packages/security-tool
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

delete password-auth-local and system-auth-local

Browse Source
This commit is contained in:
guoxiaoqi 2020-01-12 16:54:57 +08:00
parent c3fc0d3e97
commit 04f5e03105
3 changed files with 4 additions and 110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
security-tool-2.0/password-auth-local
View File

@ -1,44 +0,0 @@
#######################################################################################
#
# Copyright (c) Huawei Technologies Co., Ltd. 2019. All rights reserved.
# security-tool licensed under the Mulan PSL v1.
# You can use this software according to the terms and conditions of the Mulan PSL v1.
# You may obtain a copy of Mulan PSL v1 at:
# http://license.coscl.org.cn/MulanPSL
# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
# PURPOSE.
# See the Mulan PSL v1 for more details.
# Description: Configuration File for PAMified Services
#
#######################################################################################
#%PAM-1.0
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth required pam_faillock.so preauth audit deny=3 even_deny_root unlock_time=60
-auth sufficient pam_fprintd.so
auth sufficient pam_unix.so nullok try_first_pass
-auth sufficient pam_sss.so use_first_pass
auth [default=die] pam_faillock.so authfail audit deny=3 even_deny_root unlock_time=60
auth sufficient pam_faillock.so authsucc audit deny=3 even_deny_root unlock_time=60
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 1000 quiet
-account [default=bad success=ok user_unknown=ignore] pam_sss.so
account required pam_permit.so
password requisite pam_pwquality.so try_first_pass local_users_only
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
-password sufficient pam_sss.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
-session optional pam_systemd.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
-session optional pam_sss.so

45
security-tool-2.0/system-auth-local
View File

@ -1,45 +0,0 @@
#######################################################################################
#
# Copyright (c) Huawei Technologies Co., Ltd. 2019. All rights reserved.
# security-tool licensed under the Mulan PSL v1.
# You can use this software according to the terms and conditions of the Mulan PSL v1.
# You may obtain a copy of Mulan PSL v1 at:
# http://license.coscl.org.cn/MulanPSL
# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
# PURPOSE.
# See the Mulan PSL v1 for more details.
# Description: Configuration File for PAMified Services
#
#######################################################################################
#%PAM-1.0
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth required pam_faillock.so preauth audit deny=3 even_deny_root unlock_time=60
-auth sufficient pam_fprintd.so
auth sufficient pam_unix.so nullok try_first_pass
-auth sufficient pam_sss.so use_first_pass
auth [default=die] pam_faillock.so authfail audit deny=3 even_deny_root unlock_time=60
auth sufficient pam_faillock.so authsucc audit deny=3 even_deny_root unlock_time=60
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
auth required pam_deny.so
account required pam_unix.so
account required pam_faillock.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 1000 quiet
-account [default=bad success=ok user_unknown=ignore] pam_sss.so
account required pam_permit.so
password requisite pam_pwquality.so try_first_pass local_users_only
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
-password sufficient pam_sss.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
-session optional pam_systemd.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
-session optional pam_sss.so

25
security-tool.spec
View File

@ -1,7 +1,7 @@
Summary: openEuler Security Tool Summary: openEuler Security Tool
Name : security-tool Name : security-tool
Version: 2.0 Version: 2.0
Release: 1.39 Release: 1.40
Source0: %{name}-%{version}.tar.bz2 Source0: %{name}-%{version}.tar.bz2
Source1: security Source1: security
Source2: security.conf Source2: security.conf
@ -45,8 +45,6 @@ install -m0644 zzz_openEuler_history.csh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d
install -m0644 zzz_openEuler_history.sh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/zzz_openEuler_history.sh install -m0644 zzz_openEuler_history.sh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/zzz_openEuler_history.sh
install -d -m0755 $RPM_BUILD_ROOT/%{_sysconfdir}/pam.d install -d -m0755 $RPM_BUILD_ROOT/%{_sysconfdir}/pam.d
install -m0644 password-auth-crond $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/password-auth-crond install -m0644 password-auth-crond $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/password-auth-crond
install -m0644 password-auth-local $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/password-auth-local
install -m0644 system-auth-local $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/system-auth-local
install -m0644 su-local $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/su-local install -m0644 su-local $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/su-local
%clean %clean
@ -63,22 +61,6 @@ then
sed -i 's/readonly TMOUT$//g' /etc/profile sed -i 's/readonly TMOUT$//g' /etc/profile
fi fi
if [ -h /etc/pam.d/system-auth ]
then
rm -f /etc/pam.d/system-auth
else
mv -f /etc/pam.d/system-auth /etc/pam.d/system-auth-bak
fi
ln -s /etc/pam.d/system-auth-local /etc/pam.d/system-auth
if [ -h /etc/pam.d/password-auth ]
then
rm -f /etc/pam.d/password-auth
else
mv -f /etc/pam.d/password-auth /etc/pam.d/password-auth-bak
fi
ln -s /etc/pam.d/password-auth-local /etc/pam.d/password-auth
if [ -h /etc/pam.d/su ] if [ -h /etc/pam.d/su ]
then then
rm -f /etc/pam.d/su rm -f /etc/pam.d/su
@ -137,13 +119,14 @@ fi
%attr(0644,root,root) %{_sysconfdir}/profile.d/zzz_openEuler_history.csh %attr(0644,root,root) %{_sysconfdir}/profile.d/zzz_openEuler_history.csh
%attr(0644,root,root) %{_sysconfdir}/profile.d/zzz_openEuler_history.sh %attr(0644,root,root) %{_sysconfdir}/profile.d/zzz_openEuler_history.sh
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/password-auth-crond %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/password-auth-crond
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/password-auth-local
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/system-auth-local
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/su-local %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/su-local
%attr(0644,root,root) %{_unitdir}/openEuler-security.service %attr(0644,root,root) %{_unitdir}/openEuler-security.service
%attr(0500,root,root) %{_sbindir}/security-tool.sh %attr(0500,root,root) %{_sbindir}/security-tool.sh
%changelog %changelog
* Sun Jan 12 2019 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.40
- Delete password-auth-local and system-auth-local
* Sun Dec 29 2019 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.39 * Sun Dec 29 2019 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.39
- Add copyright for su-local - Add copyright for su-local