diff options
author | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2010-01-24 22:15:27 -0800 |
---|---|---|
committer | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2010-01-24 22:24:13 -0800 |
commit | ec515b52b681cd96bf51626bf899e3177bdbe3f3 (patch) | |
tree | 0cc4a8ce494aa1c697f7042c637edf986f1a3622 /scripts | |
parent | 8fc0c2869f77782d344bf0cddf5a2e3d5657761b (diff) | |
download | vyatta-cfg-system-ec515b52b681cd96bf51626bf899e3177bdbe3f3.tar.gz vyatta-cfg-system-ec515b52b681cd96bf51626bf899e3177bdbe3f3.zip |
Fix allow-root for telnet/ssh
Bug 5252
The boot script needs to restore default settings, and the
templates are then used to enable root access.
Diffstat (limited to 'scripts')
-rwxr-xr-x | scripts/rl-system.init | 22 |
1 files changed, 16 insertions, 6 deletions
diff --git a/scripts/rl-system.init b/scripts/rl-system.init index 09d4509e..960674d8 100755 --- a/scripts/rl-system.init +++ b/scripts/rl-system.init @@ -165,11 +165,21 @@ setup_ntp_config_file () { fi } -# restore PAM back to virgin state (no radius other services) -pam_reset () { - if grep -q radius /etc/pam.d/common-auth - then pam-auth-update --remove radius - fi + +# These are all the default security setting which are later +# overridden when configuration is read. These are the values the +# system defaults. +security_reset () { + # restore PAM back to virgin state (no radius other services) + if grep -q radius /etc/pam.d/common-auth + then pam-auth-update --remove radius + fi + + # Disable root login with ssh + sed -i -e '/^PermitRootLogin/s/yes/no/' /etc/ssh/sshd_config + + # Disable root login over telnet + sed -i -e '/^# Pseudo-terminal (telnet)/,$d' /etc/securetty } start () { @@ -183,7 +193,7 @@ start () { log_failure_msg "can\'t add serial interfaces" set_ipv6_params - pam_reset + security_reset update_version_info |