delete password-auth-local and system-auth-local

2020-01-12 16:54:57 +08:00 · 2020-01-12 16:54:57 +08:00 · 04f5e03105
commit 04f5e03105
parent c3fc0d3e97
3 changed files with 4 additions and 110 deletions
--- a/security-tool-2.0/password-auth-local
+++ b/security-tool-2.0/password-auth-local
@ -1,44 +0,0 @@
-#######################################################################################
-#
-# Copyright (c) Huawei Technologies Co., Ltd. 2019. All rights reserved.
-# security-tool licensed under the Mulan PSL v1.
-# You can use this software according to the terms and conditions of the Mulan PSL v1.
-# You may obtain a copy of Mulan PSL v1 at:
-#     http://license.coscl.org.cn/MulanPSL
-# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
-# PURPOSE.
-# See the Mulan PSL v1 for more details.
-# Description: Configuration File for PAMified Services 
-#
-#######################################################################################
-
-#%PAM-1.0
-# User changes will be destroyed the next time authconfig is run.
-auth        required      pam_env.so
-auth        required      pam_faillock.so preauth audit deny=3 even_deny_root unlock_time=60
-auth        sufficient    pam_fprintd.so
-auth        sufficient    pam_unix.so nullok try_first_pass
-auth        sufficient    pam_sss.so use_first_pass
-auth        [default=die] pam_faillock.so authfail audit deny=3 even_deny_root unlock_time=60
-auth        sufficient    pam_faillock.so authsucc audit deny=3 even_deny_root unlock_time=60
-auth        requisite     pam_succeed_if.so uid >= 1000 quiet_success
-auth        required      pam_deny.so
-
-account     required      pam_unix.so
-account     sufficient    pam_localuser.so
-account     sufficient    pam_succeed_if.so uid < 1000 quiet
-account     [default=bad success=ok user_unknown=ignore] pam_sss.so
-account     required      pam_permit.so
-
-password    requisite     pam_pwquality.so try_first_pass local_users_only
-password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
-password    sufficient    pam_sss.so use_authtok
-password    required      pam_deny.so
-
-session     optional      pam_keyinit.so revoke
-session     required      pam_limits.so
-session     optional      pam_systemd.so
-session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
-session     required      pam_unix.so
-session     optional      pam_sss.so
--- a/security-tool-2.0/system-auth-local
+++ b/security-tool-2.0/system-auth-local
@ -1,45 +0,0 @@
-#######################################################################################
-#
-# Copyright (c) Huawei Technologies Co., Ltd. 2019. All rights reserved.
-# security-tool licensed under the Mulan PSL v1.
-# You can use this software according to the terms and conditions of the Mulan PSL v1.
-# You may obtain a copy of Mulan PSL v1 at:
-#     http://license.coscl.org.cn/MulanPSL
-# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
-# PURPOSE.
-# See the Mulan PSL v1 for more details.
-# Description: Configuration File for PAMified Services 
-#
-#######################################################################################
-
-#%PAM-1.0
-# User changes will be destroyed the next time authconfig is run.
-auth        required      pam_env.so
-auth        required      pam_faillock.so preauth audit deny=3 even_deny_root unlock_time=60
-auth        sufficient    pam_fprintd.so
-auth        sufficient    pam_unix.so nullok try_first_pass
-auth        sufficient    pam_sss.so use_first_pass
-auth        [default=die] pam_faillock.so authfail audit deny=3 even_deny_root unlock_time=60
-auth        sufficient    pam_faillock.so authsucc audit deny=3 even_deny_root unlock_time=60
-auth        requisite     pam_succeed_if.so uid >= 1000 quiet_success
-auth        required      pam_deny.so
-
-account     required      pam_unix.so
-account     required      pam_faillock.so
-account     sufficient    pam_localuser.so
-account     sufficient    pam_succeed_if.so uid < 1000 quiet
-account     [default=bad success=ok user_unknown=ignore] pam_sss.so
-account     required      pam_permit.so
-
-password    requisite     pam_pwquality.so try_first_pass local_users_only
-password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
-password    sufficient    pam_sss.so use_authtok
-password    required      pam_deny.so
-
-session     optional      pam_keyinit.so revoke
-session     required      pam_limits.so
-session     optional      pam_systemd.so
-session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
-session     required      pam_unix.so
-session     optional      pam_sss.so
--- a/security-tool.spec
+++ b/security-tool.spec
@ -1,7 +1,7 @@
 Summary: openEuler Security Tool
 Name   : security-tool
 Version: 2.0
-Release: 1.39
+Release: 1.40
 Source0: %{name}-%{version}.tar.bz2
 Source1: security
 Source2: security.conf
@ -45,8 +45,6 @@ install -m0644 zzz_openEuler_history.csh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d
 install -m0644 zzz_openEuler_history.sh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/zzz_openEuler_history.sh
 install -d -m0755 $RPM_BUILD_ROOT/%{_sysconfdir}/pam.d
 install -m0644 password-auth-crond $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/password-auth-crond
-install -m0644 password-auth-local $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/password-auth-local
-install -m0644 system-auth-local $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/system-auth-local
 install -m0644 su-local $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/su-local

 %clean
@ -63,22 +61,6 @@ then
    sed -i 's/readonly TMOUT$//g' /etc/profile
 fi

-if [ -h /etc/pam.d/system-auth ]
-then
-    rm -f /etc/pam.d/system-auth
-else
-    mv -f /etc/pam.d/system-auth /etc/pam.d/system-auth-bak
-fi
-ln -s /etc/pam.d/system-auth-local /etc/pam.d/system-auth
-
-if [ -h /etc/pam.d/password-auth ]
-then
-    rm -f /etc/pam.d/password-auth
-else
-    mv -f /etc/pam.d/password-auth /etc/pam.d/password-auth-bak
-fi
-ln -s /etc/pam.d/password-auth-local /etc/pam.d/password-auth
-
 if [ -h /etc/pam.d/su ]
 then
    rm -f /etc/pam.d/su
@ -137,13 +119,14 @@ fi
 %attr(0644,root,root) %{_sysconfdir}/profile.d/zzz_openEuler_history.csh
 %attr(0644,root,root) %{_sysconfdir}/profile.d/zzz_openEuler_history.sh
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/password-auth-crond
-%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/password-auth-local
-%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/system-auth-local
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/su-local
 %attr(0644,root,root) %{_unitdir}/openEuler-security.service
 %attr(0500,root,root) %{_sbindir}/security-tool.sh

 %changelog
+* Sun Jan 12 2019 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.40
+- Delete password-auth-local and system-auth-local
+
 * Sun Dec 29 2019 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.39
 - Add copyright for su-local