summaryrefslogtreecommitdiff
path: root/scripts
diff options
context:
space:
mode:
authorStephen Hemminger <stephen.hemminger@vyatta.com>2010-01-24 22:15:27 -0800
committerStephen Hemminger <stephen.hemminger@vyatta.com>2010-01-24 22:24:13 -0800
commitec515b52b681cd96bf51626bf899e3177bdbe3f3 (patch)
tree0cc4a8ce494aa1c697f7042c637edf986f1a3622 /scripts
parent8fc0c2869f77782d344bf0cddf5a2e3d5657761b (diff)
downloadvyatta-cfg-system-ec515b52b681cd96bf51626bf899e3177bdbe3f3.tar.gz
vyatta-cfg-system-ec515b52b681cd96bf51626bf899e3177bdbe3f3.zip
Fix allow-root for telnet/ssh
Bug 5252 The boot script needs to restore default settings, and the templates are then used to enable root access.
Diffstat (limited to 'scripts')
-rwxr-xr-xscripts/rl-system.init22
1 files changed, 16 insertions, 6 deletions
diff --git a/scripts/rl-system.init b/scripts/rl-system.init
index 09d4509e..960674d8 100755
--- a/scripts/rl-system.init
+++ b/scripts/rl-system.init
@@ -165,11 +165,21 @@ setup_ntp_config_file () {
fi
}
-# restore PAM back to virgin state (no radius other services)
-pam_reset () {
- if grep -q radius /etc/pam.d/common-auth
- then pam-auth-update --remove radius
- fi
+
+# These are all the default security setting which are later
+# overridden when configuration is read. These are the values the
+# system defaults.
+security_reset () {
+ # restore PAM back to virgin state (no radius other services)
+ if grep -q radius /etc/pam.d/common-auth
+ then pam-auth-update --remove radius
+ fi
+
+ # Disable root login with ssh
+ sed -i -e '/^PermitRootLogin/s/yes/no/' /etc/ssh/sshd_config
+
+ # Disable root login over telnet
+ sed -i -e '/^# Pseudo-terminal (telnet)/,$d' /etc/securetty
}
start () {
@@ -183,7 +193,7 @@ start () {
log_failure_msg "can\'t add serial interfaces"
set_ipv6_params
- pam_reset
+ security_reset
update_version_info