From f29d3519ce073ec30f99754d93304324f7f26d65 Mon Sep 17 00:00:00 2001
From: Deposite Pirate
Date: Sun, 16 Sep 2018 18:47:05 +0200
Subject: Initial commit.

---
 base/bin/config/login.defs | 261 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 261 insertions(+)
 create mode 100644 base/bin/config/login.defs

(limited to 'base/bin/config/login.defs')

diff --git a/base/bin/config/login.defs b/base/bin/config/login.defs
new file mode 100644
index 0000000..b929796
--- /dev/null
+++ b/base/bin/config/login.defs
@@ -0,0 +1,261 @@
+#
+# /etc/login.defs - settings for user account and group utilities.
+#
+
+#
+# Delay in seconds before being allowed another attempt after a login failure
+# Note: When PAM is used, some modules may enfore a minimal delay (e.g.
+#       pam_unix enforces a 2s delay)
+#
+# This setting affects 'su' and 'login' from util-linux.
+#
+FAIL_DELAY		3
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# This setting affects 'login' from util-linux.
+#
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable "syslog" logging of 'sg' activity.
+#
+# This setting affects 'sg' from shadow.
+#
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, ":" delimited list of "message of the day" files to
+# be displayed upon login. This is better handled by pam_motd.so so the
+# declaration here is empty to suppress display by tools which read
+# their settings from this file.
+#
+# This setting affects 'login' from util-linux.
+#
+MOTD_FILE
+#MOTD_FILE	/etc/motd:/usr/lib/news/news-motd
+
+#
+# *REQUIRED*
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define both, MAIL_DIR takes precedence.
+#
+# This setting affects 'useradd', 'userdel' and 'usermod' from shadow.
+#
+MAIL_DIR	/var/spool/mail
+#MAIL_FILE	.mail
+#QMAIL_DIR	Maildir
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+# This setting affects 'login' from util-linux.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+#
+# These settings affects 'login', 'su' and 'runuser' from util-linux.
+#
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/sbin:/usr/sbin:/bin:/usr/bin
+ENV_PATH	PATH=/usr/local/bin:/bin:/usr/bin
+#ENV_ROOTPATH	PATH=/usr/local/sbin:/usr/local/bin:/sbin:/usr/sbin:/bin:/usr/bin
+
+#
+# If set to yes and --login and --preserve-environment were not specified
+# su initializes PATH.
+#
+# This setting affects 'su' and 'runuser' from util-linux.
+#
+#ALWAYS_SET_PATH no
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# These settings affects 'login' from util-linux.
+#
+TTYGROUP	tty
+TTYPERM		0620
+
+#
+# This is the umask used to set the mode of new user directories.
+#
+# 022 is the default value, but 027, or even 077, could be considered
+# better for privacy. There is no One True Answer here: each sysadmin
+# must make up her mind.
+#
+# This setting affects 'newusers' and 'useradd' from shadow.
+#
+UMASK		022
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_MIN_LEN	Minimum acceptable password length.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+# These settings affects 'chpasswd', 'newusers', 'pwck', 'pwconv', 'pwunconv',
+# 'useradd' and 'usermod' from shadow.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+#
+# This setting affects 'passwd' from shadow.
+#
+PASS_MIN_LEN	5
+
+#
+# Min/max values for automatic uid selection in useradd from shadow
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+SYS_UID_MIN		  101
+SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd for shadow
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+SYS_GID_MIN		  101
+SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad
+#
+# This setting affects 'login' from util-linux.
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+# This setting affects 'login' from util-linux.
+#
+LOGIN_TIMEOUT		60
+
+#
+# Maximum number of attempts to change password if rejected (too easy)
+#
+# This setting affects 'passwd' from shadow.
+#
+PASS_CHANGE_TRIES	5
+
+#
+# Warn about weak passwords (but still allow them) if you are root.
+#
+# This setting affects 'passwd' from shadow.
+#
+PASS_ALWAYS_WARN	yes
+
+#
+# Number of significant characters in the password for crypt().
+# Default is 8, don't change unless your crypt() is better.
+# Ignored if MD5_CRYPT_ENAB set to "yes".
+#
+# This setting affects 'passwd' from shadow.
+#
+#PASS_MAX_LEN		8
+
+#
+# Only works if compiled with ENCRYPTMETHOD_SELECT defined:
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: If you use PAM, it is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+# This setting affects 'passwd' from shadow.
+#
+ENCRYPT_METHOD SHA512
+
+#
+# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# This setting affects 'passwd' from shadow.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default in no.
+#
+# This setting affects 'login' from util-linux.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+# This setting affects 'userdel' from shadow.
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# Enable setting of the umask group bits to be the same as owner bits
+# (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is
+# the same as gid, and username is the same as the primary group name.
+#
+# This also enables userdel to remove user groups if no members exist.
+#
+# This setting affects 'useradd' and 'userdel' from shadow.
+#
+USERGROUPS_ENAB yes
+
+#
+# If set to a non-nul number, the shadow utilities will make sure that
+# groups never have more than this number of users on one line.
+# This permit to support split groups (groups split into multiple lines,
+# with the same group ID, to avoid limitation of the line length in the
+# group file).
+#
+# 0 is the default value and disables this feature.
+#
+#MAX_MEMBERS_PER_GROUP	0
+
+#
+# If useradd should create home directories for users by default (non
+# system users only)
+# This option is overridden with the -M or -m flags on the useradd command
+# line.
+#
+# This setting affects 'useradd' from shadow.
+#
+#CREATE_HOME     yes
-- 
cgit v1.2.3-70-g09d2