From f29d3519ce073ec30f99754d93304324f7f26d65 Mon Sep 17 00:00:00 2001 From: Deposite Pirate Date: Sun, 16 Sep 2018 18:47:05 +0200 Subject: Initial commit. --- base/bin/config/Makefile | 109 ++++++++++ base/bin/config/README | 1 + base/bin/config/common.mk | 11 + base/bin/config/default/useradd | 8 + base/bin/config/login.defs | 261 ++++++++++++++++++++++++ base/bin/config/os-release | 7 + base/bin/config/pam.d/Makefile | 17 ++ base/bin/config/pam.d/chage | 6 + base/bin/config/pam.d/chfn | 6 + base/bin/config/pam.d/chgpasswd | 4 + base/bin/config/pam.d/chpasswd | 6 + base/bin/config/pam.d/chsh | 6 + base/bin/config/pam.d/groupadd | 6 + base/bin/config/pam.d/groupdel | 6 + base/bin/config/pam.d/groupmems | 4 + base/bin/config/pam.d/groupmod | 6 + base/bin/config/pam.d/login | 7 + base/bin/config/pam.d/newusers | 6 + base/bin/config/pam.d/other | 5 + base/bin/config/pam.d/passwd | 4 + base/bin/config/pam.d/shadow | 6 + base/bin/config/pam.d/su | 9 + base/bin/config/pam.d/su-l | 9 + base/bin/config/pam.d/system-auth | 17 ++ base/bin/config/pam.d/system-local-login | 6 + base/bin/config/pam.d/system-login | 19 ++ base/bin/config/pam.d/system-remote-login | 6 + base/bin/config/pam.d/system-services | 11 + base/bin/config/pam.d/useradd | 6 + base/bin/config/pam.d/userdel | 6 + base/bin/config/pam.d/usermod | 6 + base/bin/config/security/limits.d/90-nproc.conf | 6 + base/bin/config/system.pc | 8 + 33 files changed, 601 insertions(+) create mode 100644 base/bin/config/Makefile create mode 100644 base/bin/config/README create mode 100644 base/bin/config/common.mk create mode 100644 base/bin/config/default/useradd create mode 100644 base/bin/config/login.defs create mode 100644 base/bin/config/os-release create mode 100644 base/bin/config/pam.d/Makefile create mode 100644 base/bin/config/pam.d/chage create mode 100644 base/bin/config/pam.d/chfn create mode 100644 base/bin/config/pam.d/chgpasswd create mode 100644 base/bin/config/pam.d/chpasswd create mode 100644 base/bin/config/pam.d/chsh create mode 100644 base/bin/config/pam.d/groupadd create mode 100644 base/bin/config/pam.d/groupdel create mode 100644 base/bin/config/pam.d/groupmems create mode 100644 base/bin/config/pam.d/groupmod create mode 100644 base/bin/config/pam.d/login create mode 100644 base/bin/config/pam.d/newusers create mode 100644 base/bin/config/pam.d/other create mode 100644 base/bin/config/pam.d/passwd create mode 100644 base/bin/config/pam.d/shadow create mode 100644 base/bin/config/pam.d/su create mode 100644 base/bin/config/pam.d/su-l create mode 100644 base/bin/config/pam.d/system-auth create mode 100644 base/bin/config/pam.d/system-local-login create mode 100644 base/bin/config/pam.d/system-login create mode 100644 base/bin/config/pam.d/system-remote-login create mode 100644 base/bin/config/pam.d/system-services create mode 100644 base/bin/config/pam.d/useradd create mode 100644 base/bin/config/pam.d/userdel create mode 100644 base/bin/config/pam.d/usermod create mode 100644 base/bin/config/security/limits.d/90-nproc.conf create mode 100644 base/bin/config/system.pc (limited to 'base/bin/config') diff --git a/base/bin/config/Makefile b/base/bin/config/Makefile new file mode 100644 index 0000000..e070d6a --- /dev/null +++ b/base/bin/config/Makefile @@ -0,0 +1,109 @@ +include common.mk + +all: + +install-filesystem: + $(INSTALLDIR) $(DESTDIR)/boot + $(INSTALLDIR) $(DESTDIR)/dev + $(INSTALLDIR) $(DESTDIR)$(SYSCONFDIR) + $(INSTALLDIR) $(DESTDIR)/home + $(INSTALLDIR) $(DESTDIR)/mnt + $(INSTALLDIR) $(DESTDIR)/opt + $(INSTALLDIR) $(DESTDIR)/proc + $(INSTALLDIR) $(DESTDIR)/root + $(INSTALLDIR) $(DESTDIR)/run + $(INSTALLDIR) $(DESTDIR)/srv + $(INSTALLDIR) $(DESTDIR)/sys + $(INSTALLDIR) $(DESTDIR)/tmp + $(INSTALLDIR) $(DESTDIR)/usr + $(INSTALLDIR) $(DESTDIR)/usr/bin + $(INSTALLDIR) $(DESTDIR)/usr/include + $(INSTALLDIR) $(DESTDIR)/usr/lib + $(INSTALLDIR) $(DESTDIR)/usr/local + $(INSTALLDIR) $(DESTDIR)/usr/local/bin + $(INSTALLDIR) $(DESTDIR)/usr/local/etc + $(INSTALLDIR) $(DESTDIR)/usr/local/include + $(INSTALLDIR) $(DESTDIR)/usr/local/lib + $(INSTALLDIR) $(DESTDIR)/usr/local/sbin + $(INSTALLDIR) $(DESTDIR)/usr/local/share + $(INSTALLDIR) $(DESTDIR)/usr/local/share/doc + $(INSTALLDIR) $(DESTDIR)/usr/local/share/info + $(INSTALLDIR) $(DESTDIR)/usr/local/share/man + $(INSTALLDIR) $(DESTDIR)/usr/local/share/man/man1 + $(INSTALLDIR) $(DESTDIR)/usr/local/share/man/man2 + $(INSTALLDIR) $(DESTDIR)/usr/local/share/man/man3 + $(INSTALLDIR) $(DESTDIR)/usr/local/share/man/man4 + $(INSTALLDIR) $(DESTDIR)/usr/local/share/man/man5 + $(INSTALLDIR) $(DESTDIR)/usr/local/share/man/man6 + $(INSTALLDIR) $(DESTDIR)/usr/local/share/man/man7 + $(INSTALLDIR) $(DESTDIR)/usr/local/share/man/man8 + $(INSTALLDIR) $(DESTDIR)/usr/local/share/man/man9 + $(INSTALLDIR) $(DESTDIR)/usr/local/share/man/mann + $(INSTALLDIR) $(DESTDIR)/usr/local/src + $(INSTALLDIR) $(DESTDIR)/usr/sbin + $(INSTALLDIR) $(DESTDIR)$(DATAROOTDIR) + $(INSTALLDIR) $(DESTDIR)$(DATAROOTDIR)/doc + $(INSTALLDIR) $(DESTDIR)$(DATAROOTDIR)/info + $(INSTALLDIR) $(DESTDIR)$(DATAROOTDIR)/man + $(INSTALLDIR) $(DESTDIR)$(DATAROOTDIR)/man/man1 + $(INSTALLDIR) $(DESTDIR)$(DATAROOTDIR)/man/man2 + $(INSTALLDIR) $(DESTDIR)$(DATAROOTDIR)/man/man3 + $(INSTALLDIR) $(DESTDIR)$(DATAROOTDIR)/man/man4 + $(INSTALLDIR) $(DESTDIR)$(DATAROOTDIR)/man/man5 + $(INSTALLDIR) $(DESTDIR)$(DATAROOTDIR)/man/man6 + $(INSTALLDIR) $(DESTDIR)$(DATAROOTDIR)/man/man7 + $(INSTALLDIR) $(DESTDIR)$(DATAROOTDIR)/man/man8 + $(INSTALLDIR) $(DESTDIR)$(DATAROOTDIR)/man/man9 + $(INSTALLDIR) $(DESTDIR)$(DATAROOTDIR)/man/mann + $(INSTALLDIR) $(DESTDIR)/usr/src + $(INSTALLDIR) $(DESTDIR)$(LOCALSTATEDIR) + $(INSTALLDIR) $(DESTDIR)$(LOCALSTATEDIR)/empty + $(INSTALLDIR) $(DESTDIR)$(LOCALSTATEDIR)/cache + $(INSTALLDIR) $(DESTDIR)$(LOCALSTATEDIR)/cache/man + $(INSTALLDIR) $(DESTDIR)$(LOCALSTATEDIR)/cache/man/cat1 + $(INSTALLDIR) $(DESTDIR)$(LOCALSTATEDIR)/cache/man/cat2 + $(INSTALLDIR) $(DESTDIR)$(LOCALSTATEDIR)/cache/man/cat3 + $(INSTALLDIR) $(DESTDIR)$(LOCALSTATEDIR)/cache/man/cat4 + $(INSTALLDIR) $(DESTDIR)$(LOCALSTATEDIR)/cache/man/cat5 + $(INSTALLDIR) $(DESTDIR)$(LOCALSTATEDIR)/cache/man/cat6 + $(INSTALLDIR) $(DESTDIR)$(LOCALSTATEDIR)/cache/man/cat7 + $(INSTALLDIR) $(DESTDIR)$(LOCALSTATEDIR)/cache/man/cat8 + $(INSTALLDIR) $(DESTDIR)$(LOCALSTATEDIR)/cache/man/cat9 + $(INSTALLDIR) $(DESTDIR)$(LOCALSTATEDIR)/cache/man/catn + $(INSTALLDIR) $(DESTDIR)$(LOCALSTATEDIR)/crash + $(INSTALLDIR) $(DESTDIR)$(LOCALSTATEDIR)/lib + $(INSTALLDIR) $(DESTDIR)$(LOCALSTATEDIR)/log + $(INSTALLDIR) $(DESTDIR)$(LOCALSTATEDIR)/spool + $(INSTALLDIR) $(DESTDIR)$(LOCALSTATEDIR)/spool/mail + $(INSTALLDIR) $(DESTDIR)$(LOCALSTATEDIR)/tmp + $(LINK) /usr/bin $(DESTDIR)/bin + $(LINK) /usr/sbin $(DESTDIR)/sbin + $(LINK) /usr/lib $(DESTDIR)/lib + +install-osrelease: + $(INSTALLDIR) $(DESTDIR)$(SYSCONFDIR) + $(INSTALLDAT) os-release $(DESTDIR)$(SYSCONFDIR) + +install-pkgconfig: + $(INSTALLDIR) $(DESTDIR)$(PKGCONFIGDIR) + $(INSTALLDAT) system.pc $(DESTDIR)$(PKGCONFIGDIR) + +install-logindefs: + $(INSTALLDIR) $(DESTDIR)$(SYSCONFDIR) + $(INSTALLDAT) login.defs $(DESTDIR)$(SYSCONFDIR)/login.defs$(EXT) + +install-useradd: + $(INSTALLDIR) $(DESTDIR)$(SYSCONFDIR)/default + $(INSTALLDAT) default/useradd $(DESTDIR)$(SYSCONFDIR)/default/useradd$(EXT) + +install-limits-policy: + $(INSTALLDIR) $(DESTDIR)$(SYSCONFDIR)/security/limits.d + $(INSTALLDAT) security/limits.d/90-nproc.conf $(DESTDIR)$(SYSCONFDIR)/security/limits.d + +install-pam-package: install-limits-policy + $(MAKE) -C pam.d install-pam-policy-base + +install-bin-package: install-logindefs install-useradd + $(MAKE) -C pam.d install-pam-policy-util + +.PHONY: install-filesystem install-osrelease install-pkgconfig install-logindefs install-useradd install-limits-policy install-pam-package install-bin-package diff --git a/base/bin/config/README b/base/bin/config/README new file mode 100644 index 0000000..f2c454e --- /dev/null +++ b/base/bin/config/README @@ -0,0 +1 @@ +Attempt at forking Slackware because SysVinit sucks. diff --git a/base/bin/config/common.mk b/base/bin/config/common.mk new file mode 100644 index 0000000..04302c0 --- /dev/null +++ b/base/bin/config/common.mk @@ -0,0 +1,11 @@ +INSTALL = /usr/bin/install +INSTALLDIR = $(INSTALL) -m 0755 -d +INSTALLDAT = $(INSTALL) -m 0644 + +LINK = /usr/bin/ln -sf + +SYSCONFDIR = /etc +DATAROOTDIR = /usr/share +LOCALSTATEDIR = /var +PKGCONFIGDIR = $(DATAROOTDIR)/pkgconfig +PAMPOLICYDIR = $(SYSCONFDIR)/pam.d diff --git a/base/bin/config/default/useradd b/base/bin/config/default/useradd new file mode 100644 index 0000000..f3205e4 --- /dev/null +++ b/base/bin/config/default/useradd @@ -0,0 +1,8 @@ +# useradd defaults file +GROUP=100 +HOME=/home +INACTIVE=-1 +EXPIRE= +SHELL=/bin/bash +SKEL=/etc/skel +CREATE_MAIL_SPOOL=yes diff --git a/base/bin/config/login.defs b/base/bin/config/login.defs new file mode 100644 index 0000000..b929796 --- /dev/null +++ b/base/bin/config/login.defs @@ -0,0 +1,261 @@ +# +# /etc/login.defs - settings for user account and group utilities. +# + +# +# Delay in seconds before being allowed another attempt after a login failure +# Note: When PAM is used, some modules may enfore a minimal delay (e.g. +# pam_unix enforces a 2s delay) +# +# This setting affects 'su' and 'login' from util-linux. +# +FAIL_DELAY 3 + +# +# Enable display of unknown usernames when login failures are recorded. +# +# This setting affects 'login' from util-linux. +# +LOG_UNKFAIL_ENAB no + +# +# Enable "syslog" logging of 'sg' activity. +# +# This setting affects 'sg' from shadow. +# +SYSLOG_SG_ENAB yes + +# +# If defined, ":" delimited list of "message of the day" files to +# be displayed upon login. This is better handled by pam_motd.so so the +# declaration here is empty to suppress display by tools which read +# their settings from this file. +# +# This setting affects 'login' from util-linux. +# +MOTD_FILE +#MOTD_FILE /etc/motd:/usr/lib/news/news-motd + +# +# *REQUIRED* +# Directory where mailboxes reside, _or_ name of file, relative to the +# home directory. If you _do_ define both, MAIL_DIR takes precedence. +# +# This setting affects 'useradd', 'userdel' and 'usermod' from shadow. +# +MAIL_DIR /var/spool/mail +#MAIL_FILE .mail +#QMAIL_DIR Maildir + +# +# If defined, file which inhibits all the usual chatter during the login +# sequence. If a full pathname, then hushed mode will be enabled if the +# user's name or shell are found in the file. If not a full pathname, then +# hushed mode will be enabled if the file exists in the user's home directory. +# +# This setting affects 'login' from util-linux. +# +HUSHLOGIN_FILE .hushlogin +#HUSHLOGIN_FILE /etc/hushlogins + +# +# *REQUIRED* The default PATH settings, for superuser and normal users. +# +# (they are minimal, add the rest in the shell startup files) +# +# These settings affects 'login', 'su' and 'runuser' from util-linux. +# +ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/sbin:/usr/sbin:/bin:/usr/bin +ENV_PATH PATH=/usr/local/bin:/bin:/usr/bin +#ENV_ROOTPATH PATH=/usr/local/sbin:/usr/local/bin:/sbin:/usr/sbin:/bin:/usr/bin + +# +# If set to yes and --login and --preserve-environment were not specified +# su initializes PATH. +# +# This setting affects 'su' and 'runuser' from util-linux. +# +#ALWAYS_SET_PATH no + +# +# Terminal permissions +# +# TTYGROUP Login tty will be assigned this group ownership. +# TTYPERM Login tty will be set to this permission. +# +# If you have a "write" program which is "setgid" to a special group +# which owns the terminals, define TTYGROUP to the group number and +# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign +# TTYPERM to either 622 or 600. +# +# These settings affects 'login' from util-linux. +# +TTYGROUP tty +TTYPERM 0620 + +# +# This is the umask used to set the mode of new user directories. +# +# 022 is the default value, but 027, or even 077, could be considered +# better for privacy. There is no One True Answer here: each sysadmin +# must make up her mind. +# +# This setting affects 'newusers' and 'useradd' from shadow. +# +UMASK 022 + +# +# Password aging controls: +# +# PASS_MAX_DAYS Maximum number of days a password may be used. +# PASS_MIN_DAYS Minimum number of days allowed between password changes. +# PASS_MIN_LEN Minimum acceptable password length. +# PASS_WARN_AGE Number of days warning given before a password expires. +# +# These settings affects 'chpasswd', 'newusers', 'pwck', 'pwconv', 'pwunconv', +# 'useradd' and 'usermod' from shadow. +# +PASS_MAX_DAYS 99999 +PASS_MIN_DAYS 0 +PASS_WARN_AGE 7 +# +# This setting affects 'passwd' from shadow. +# +PASS_MIN_LEN 5 + +# +# Min/max values for automatic uid selection in useradd from shadow +# +UID_MIN 1000 +UID_MAX 60000 +# System accounts +SYS_UID_MIN 101 +SYS_UID_MAX 999 + +# +# Min/max values for automatic gid selection in groupadd for shadow +# +GID_MIN 1000 +GID_MAX 60000 +# System accounts +SYS_GID_MIN 101 +SYS_GID_MAX 999 + +# +# Max number of login retries if password is bad +# +# This setting affects 'login' from util-linux. +# +LOGIN_RETRIES 5 + +# +# Max time in seconds for login +# +# This setting affects 'login' from util-linux. +# +LOGIN_TIMEOUT 60 + +# +# Maximum number of attempts to change password if rejected (too easy) +# +# This setting affects 'passwd' from shadow. +# +PASS_CHANGE_TRIES 5 + +# +# Warn about weak passwords (but still allow them) if you are root. +# +# This setting affects 'passwd' from shadow. +# +PASS_ALWAYS_WARN yes + +# +# Number of significant characters in the password for crypt(). +# Default is 8, don't change unless your crypt() is better. +# Ignored if MD5_CRYPT_ENAB set to "yes". +# +# This setting affects 'passwd' from shadow. +# +#PASS_MAX_LEN 8 + +# +# Only works if compiled with ENCRYPTMETHOD_SELECT defined: +# If set to MD5 , MD5-based algorithm will be used for encrypting password +# If set to SHA256, SHA256-based algorithm will be used for encrypting password +# If set to SHA512, SHA512-based algorithm will be used for encrypting password +# If set to DES, DES-based algorithm will be used for encrypting password (default) +# Overrides the MD5_CRYPT_ENAB option +# +# Note: If you use PAM, it is recommended to use a value consistent with +# the PAM modules configuration. +# +# This setting affects 'passwd' from shadow. +# +ENCRYPT_METHOD SHA512 + +# +# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512. +# +# Define the number of SHA rounds. +# With a lot of rounds, it is more difficult to brute forcing the password. +# But note also that it more CPU resources will be needed to authenticate +# users. +# +# If not specified, the libc will choose the default number of rounds (5000). +# The values must be inside the 1000-999999999 range. +# If only one of the MIN or MAX values is set, then this value will be used. +# If MIN > MAX, the highest value will be used. +# +# This setting affects 'passwd' from shadow. +# +# SHA_CRYPT_MIN_ROUNDS 5000 +# SHA_CRYPT_MAX_ROUNDS 5000 + +# +# Should login be allowed if we can't cd to the home directory? +# Default in no. +# +# This setting affects 'login' from util-linux. +# +DEFAULT_HOME yes + +# +# If defined, this command is run when removing a user. +# It should remove any at/cron/print jobs etc. owned by +# the user to be removed (passed as the first argument). +# +# This setting affects 'userdel' from shadow. +# +#USERDEL_CMD /usr/sbin/userdel_local + +# +# Enable setting of the umask group bits to be the same as owner bits +# (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is +# the same as gid, and username is the same as the primary group name. +# +# This also enables userdel to remove user groups if no members exist. +# +# This setting affects 'useradd' and 'userdel' from shadow. +# +USERGROUPS_ENAB yes + +# +# If set to a non-nul number, the shadow utilities will make sure that +# groups never have more than this number of users on one line. +# This permit to support split groups (groups split into multiple lines, +# with the same group ID, to avoid limitation of the line length in the +# group file). +# +# 0 is the default value and disables this feature. +# +#MAX_MEMBERS_PER_GROUP 0 + +# +# If useradd should create home directories for users by default (non +# system users only) +# This option is overridden with the -M or -m flags on the useradd command +# line. +# +# This setting affects 'useradd' from shadow. +# +#CREATE_HOME yes diff --git a/base/bin/config/os-release b/base/bin/config/os-release new file mode 100644 index 0000000..b79b454 --- /dev/null +++ b/base/bin/config/os-release @@ -0,0 +1,7 @@ +NAME="Tightware" +VERSION"1" +ID=tightware +VERSION_ID=1 +PRETTY_NAME="Tightware GNU/Linux 1.0" +ANSI_COLOR="1;32" + diff --git a/base/bin/config/pam.d/Makefile b/base/bin/config/pam.d/Makefile new file mode 100644 index 0000000..74076ab --- /dev/null +++ b/base/bin/config/pam.d/Makefile @@ -0,0 +1,17 @@ +include ../common.mk + +FILES_BASE = other system-auth system-local-login system-login system-remote-login system-services +FILES_UTIL = chage chfn chgpasswd chpasswd chsh groupadd groupdel groupmems groupmod login newusers passwd shadow su su-l useradd userdel usermod + +# $(INSTALLDAT) $(FILES_BASE) $(DESTDIR)$(PAMPOLICYDIR) + +install-pam-policy-dir: + $(INSTALLDIR) $(DESTDIR)$(PAMPOLICYDIR) + +install-pam-policy-base: install-pam-policy-dir + for file in $(FILES_BASE); do $(INSTALLDAT) $$file $(DESTDIR)$(PAMPOLICYDIR)/$$file$(EXT); done + +install-pam-policy-util: install-pam-policy-dir + for file in $(FILES_UTIL); do $(INSTALLDAT) $$file $(DESTDIR)$(PAMPOLICYDIR)/$$file$(EXT); done + +.PHONY: install-pam-policy-dir install-pam-policy-base install-pam-policy-util diff --git a/base/bin/config/pam.d/chage b/base/bin/config/pam.d/chage new file mode 100644 index 0000000..a7bf8a4 --- /dev/null +++ b/base/bin/config/pam.d/chage @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +auth required pam_unix.so +account required pam_unix.so +session required pam_unix.so +password required pam_permit.so diff --git a/base/bin/config/pam.d/chfn b/base/bin/config/pam.d/chfn new file mode 100644 index 0000000..a7bf8a4 --- /dev/null +++ b/base/bin/config/pam.d/chfn @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +auth required pam_unix.so +account required pam_unix.so +session required pam_unix.so +password required pam_permit.so diff --git a/base/bin/config/pam.d/chgpasswd b/base/bin/config/pam.d/chgpasswd new file mode 100644 index 0000000..8f49f5c --- /dev/null +++ b/base/bin/config/pam.d/chgpasswd @@ -0,0 +1,4 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +account required pam_permit.so +password include system-auth diff --git a/base/bin/config/pam.d/chpasswd b/base/bin/config/pam.d/chpasswd new file mode 100644 index 0000000..5d44798 --- /dev/null +++ b/base/bin/config/pam.d/chpasswd @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +auth required pam_unix.so +account required pam_unix.so +session required pam_unix.so +password required pam_unix.so sha512 shadow diff --git a/base/bin/config/pam.d/chsh b/base/bin/config/pam.d/chsh new file mode 100644 index 0000000..a7bf8a4 --- /dev/null +++ b/base/bin/config/pam.d/chsh @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +auth required pam_unix.so +account required pam_unix.so +session required pam_unix.so +password required pam_permit.so diff --git a/base/bin/config/pam.d/groupadd b/base/bin/config/pam.d/groupadd new file mode 100644 index 0000000..a7bf8a4 --- /dev/null +++ b/base/bin/config/pam.d/groupadd @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +auth required pam_unix.so +account required pam_unix.so +session required pam_unix.so +password required pam_permit.so diff --git a/base/bin/config/pam.d/groupdel b/base/bin/config/pam.d/groupdel new file mode 100644 index 0000000..a7bf8a4 --- /dev/null +++ b/base/bin/config/pam.d/groupdel @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +auth required pam_unix.so +account required pam_unix.so +session required pam_unix.so +password required pam_permit.so diff --git a/base/bin/config/pam.d/groupmems b/base/bin/config/pam.d/groupmems new file mode 100644 index 0000000..8f49f5c --- /dev/null +++ b/base/bin/config/pam.d/groupmems @@ -0,0 +1,4 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +account required pam_permit.so +password include system-auth diff --git a/base/bin/config/pam.d/groupmod b/base/bin/config/pam.d/groupmod new file mode 100644 index 0000000..a7bf8a4 --- /dev/null +++ b/base/bin/config/pam.d/groupmod @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +auth required pam_unix.so +account required pam_unix.so +session required pam_unix.so +password required pam_permit.so diff --git a/base/bin/config/pam.d/login b/base/bin/config/pam.d/login new file mode 100644 index 0000000..1960d94 --- /dev/null +++ b/base/bin/config/pam.d/login @@ -0,0 +1,7 @@ +#%PAM-1.0 + +auth required pam_securetty.so +auth requisite pam_nologin.so +auth include system-local-login +account include system-local-login +session include system-local-login diff --git a/base/bin/config/pam.d/newusers b/base/bin/config/pam.d/newusers new file mode 100644 index 0000000..5d44798 --- /dev/null +++ b/base/bin/config/pam.d/newusers @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +auth required pam_unix.so +account required pam_unix.so +session required pam_unix.so +password required pam_unix.so sha512 shadow diff --git a/base/bin/config/pam.d/other b/base/bin/config/pam.d/other new file mode 100644 index 0000000..08498b4 --- /dev/null +++ b/base/bin/config/pam.d/other @@ -0,0 +1,5 @@ +#%PAM-1.0 +auth required pam_unix.so +account required pam_unix.so +password required pam_unix.so +session required pam_unix.so diff --git a/base/bin/config/pam.d/passwd b/base/bin/config/pam.d/passwd new file mode 100644 index 0000000..ab56da4 --- /dev/null +++ b/base/bin/config/pam.d/passwd @@ -0,0 +1,4 @@ +#%PAM-1.0 +#password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 +#password required pam_unix.so sha512 shadow use_authtok +password required pam_unix.so sha512 shadow nullok diff --git a/base/bin/config/pam.d/shadow b/base/bin/config/pam.d/shadow new file mode 100644 index 0000000..a7bf8a4 --- /dev/null +++ b/base/bin/config/pam.d/shadow @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +auth required pam_unix.so +account required pam_unix.so +session required pam_unix.so +password required pam_permit.so diff --git a/base/bin/config/pam.d/su b/base/bin/config/pam.d/su new file mode 100644 index 0000000..cf15f40 --- /dev/null +++ b/base/bin/config/pam.d/su @@ -0,0 +1,9 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +# Uncomment the following line to implicitly trust users in the "wheel" group. +#auth sufficient pam_wheel.so trust use_uid +# Uncomment the following line to require a user to be in the "wheel" group. +#auth required pam_wheel.so use_uid +auth required pam_unix.so +account required pam_unix.so +session required pam_unix.so diff --git a/base/bin/config/pam.d/su-l b/base/bin/config/pam.d/su-l new file mode 100644 index 0000000..cf15f40 --- /dev/null +++ b/base/bin/config/pam.d/su-l @@ -0,0 +1,9 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +# Uncomment the following line to implicitly trust users in the "wheel" group. +#auth sufficient pam_wheel.so trust use_uid +# Uncomment the following line to require a user to be in the "wheel" group. +#auth required pam_wheel.so use_uid +auth required pam_unix.so +account required pam_unix.so +session required pam_unix.so diff --git a/base/bin/config/pam.d/system-auth b/base/bin/config/pam.d/system-auth new file mode 100644 index 0000000..b28a7e9 --- /dev/null +++ b/base/bin/config/pam.d/system-auth @@ -0,0 +1,17 @@ +#%PAM-1.0 + +auth required pam_env.so +auth required pam_unix.so try_first_pass nullok +auth optional pam_permit.so + +account required pam_unix.so +account optional pam_permit.so +account required pam_time.so + +password required pam_unix.so try_first_pass nullok sha512 shadow +password optional pam_permit.so + +session required pam_limits.so +session required pam_env.so +session required pam_unix.so +session optional pam_permit.so diff --git a/base/bin/config/pam.d/system-local-login b/base/bin/config/pam.d/system-local-login new file mode 100644 index 0000000..347b815 --- /dev/null +++ b/base/bin/config/pam.d/system-local-login @@ -0,0 +1,6 @@ +#%PAM-1.0 + +auth include system-login +account include system-login +password include system-login +session include system-login diff --git a/base/bin/config/pam.d/system-login b/base/bin/config/pam.d/system-login new file mode 100644 index 0000000..394419b --- /dev/null +++ b/base/bin/config/pam.d/system-login @@ -0,0 +1,19 @@ +#%PAM-1.0 + +auth required pam_tally2.so onerr=succeed file=/var/log/faillog +auth required pam_shells.so +auth requisite pam_nologin.so +auth include system-auth + +account required pam_access.so +account required pam_nologin.so +account include system-auth + +password include system-auth + +session optional pam_loginuid.so +session required pam_env.so +session include system-auth +session optional pam_motd.so motd=/etc/motd +session optional pam_mail.so dir=/var/spool/mail standard quiet +-session optional pam_systemd.so diff --git a/base/bin/config/pam.d/system-remote-login b/base/bin/config/pam.d/system-remote-login new file mode 100644 index 0000000..347b815 --- /dev/null +++ b/base/bin/config/pam.d/system-remote-login @@ -0,0 +1,6 @@ +#%PAM-1.0 + +auth include system-login +account include system-login +password include system-login +session include system-login diff --git a/base/bin/config/pam.d/system-services b/base/bin/config/pam.d/system-services new file mode 100644 index 0000000..311c0d6 --- /dev/null +++ b/base/bin/config/pam.d/system-services @@ -0,0 +1,11 @@ +#%PAM-1.0 + +auth sufficient pam_permit.so + +account include system-auth + +session optional pam_loginuid.so +session required pam_limits.so +session required pam_env.so +session required pam_unix.so +session optional pam_permit.so diff --git a/base/bin/config/pam.d/useradd b/base/bin/config/pam.d/useradd new file mode 100644 index 0000000..a7bf8a4 --- /dev/null +++ b/base/bin/config/pam.d/useradd @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +auth required pam_unix.so +account required pam_unix.so +session required pam_unix.so +password required pam_permit.so diff --git a/base/bin/config/pam.d/userdel b/base/bin/config/pam.d/userdel new file mode 100644 index 0000000..a7bf8a4 --- /dev/null +++ b/base/bin/config/pam.d/userdel @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +auth required pam_unix.so +account required pam_unix.so +session required pam_unix.so +password required pam_permit.so diff --git a/base/bin/config/pam.d/usermod b/base/bin/config/pam.d/usermod new file mode 100644 index 0000000..a7bf8a4 --- /dev/null +++ b/base/bin/config/pam.d/usermod @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +auth required pam_unix.so +account required pam_unix.so +session required pam_unix.so +password required pam_permit.so diff --git a/base/bin/config/security/limits.d/90-nproc.conf b/base/bin/config/security/limits.d/90-nproc.conf new file mode 100644 index 0000000..104dffd --- /dev/null +++ b/base/bin/config/security/limits.d/90-nproc.conf @@ -0,0 +1,6 @@ +# Default limit for number of user's processes to prevent +# accidental fork bombs. +# See rhbz #432903 for reasoning. + +* soft nproc 1024 +root soft nproc unlimited diff --git a/base/bin/config/system.pc b/base/bin/config/system.pc new file mode 100644 index 0000000..94d3272 --- /dev/null +++ b/base/bin/config/system.pc @@ -0,0 +1,8 @@ +prefix=/usr +exec_prefix=${prefix} +libdir=${exec_prefix}/lib +includedir=${prefix}/include + +Name=Tightware GNU/Linux +Description=Operating System +Version: 1.0 -- cgit v1.2.3-70-g09d2