_PAM_CONF
|
||||
sed -i '/account required pam_rublon.so/d' $SSHD_PAM_CONF
|
||||
sed -i '/auth requisite pam_unix.so/d' $SSHD_PAM_CONF
|
||||
sed -i '/Include 01-rublon-ssh.conf/d' $RUBLON_SSH_CONFIG_D
|
||||
|
||||
sed -i '/01-rublon-ssh.conf/d' $RUBLON_SSH_CONFIG_D
|
||||
Loading…
Reference in New Issue
Block a user