baco/born2beroot
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

2021-11-04 07:35:44

Browse Source
This commit is contained in:
gbaconni
2021-11-04 07:35:44 +01:00
parent 5bf72c5dae
commit f12fddabb0
1 changed files with 43 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

77
preseed.cfg
View File

@@ -125,8 +125,8 @@ d-i passwd/make-user boolean true
d-i passwd/user-fullname string gbaconni d-i passwd/user-fullname string gbaconni
d-i passwd/username string gbaconni d-i passwd/username string gbaconni
# Normal user's password, either in clear text # Normal user's password, either in clear text
d-i passwd/user-password password Born+2+be+Root d-i passwd/user-password password Born2beRoot
d-i passwd/user-password-again password Born+2+be+Root d-i passwd/user-password-again password Born2beRoot
# or encrypted using a crypt(3) hash. # or encrypted using a crypt(3) hash.
#d-i passwd/user-password-crypted password [crypt(3) hash] #d-i passwd/user-password-crypted password [crypt(3) hash]
# Create the first user with the specified UID instead of the default. # Create the first user with the specified UID instead of the default.
@@ -168,8 +168,8 @@ d-i clock-setup/ntp-server string ntp.metas.ch
# - crypto: use LVM within an encrypted partition # - crypto: use LVM within an encrypted partition
d-i partman-auto/method string crypto d-i partman-auto/method string crypto
d-i partman-crypto/confirm boolean false d-i partman-crypto/confirm boolean false
d-i partman-crypto/passphrase password Born+2+be+Root d-i partman-crypto/passphrase password Born2beRoot
d-i partman-crypto/passphrase-again password Born+2+be+Root d-i partman-crypto/passphrase-again password Born2beRoot
d-i partman-crypto/warn_erase boolean true d-i partman-crypto/warn_erase boolean true
d-i partman-crypto/weak_passphrase boolean false d-i partman-crypto/weak_passphrase boolean false
d-i partman-auto/purge_lvm_from_device boolean true d-i partman-auto/purge_lvm_from_device boolean true
@@ -199,59 +199,54 @@ d-i partman-auto/choose_recipe select boot-crypto
d-i partman-auto-lvm/new_vg_name string LVMGroup d-i partman-auto-lvm/new_vg_name string LVMGroup
d-i partman-auto/expert_recipe string \ d-i partman-auto/expert_recipe string \
boot-crypto :: \ boot-crypto :: \
500 10 512 ext2 \ 512 10 512 ext2 \
$primary{ } $bootable{ } \ $primary{ } $bootable{ } \
$defaultignore{ } \ $defaultignore{ } \
method{ format } format{ } \ method{ format } format{ } \
use_filesystem{ } filesystem{ ext2 } \ use_filesystem{ } filesystem{ ext2 } \
mountpoint{ /boot } \ mountpoint{ /boot } \
. \ . \
1 20 1 free \ 10240 20 10240 ext4 \
$primary{ } \
$defaultignore{ } \
method{ biosgrub } \
. \
10000 30 10240 ext4 \
$lvmok{ } \ $lvmok{ } \
lv_name{ root } \ lv_name{ root } \
method{ format } format{ } \ method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \ use_filesystem{ } filesystem{ ext4 } \
mountpoint{ / } \ mountpoint{ / } \
. \ . \
2300 40 2356 linux-swap \ 2356 30 -1 linux-swap \
$lvmok{ } \ $lvmok{ } \
lv_name{ swap } \ lv_name{ swap } \
method{ swap } format{ } \ method{ swap } format{ } \
. \ . \
5000 50 5120 ext4 \ 5120 40 5120 ext4 \
$lvmok{ } \ $lvmok{ } \
lv_name{ home } \ lv_name{ home } \
method{ format } format{ } \ method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \ use_filesystem{ } filesystem{ ext4 } \
mountpoint{ /home } \ mountpoint{ /home } \
. \ . \
3000 60 3072 ext4 \ 3072 50 3072 ext4 \
$lvmok{ } \ $lvmok{ } \
lv_name{ var } \ lv_name{ var } \
method{ format } format{ } \ method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \ use_filesystem{ } filesystem{ ext4 } \
mountpoint{ /var } \ mountpoint{ /var } \
. \ . \
3000 70 3072 ext4 \ 3072 60 3072 ext4 \
$lvmok{ } \ $lvmok{ } \
lv_name{ srv } \ lv_name{ srv } \
method{ format } format{ } \ method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \ use_filesystem{ } filesystem{ ext4 } \
mountpoint{ /srv } \ mountpoint{ /srv } \
. \ . \
3000 80 3072 ext4 \ 3072 70 3072 ext4 \
$lvmok{ } \ $lvmok{ } \
lv_name{ tmp } \ lv_name{ tmp } \
method{ format } format{ } \ method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \ use_filesystem{ } filesystem{ ext4 } \
mountpoint{ /tmp } \ mountpoint{ /tmp } \
. \ . \
4000 90 4096 ext4 \ 4096 80 4096 ext4 \
$lvmok{ } \ $lvmok{ } \
lv_name{ var-log } \ lv_name{ var-log } \
method{ format } format{ } \ method{ format } format{ } \
@@ -311,9 +306,12 @@ d-i partman/choose_partition select finish
d-i partman/confirm boolean true d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true d-i partman/confirm_nooverwrite boolean true
d-i partman-efi/non_efi_system boolean false
d-i partman-partitioning/choose_label string msdos
d-i partman-partitioning/default_label string msdos
# Force UEFI booting ('BIOS compatibility' will be lost). Default: false. # Force UEFI booting ('BIOS compatibility' will be lost). Default: false.
#d-i partman-efi/non_efi_system boolean true #d-i partman-efi/non_efi_system boolean true
d-i partman-efi/non_efi_system boolean false
# Ensure the partition table is GPT - this is required for EFI # Ensure the partition table is GPT - this is required for EFI
#d-i partman-partitioning/choose_label string gpt #d-i partman-partitioning/choose_label string gpt
#d-i partman-partitioning/default_label string gpt #d-i partman-partitioning/default_label string gpt
@@ -526,20 +524,31 @@ d-i debian-installer/exit/poweroff boolean true
# directly, or use the apt-install and in-target commands to easily install # directly, or use the apt-install and in-target commands to easily install
# packages and run commands in the target system. # packages and run commands in the target system.
#d-i preseed/late_command string apt-install zsh; in-target chsh -s /bin/zsh #d-i preseed/late_command string apt-install zsh; in-target chsh -s /bin/zsh
d-i preseed/late_command \ d-i preseed/late_command string \
in-target update-alternatives --set editor /usr/bin/vim.basic; \ echo '#!/bin/sh -e' > /target/etc/rc.local; \
in-target sed -i'.orig' -r 's/^#?(Port) .*/\1 4242/; s/^#?(PermitRootLogin) .*/\1 no/;' /etc/ssh/sshd_config; \ echo '' >> /target/etc/rc.local; \
in-target systemctl enable ufw; \ echo 'exit 0' >> /target/etc/rc.local; \
in-target systemctl start ufw; \ chmod +x /target/etc/rc.local; \
in-target ufw enable; \ cp /target/etc/rc.local /target/etc/rc.local.orig; \
in-target ufw allow proto tcp from any to any port 4242; \ echo '#!/bin/sh' > /target/etc/rc.local; \
in-target ufw status; \ echo '/usr/sbin/ufw enable' >> /target/etc/rc.local; \
in-target groupadd -f -r sudo; \ echo '/usr/sbin/ufw allow ssh' >> /target/etc/rc.local; \
in-target groupadd -f user42; \ echo '/usr/sbin/ufw allow proto tcp from any to any port 4242 >> /target/etc/rc.local; \
in-target usermod -a -G sudo,user42 gbaconni; \ echo 'mv -f /etc/rc.local /etc/rc.local.baco' >> /target/etc/rc.local; \
in-target sed -i'.orig' -r 's/^#?(PASS_MAX_DAYS).*/\1\t30/; s/^#?(PASS_MIN_DAYS).*/\1\t2/; s/^#?(PASS_WARN_AGE).*/\1\t7/; s/^#?(PASS_MIN_LEN).*/\1\t10/;' /etc/login.defs; \ echo 'mv -f /etc/rc.local.orig /etc/rc.local' >> /target/etc/rc.local; \
in-target sed -i'.orig' -r 's/^[# ]*(minlen =)/\1 10/; s/^[# ]*([ud]credit =)/\1 -1/; s/^[# ]*(maxrepeat =)/\1 3/; s/^[# ]*(usercheck =)/\1 1/; s/^[# ]*(difok =)/\1 7/;' /etc/security/pwquality.conf; \ echo 'test -x /etc/rc.local && /etc/rc.local' >> /target/etc/rc.local; \
in-target mkdir -p /var/log/sudo; \ echo 'exit 0' >> /target/etc/rc.local; \
in-target printf 'passwd_tries=3\nbadpass_message="I am sorry. I am afraid you cannot do that."\nlog_input\nlog_output\niolog_dir="/var/log/sudo"\nrequiretty\nsecure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"\n' | sed 's/^/Defaults\t/' > /etc/sudoers.d/sudo; \ in-target /usr/bin/systemctl enable rc-local.service >>/tmp/.42 2>&1; \
in-target apt-get clean in-target /usr/bin/update-alternatives --set editor /usr/bin/vim.basic >>/tmp/.42 2>&1; \
in-target /usr/bin/ln -snf /usr/bin/vim.basic /etc/alternatives/editor >>/tmp/.42 2>&1; \
in-target /usr/bin/sed -i'.orig' -r 's/^#?(Port) .*/\1 4242/; s/^#?(PermitRootLogin) .*/\1 no/;' /etc/ssh/sshd_config >>/tmp/.42 2>&1; \
in-target /usr/sbin/groupadd -f -r sudo >>/tmp/.42 2>&1; \
in-target /usr/sbin/groupadd -f user42 >>/tmp/.42 2>&1; \
in-target /usr/sbin/usermod -a -G sudo,user42 gbaconni >>/tmp/.42 2>&1; \
in-target /usr/bin/sed -i'.orig' -r 's/^#?(PASS_MAX_DAYS).*/\1\t30/; s/^#?(PASS_MIN_DAYS).*/\1\t2/; s/^#?(PASS_WARN_AGE).*/\1\t7/; s/^#?(PASS_MIN_LEN).*/\1\t10/;' /etc/login.defs >>/tmp/.42 2>&1; \
in-target /usr/bin/sed -i'.orig' -r 's/^[# ]*(minlen =)/\1 10/; s/^[# ]*([ud]credit =)/\1 -1/; s/^[# ]*(maxrepeat =)/\1 3/; s/^[# ]*(usercheck =)/\1 1/; s/^[# ]*(difok =)/\1 7/;' /etc/security/pwquality.conf >>/tmp/.42 2>&1; \
in-target /usr/bin/install -D -d /var/log/sudo >>/tmp/.42 2>&1; \
in-target /usr/bin/printf 'passwd_tries=3\nbadpass_message="I am sorry. I am afraid you cannot do that."\nlog_input\nlog_output\niolog_dir="/var/log/sudo"\nrequiretty\nsecure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"\n' | sed 's/^/Defaults\t/' >/etc/sudoers.d/sudo 2>>/tmp/.42; \
in-target /usr/bin/apt-get clean >>/tmp/.42 2>&1; \
in-target echo "That's All Folks!" >>/tmp/.42 2>&1