diff options
Diffstat (limited to 'strata/core/linux-pam.morph')
-rw-r--r-- | strata/core/linux-pam.morph | 125 |
1 files changed, 125 insertions, 0 deletions
diff --git a/strata/core/linux-pam.morph b/strata/core/linux-pam.morph new file mode 100644 index 00000000..6c4959b0 --- /dev/null +++ b/strata/core/linux-pam.morph @@ -0,0 +1,125 @@ +name: linux-pam +kind: chunk +build-system: autotools +pre-configure-commands: +- autoreconf -ivf +configure-commands: +- ./configure --prefix=/usr --libdir=/lib +post-install-commands: +- | + install -D -m 0644 /proc/self/fd/0 "$DESTDIR"/etc/pam.d/system-account <<'EOF' + #%PAM-1.0 + # Empty passwords are allowed + account required pam_unix.so + EOF +- | + install -D -m 0644 /proc/self/fd/0 "$DESTDIR"/etc/pam.d/system-auth <<'EOF' + #%PAM-1.0 + # Empty passwords are allowed + auth required pam_unix.so nullok + EOF +- | + install -D -m 0644 /proc/self/fd/0 "$DESTDIR"/etc/pam.d/system-passwd <<'EOF' + #%PAM-1.0 + password required pam_unix.so sha512 shadow try_first_pass + EOF +- | + install -D -m 0644 /proc/self/fd/0 "$DESTDIR"/etc/pam.d/system-session <<'EOF' + #%PAM-1.0 + session required pam_unix.so + session optional pam_systemd.so + EOF +- | + install -D -m 0644 /proc/self/fd/0 "$DESTDIR"/etc/pam.d/login <<'EOF' + #%PAM-1.0 + # Set failure delay before next prompt to 3 seconds + auth optional pam_faildelay.so delay=3000000 + + # Check to make sure that the user is allowed to login + auth requisite pam_nologin.so + + # Check to make sure that root is allowed to login + # Disabled by default. You will need to create /etc/securetty + # file for this module to function. See man 5 securetty. + #auth required pam_securetty.so + + # Additional group memberships - disabled by default + #auth optional pam_group.so + + # include the default auth settings + auth include system-auth + + # check access for the user + account required pam_access.so + + # include the default account settings + account include system-account + + # Set default environment variables for the user + session required pam_env.so + + # Set resource limits for the user + session required pam_limits.so + + # Display date of last login - Disabled by default + #session optional pam_lastlog.so + + # Display the message of the day - Disabled by default + #session optional pam_motd.so + + # Check user's mail - Disabled by default + #session optional pam_mail.so standard quiet + + # include the default session and password settings + session include system-session + password include system-passwd + EOF +- | + install -D -m 0644 /proc/self/fd/0 "$DESTDIR"/etc/pam.d/passwd <<'EOF' + #%PAM-1.0 + password include system-passwd + EOF +- | + install -D -m 0644 /proc/self/fd/0 "$DESTDIR"/etc/pam.d/su <<'EOF' + #%PAM-1.0 + # always allow root + auth sufficient pam_rootok.so + auth include system-auth + + # include the default account settings + account include system-account + + # Set default environment variables for the service user + session required pam_env.so + + # include system session defaults + session include system-session + EOF +- | + install -D -m 0644 /proc/self/fd/0 "$DESTDIR"/etc/pam.d/chage <<'EOF' + #%PAM-1.0 + # always allow root + auth sufficient pam_rootok.so + + # include system defaults for auth account and session + auth include system-auth + account include system-account + session include system-session + + # Always permit for authentication updates + password required pam_permit.so + EOF +- | + for PROGRAM in chfn chgpasswd chpasswd chsh groupadd groupdel groupmems \ + groupmod newusers useradd userdel usermod + do + install -m 0644 "$DESTDIR/etc/pam.d/chage" "$DESTDIR/etc/pam.d/${PROGRAM}" + done +- | + install -D -m 0644 /proc/self/fd/0 <<'EOF' "$DESTDIR"/etc/pam.d/other + #%PAM-1.0 + auth include system-auth + account include system-account + password include system-passwd + session include system-session + EOF |