diff options
Diffstat (limited to 'debian')
| -rw-r--r-- | debian/control | 6 | ||||
| -rwxr-xr-x | debian/vyos-1x-smoketest.postinst | 10 | ||||
| -rw-r--r-- | debian/vyos-1x.postinst | 11 | ||||
| -rw-r--r-- | debian/vyos-1x.preinst | 1 |
4 files changed, 27 insertions, 1 deletions
diff --git a/debian/control b/debian/control index 1f2151284..66ac3c6f7 100644 --- a/debian/control +++ b/debian/control @@ -9,6 +9,7 @@ Build-Depends: gcc-multilib [amd64], clang [amd64], llvm [amd64], + libbpf-dev [amd64], libelf-dev (>= 0.2) [amd64], libpcap-dev [amd64], build-essential, @@ -24,6 +25,7 @@ Build-Depends: python3-setuptools, python3-sphinx, python3-xmltodict, + python3-pyhumps, quilt, whois Standards-Version: 3.9.6 @@ -76,6 +78,7 @@ Depends: lcdproc, lcdproc-extra-drivers, libatomic1, + libbpf0 [amd64], libcharon-extra-plugins (>=5.9), libcharon-extauth-plugins (>=5.9), libndp-tools, @@ -129,6 +132,7 @@ Depends: python3-netifaces, python3-paramiko, python3-psutil, + python3-pyhumps, python3-pystache, python3-pyudev, python3-six, @@ -152,6 +156,7 @@ Depends: ssl-cert, strongswan (>= 5.9), strongswan-swanctl (>= 5.9), + stunnel4, sudo, systemd, telegraf (>= 1.20), @@ -191,6 +196,7 @@ Description: VyOS configuration scripts and data for VMware Package: vyos-1x-smoketest Architecture: all Depends: + skopeo, snmp, vyos-1x Description: VyOS build sanity checking toolkit diff --git a/debian/vyos-1x-smoketest.postinst b/debian/vyos-1x-smoketest.postinst new file mode 100755 index 000000000..18612804c --- /dev/null +++ b/debian/vyos-1x-smoketest.postinst @@ -0,0 +1,10 @@ +#!/bin/sh -e + +BUSYBOX_TAG="docker.io/library/busybox:stable" +OUTPUT_PATH="/usr/share/vyos/busybox-stable.tar" + +if [[ -f $OUTPUT_PATH ]]; then + rm -f $OUTPUT_PATH +fi + +skopeo copy --additional-tag "$BUSYBOX_TAG" "docker://$BUSYBOX_TAG" "docker-archive:/$OUTPUT_PATH" diff --git a/debian/vyos-1x.postinst b/debian/vyos-1x.postinst index 6879b6e4f..d5f5cbbc7 100644 --- a/debian/vyos-1x.postinst +++ b/debian/vyos-1x.postinst @@ -21,6 +21,14 @@ if ! grep -q '^openvpn' /etc/passwd; then adduser --quiet --firstuid 100 --system --group --shell /usr/sbin/nologin openvpn fi +# Enable 2FA/MFA support for SSH and local logins +for file in /etc/pam.d/sshd /etc/pam.d/login +do + PAM_CONFIG="auth required pam_google_authenticator.so nullok" + grep -qF -- "${PAM_CONFIG}" $file || \ + sed -i "/^@include common-auth/a # Check 2FA/MFA authentication token if enabled (per user)\n${PAM_CONFIG}" $file +done + # Add RADIUS operator user for RADIUS authenticated users to map to if ! grep -q '^radius_user' /etc/passwd; then adduser --quiet --firstuid 1000 --disabled-login --ingroup vyattaop \ @@ -95,7 +103,8 @@ DELETE="/etc/logrotate.d/conntrackd.distrib /etc/init.d/conntrackd /etc/default/ /etc/default/pmacctd /etc/pmacct /etc/networks_list /etc/networks_whitelist /etc/fastnetmon.conf /etc/ntp.conf /etc/default/ssh - /etc/powerdns /etc/default/pdns-recursor" + /etc/powerdns /etc/default/pdns-recursor + /etc/ppp/ip-up.d/0000usepeerdns /etc/ppp/ip-down.d/0000usepeerdns" for tmp in $DELETE; do if [ -e ${tmp} ]; then rm -rf ${tmp} diff --git a/debian/vyos-1x.preinst b/debian/vyos-1x.preinst index 71750b3a1..213a23d9e 100644 --- a/debian/vyos-1x.preinst +++ b/debian/vyos-1x.preinst @@ -2,3 +2,4 @@ dpkg-divert --package vyos-1x --add --rename /etc/securetty dpkg-divert --package vyos-1x --add --rename /etc/security/capability.conf dpkg-divert --package vyos-1x --add --rename /lib/systemd/system/lcdproc.service dpkg-divert --package vyos-1x --add --rename /etc/logrotate.d/conntrackd +dpkg-divert --package vyos-1x --add --rename /usr/share/pam-configs/radius |