diff options
| -rw-r--r-- | debian/vyatta-cfg-system.postinst.in | 6 | ||||
| -rwxr-xr-x | scripts/system/vyatta_update_login.pl | 15 |
2 files changed, 12 insertions, 9 deletions
diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in index c83e687e..0f2b8907 100644 --- a/debian/vyatta-cfg-system.postinst.in +++ b/debian/vyatta-cfg-system.postinst.in @@ -60,6 +60,9 @@ Cmnd_Alias IPTABLES = /sbin/iptables --list -n,\ /sbin/iptables -t * -Z * Cmnd_Alias IP6TABLES = /sbin/ip6tables -t * -Z *, \ /sbin/ip6tables -t * -L * +Cmnd_Alias CONNTRACK = /usr/sbin/conntrack -L *, \ + /usr/sbin/conntrack -G *, \ + /usr/sbin/conntrack -E * Cmnd_Alias IPFLUSH = /sbin/ip route flush cache, \ /sbin/ip route flush cache *,\ /sbin/ip neigh flush to *, \ @@ -73,12 +76,13 @@ Cmnd_Alias ETHTOOL = /usr/sbin/ethtool -p *, \ /usr/sbin/ethtool -a *, \ /usr/sbin/ethtool -c *, \ /usr/sbin/ethtool -i * +Cmnd_Alias DISK = /sbin/lsof, /sbin/fdisk -l *, /sbin/sfdisk -d * Cmnd_Alias DATE = /bin/date, /usr/sbin/ntpdate Cmnd_Alias PPPOE_CMDS = /sbin/pppd, /sbin/poff, /usr/sbin/pppstats Cmnd_Alias PCAPTURE = /usr/bin/tshark, /usr/bin/tcpdump %operator ALL=NOPASSWD: DATE, IPTABLES, ETHTOOL, IPFLUSH, \ PPPOE_CMDS, PCAPTURE, /usr/sbin/wanpipemon, \ - /usr/bin/lsof, /usr/sbin/conntrack, IP6TABLES + DISK, CONNTRACK, IP6TABLES EOF cat <<EOF >>/etc/sudoers %users ALL=NOPASSWD: ${bindir}/sudo-users/ diff --git a/scripts/system/vyatta_update_login.pl b/scripts/system/vyatta_update_login.pl index eb7baeee..a28224f8 100755 --- a/scripts/system/vyatta_update_login.pl +++ b/scripts/system/vyatta_update_login.pl @@ -203,7 +203,7 @@ if ( scalar(@tacacs_params) > 0 ) { $accountstr = $sessionstr = $authstr; # can be multiple servers for auth and session - foreach $ip (@servers) { + foreach my $ip (@servers) { $authstr .= "server=$ip "; $sessionstr .= "server=$ip "; } @@ -231,18 +231,17 @@ my $PAM_RAD_BEGIN = '# BEGIN Vyatta Radius servers'; my $PAM_RAD_END = '# END Vyatta Radius servers'; sub is_pam_radius_present { - if ( !open( AUTH, '/etc/pam.d/common-auth' ) ) { - print STDERR "Cannot open /etc/pam.d/common-auth\n"; - exit 1; - } - my $present = 0; - while (<AUTH>) { + open( my $auth , '<' , '/etc/pam.d/common-auth' ) + or die "Cannot open /etc/pam.d/common-auth\n"; + + my $present; + while (<$auth>) { if (/\ssufficient\spam_radius_auth\.so$/) { $present = 1; last; } } - close AUTH; + close $auth; return $present; } |