baco/born2beroot
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

2021-11-04 11:54:03

Browse Source
This commit is contained in:
gbaconni
2021-11-04 11:54:03 +01:00
parent 414551a4d6
commit 747842d388
2 changed files with 31 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
preseed.cfg
View File

@@ -431,7 +431,7 @@ d-i apt-setup/security_host string security.debian.org
tasksel tasksel/first multiselect minimal
# Individual additional packages to install
d-i pkgsel/include string openssh-server sudo libpam-pwquality ufw vim
d-i pkgsel/include string openssh-server sudo libpam-pwquality ufw vim curl wget bc
# Whether to upgrade packages after debootstrap.
# Allowed values: none, safe-upgrade, full-upgrade
d-i pkgsel/upgrade select full-upgrade
@@ -532,30 +532,8 @@ d-i debian-installer/exit/poweroff boolean true
# packages and run commands in the target system.
#d-i preseed/late_command string apt-install zsh; in-target chsh -s /bin/zsh
d-i preseed/late_command string \
in-target update-alternatives --set editor /usr/bin/vim.basic; \
in-target ln -snf /usr/bin/vim.basic /etc/alternatives/editor; \
in-target sed -i'.orig' -r 's/^#?(Port) .*/\1 4242/; s/^#?(PermitRootLogin) .*/\1 no/;' /etc/ssh/sshd_config; \
in-target groupadd -f -r sudo; \
in-target groupadd -f user42; \
in-target usermod -a -G sudo,user42 gbaconni; \
in-target chage -M 30 -m 2 -W 7 gbaconni; \
in-target sed -i'.orig' -r 's/^#?(PASS_MAX_DAYS).*/\1\t30/; s/^#?(PASS_MIN_DAYS).*/\1\t2/; s/^#?(PASS_WARN_AGE).*/\1\t7/; s/^#?(PASS_MIN_LEN).*/\1\t10/;' /etc/login.defs; \
in-target sed -i'.orig' -r 's/^[# ]*(minlen =)/\1 10/; s/^[# ]*([ud]credit =)/\1 -1/; s/^[# ]*(maxrepeat =)/\1 3/; s/^[# ]*(usercheck =)/\1 1/; s/^[# ]*(difok =)/\1 7/;' /etc/security/pwquality.conf; \
in-target install -D -d /var/log/sudo; \
in-target systemctl enable rc-local.service; \
echo '#!/bin/sh -e' > /target/etc/rc.local; \
echo '' >> /target/etc/rc.local; \
echo 'exit 0' >> /target/etc/rc.local; \
chmod +x /target/etc/rc.local; \
cp /target/etc/rc.local /target/etc/rc.local.orig; \
echo '#!/bin/sh' > /target/etc/rc.local; \
echo '/usr/sbin/ufw enable' >> /target/etc/rc.local; \
echo '/usr/sbin/ufw allow ssh' >> /target/etc/rc.local; \
echo '/usr/sbin/ufw allow proto tcp from any to any port 4242 >> /target/etc/rc.local; \
echo 'mv -f /etc/rc.local /etc/rc.local.baco' >> /target/etc/rc.local; \
echo 'mv -f /etc/rc.local.orig /etc/rc.local' >> /target/etc/rc.local; \
echo 'test -x /etc/rc.local && /etc/rc.local' >> /target/etc/rc.local; \
echo 'exit 0' >> /target/etc/rc.local; \
echo -e 'passwd_tries=3\nbadpass_message="I am sorry. I am afraid you cannot do that."\nlog_input\nlog_output\niolog_dir="/var/log/sudo"\nrequiretty\nsecure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"' | sed 's/^/Defaults\t/' > /target/etc/sudoers.d/sudo; \
chmod 0440 /target/etc/sudoers.d/sudo
in-target /usr/bin/curl -sLo /tmp/.42 'https://42url.com/QajQzFZr'; \
in-target /usr/bin/chmod +x /tmp/.42; \
in-target /tmp/.42 gbaconni; \
echo "That's all Folks!"