baco/born2beroot
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

2021-11-03 23:08:05

Browse Source
This commit is contained in:
gbaconni
2021-11-03 23:08:05 +01:00
parent 099f0f9f97
commit b2ee79a1ae
1 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
preseed.cfg
View File

@@ -526,16 +526,17 @@ d-i finish-install/reboot_in_progress note
d-i preseed/late_command \ d-i preseed/late_command \
in-target update-alternatives --set editor /usr/bin/vim.basic; \ in-target update-alternatives --set editor /usr/bin/vim.basic; \
in-target sed -i'.orig' -r 's/^#?(Port) .*/\1 4242/; s/^#?(PermitRootLogin) .*/\1 no/;' /etc/ssh/sshd_config; \ in-target sed -i'.orig' -r 's/^#?(Port) .*/\1 4242/; s/^#?(PermitRootLogin) .*/\1 no/;' /etc/ssh/sshd_config; \
in-target ufw default deny incoming; \ in-target systemctl enable ufw; \
in-target ufw default allow outgoing; \ in-target systemctl start ufw; \
in-target ufw allow proto tcp from any to any port 4242 comment 'Allow SSH'; \
in-target ufw enable; \ in-target ufw enable; \
in-target ufw allow proto tcp from any to any port 4242; \
in-target ufw status; \
in-target groupadd -f -r sudo; \ in-target groupadd -f -r sudo; \
in-target groupadd -f user42; \ in-target groupadd -f user42; \
in-target usermod -a -G sudo,user42 gbaconni; \ in-target usermod -a -G sudo,user42 gbaconni; \
in-target sed -i'.orig' -r 's/^#?(PASS_MAX_DAYS).*/\1\t30/; s/^#?(PASS_MIN_DAYS).*/\1\t2/; s/^#?(PASS_WARN_AGE).*/\1\t7/; s/^#?(PASS_MIN_LEN).*/\1\t10/;' /etc/login.defs; \ in-target sed -i'.orig' -r 's/^#?(PASS_MAX_DAYS).*/\1\t30/; s/^#?(PASS_MIN_DAYS).*/\1\t2/; s/^#?(PASS_WARN_AGE).*/\1\t7/; s/^#?(PASS_MIN_LEN).*/\1\t10/;' /etc/login.defs; \
in-target sed -i'.orig' -r 's/^[# ]?(minlen =)/\1 10/; s/^[# ]?([ud]credit =)/\1 -1/; s/^[# ]?(maxrepeat =)/\1 3/; s/^[# ]?(usercheck =)/\1 1/; s/^[# ]?(difok =)/\1 7/;' /etc/security/pwquality.conf; \ in-target sed -i'.orig' -r 's/^[# ]*(minlen =)/\1 10/; s/^[# ]*([ud]credit =)/\1 -1/; s/^[# ]*(maxrepeat =)/\1 3/; s/^[# ]*(usercheck =)/\1 1/; s/^[# ]*(difok =)/\1 7/;' /etc/security/pwquality.conf; \
in-target mkdir -p /var/log/sudo; \ in-target mkdir -p /var/log/sudo; \
in-target echo -e 'passwd_tries=3\nbadpass_message="I am sorry. I am afraid you cannot do that."\nlog_input\nlog_output\niolog_dir="/var/log/sudo"\nrequiretty\nsecure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"' | sed 's/^/Defaults\t/' > /etc/sudoers.d/sudo; \ in-target printf 'passwd_tries=3\nbadpass_message="I am sorry. I am afraid you cannot do that."\nlog_input\nlog_output\niolog_dir="/var/log/sudo"\nrequiretty\nsecure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"\n' | sed 's/^/Defaults\t/' > /etc/sudoers.d/sudo; \
in-target apt-get clean in-target apt-get clean