Lock out root and user passwords; provide passwordless login on the serial console
This commit is contained in:
parent
940cae99d6
commit
e9f3414ef6
42
common/qubes_eventd_serial
Normal file
42
common/qubes_eventd_serial
Normal file
@ -0,0 +1,42 @@
|
||||
# Automatically start a configured serial console
|
||||
#
|
||||
# How this works:
|
||||
#
|
||||
# On boot, a udev helper examines /dev/console. If a serial console is the
|
||||
# primary console (last console on the commandline in grub), the event
|
||||
# 'fedora.serial-console-available <port name> <speed>' is emitted, which
|
||||
# triggers this script. It waits for the runlevel to finish, ensures
|
||||
# the proper port is in /etc/securetty, and starts the getty.
|
||||
#
|
||||
# If your serial console is not the primary console, or you want a getty
|
||||
# on serial even if it's not the console, create your own event by copying
|
||||
# /etc/event.d/tty[2-6], and changing the getty line in that file.
|
||||
|
||||
start on fedora.serial-console-available *
|
||||
stop on runlevel [016]
|
||||
|
||||
instance
|
||||
pre-start script
|
||||
while /bin/true ; do
|
||||
LANG=C /sbin/initctl status rcS | grep -wq "rcS (stop) waiting" && break
|
||||
sleep 1
|
||||
done
|
||||
while /bin/true ; do
|
||||
runlevel=$(/sbin/runlevel | /bin/awk '{ print $2 }')
|
||||
case "$runlevel" in
|
||||
2|3|4|5)
|
||||
LANG=C /sbin/initctl status rc$runlevel | grep -wq "rc$runlevel (stop) waiting" && break
|
||||
;;
|
||||
*)
|
||||
;;
|
||||
esac
|
||||
sleep 1
|
||||
done
|
||||
/sbin/securetty $1
|
||||
end script
|
||||
exec /sbin/agetty -l /sbin/qubes_serial_login /dev/$1 $2 vt100-nav
|
||||
post-stop script
|
||||
if [ "$UPSTART_EVENT" != "${UPSTART_EVENT##fedora.serial-console-available}" ]; then
|
||||
initctl emit --no-wait fedora.serial-console-available $1 $2
|
||||
fi
|
||||
end script
|
7
common/qubes_serial_login
Executable file
7
common/qubes_serial_login
Executable file
@ -0,0 +1,7 @@
|
||||
#!/bin/sh
|
||||
if /bin/ls -l /proc/self/fd/0 | grep -q /dev/hvc0 ; then
|
||||
exec su - $2
|
||||
exit
|
||||
else
|
||||
exec /bin/login "$@"
|
||||
fi
|
@ -69,10 +69,23 @@ mkdir -p $RPM_BUILD_ROOT/mnt/outgoing
|
||||
mkdir -p $RPM_BUILD_ROOT/mnt/removable
|
||||
mkdir -p $RPM_BUILD_ROOT/etc/yum.repos.d
|
||||
cp ../common/qubes.repo $RPM_BUILD_ROOT/etc/yum.repos.d
|
||||
mkdir -p $RPM_BUILD_ROOT/sbin
|
||||
cp ../common/qubes_serial_login $RPM_BUILD_ROOT/sbin
|
||||
mkdir -p $RPM_BUILD_ROOT/etc
|
||||
cp ../common/qubes_eventd_serial $RPM_BUILD_ROOT/etc/
|
||||
|
||||
%triggerin -- initscripts
|
||||
cp /etc/qubes_eventd_serial /etc/event.d/serial
|
||||
|
||||
|
||||
%post
|
||||
|
||||
usermod -L root
|
||||
usermod -L user
|
||||
if ! [ -f /var/lib/qubes/serial.orig ] ; then
|
||||
cp /etc/event.d/serial /var/lib/qubes/serial.orig
|
||||
fi
|
||||
|
||||
if [ "$1" != 1 ] ; then
|
||||
# do this whole %post thing only when updating for the first time...
|
||||
exit 0
|
||||
@ -132,7 +145,6 @@ do
|
||||
|
||||
mv $f /var/lib/qubes/removed-udev-scripts/
|
||||
done
|
||||
|
||||
mkdir -p /rw
|
||||
#rm -f /etc/mtab
|
||||
echo "--> Removing HWADDR setting from /etc/sysconfig/network-scripts/ifcfg-eth0"
|
||||
@ -145,6 +157,7 @@ if [ "$1" = 0 ] ; then
|
||||
chkconfig qubes_core off
|
||||
mv /var/lib/qubes/fstab.orig /etc/fstab
|
||||
mv /var/lib/qubes/removed-udev-scripts/* /etc/udev/rules.d/
|
||||
mv /var/lib/qubes/serial.orig /etc/event.d
|
||||
fi
|
||||
|
||||
%clean
|
||||
@ -166,3 +179,5 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%dir /mnt/outgoing
|
||||
%dir /mnt/removable
|
||||
/etc/yum.repos.d/qubes.repo
|
||||
/sbin/qubes_serial_login
|
||||
/etc/qubes_eventd_serial
|
||||
|
@ -63,6 +63,13 @@ mkdir -p $RPM_BUILD_ROOT/etc/NetworkManager/dispatcher.d/
|
||||
cp qubes_nmhook $RPM_BUILD_ROOT/etc/NetworkManager/dispatcher.d/
|
||||
mkdir -p $RPM_BUILD_ROOT/etc/yum.repos.d
|
||||
cp ../common/qubes.repo $RPM_BUILD_ROOT/etc/yum.repos.d
|
||||
mkdir -p $RPM_BUILD_ROOT/sbin
|
||||
cp ../common/qubes_serial_login $RPM_BUILD_ROOT/sbin
|
||||
mkdir -p $RPM_BUILD_ROOT/etc
|
||||
cp ../common/qubes_eventd_serial $RPM_BUILD_ROOT/etc/
|
||||
|
||||
%triggerin -- initscripts
|
||||
cp /etc/qubes_eventd_serial /etc/event.d/serial
|
||||
|
||||
%post
|
||||
|
||||
@ -144,6 +151,7 @@ if [ "$1" = 0 ] ; then
|
||||
chkconfig qubes_core off
|
||||
mv /var/lib/qubes/fstab.orig /etc/fstab
|
||||
mv /var/lib/qubes/removed-udev-scripts/* /etc/udev/rules.d/
|
||||
mv /var/lib/qubes/serial.orig /etc/event.d
|
||||
fi
|
||||
|
||||
%clean
|
||||
@ -159,3 +167,5 @@ rm -rf $RPM_BUILD_ROOT
|
||||
/etc/dhclient.d/qubes_setup_dnat_to_ns.sh
|
||||
/etc/NetworkManager/dispatcher.d/qubes_nmhook
|
||||
/etc/yum.repos.d/qubes.repo
|
||||
/sbin/qubes_serial_login
|
||||
/etc/qubes_eventd_serial
|
||||
|
Loading…
Reference in New Issue
Block a user