diff options
| -rwxr-xr-x | scripts/install-system | 36 | ||||
| -rwxr-xr-x | scripts/standalone_root_pw_reset | 25 | ||||
| -rwxr-xr-x | scripts/vyatta-grub-setup | 6 |
3 files changed, 25 insertions, 42 deletions
diff --git a/scripts/install-system b/scripts/install-system index e4464ede..2ac202f2 100755 --- a/scripts/install-system +++ b/scripts/install-system @@ -47,7 +47,7 @@ rootfsdir=/mnt/rootfs # install log file name INSTALL_LOG="install.log" # root partition minimum size in MB -ROOT_MIN="450" +ROOT_MIN=500 # the base install drive e.g. sda if [ -n "$INSTALL_DRIVE" ]; then INSTALL_DRIVE="" @@ -70,9 +70,6 @@ PARTITION='' # Process ID of this script for the lame marketing spinner SPID=$$ -# Path to standalone root password reset script -PWRESET=/opt/vyatta/sbin/standalone_root_pw_reset - # Grub options GRUB_OPTIONS="quiet" @@ -80,20 +77,6 @@ GRUB_OPTIONS="quiet" VTY_CONSOLE="console=ttyS0,9600 console=tty0" SERIAL_CONSOLE="console=tty0 console=ttyS0,9600" -# If VGA_LOGO is set, enable use of the VGA monitor for displaying the -# logo during boot. The "vga=" boot command specifies a VGA mode that -# is encoded as shown below. We pick a value that is likely to work -# on most systems: -# -# Color depth | 640x480 | 800x600 | 1024x768 | 1280x1024 -# -----------------+---------+---------+----------+---------- -# 256 (8bit) | 769 771 773 775 -# 32000 (15bit) | 784 787 790 793 -# 65000 (16bit) | 785 788 791 794 -# 16.7 Mill.(24bit)| 786 789 792 795 -# -VGA_LOGO="vga=788" - # trap signals so we can kill runaway progress indicators trap 'progress_indicator stop; exit 1' 1 trap 'progress_indicator stop; exit 1' 2 @@ -881,17 +864,6 @@ change_password() { set_encrypted_password $user $epwd $rootfsdir$ofrconfdir/config.boot } -system_setup () { - echo -n "Would you like to set the passwords for system users (Yes/No) [Yes]: " - local response=$(get_response "Yes" "Yes No Y N") - - if [ "$response" == "yes" ] || [ "$response" == "y" ]; then - change_password root - change_password vyatta - fi -} - - # setup grub on the boot sector of a user queried drive install_grub () { # we now use INSTALL_DRIVE to reference the grub boot drive. @@ -1307,7 +1279,11 @@ copy_config "$CONFIG_PARTITION" # Modify config to match system # Assume user wants to keep password from old config if [ ! -d /mnt/config ]; then - system_setup + # Disable root login + set_encrypted_password root "*" $rootfsdir$ofrconfdir/config.boot + + echo "Enter password for administrator account" + change_password vyatta fi # check for xen part images in /var/xen diff --git a/scripts/standalone_root_pw_reset b/scripts/standalone_root_pw_reset index d089b50d..0750746d 100755 --- a/scripts/standalone_root_pw_reset +++ b/scripts/standalone_root_pw_reset @@ -14,7 +14,7 @@ # All Rights Reserved. # # Author: Bob Gilligan <gilligan@vyatta.com> -# Description: Standalone script to set the root passwd to new value +# Description: Standalone script to set the admin passwd to new value # value. Note: This script can ONLY be run as a standalone # init program by grub. # @@ -23,6 +23,8 @@ # The Vyatta config file: CF=/opt/vyatta/etc/config/config.boot +# Admin user name +ADMIN=vyatta set_encrypted_password() { sed -i \ -e "/ user $1 {/,/}/s/encrypted-password.*\$/encrypted-password \"$2\"/" $3 @@ -65,18 +67,18 @@ fi # OK, now we know we are running in standalone mode. Talk to the # user. # -read -p "Do you wish to change the root password? " response +echo "Do you wish to reset the admin password?" +read response response=${response:0:1} - if [ "$response" != "y" -a "$response" != "Y" ]; then - echo "OK, the root password will not be changed." + echo "OK, the admin password will not be reset." echo -n "Rebooting in 5 seconds..." sleep 5 echo /sbin/reboot -f fi -echo "Starting process to change the root password..." +echo "Starting process to reset the admin password..." echo "Re-mounting root filesystem read/write..." mount -o remount,rw / @@ -88,14 +90,19 @@ then mount /opt/vyatta/etc/config/ fi +if ! grep -q " user $ADMIN " $CF +then + echo "Administrator account $ADMIN missing..." + exit 1 +fi + echo "Saving backup copy of config.boot..." cp $CF ${CF}.before_pwrecovery -echo -change_password root +echo "Setting the administrator ($ADMIN) password..." +change_password $ADMIN -echo "Root password changed" -echo $(date "+%b%e %T") $(hostname) "Root password changed" \ +echo $(date "+%b%e %T") $(hostname) "Admin password changed" \ | tee -a /var/log/auth.log >>/var/log/messages sync diff --git a/scripts/vyatta-grub-setup b/scripts/vyatta-grub-setup index c37bf7a8..b3369ce4 100755 --- a/scripts/vyatta-grub-setup +++ b/scripts/vyatta-grub-setup @@ -69,7 +69,7 @@ serial_console="console=tty0 console=ttyS0,9600" # 65000 (16bit) | 785 788 791 794 # 16.7 Mill.(24bit)| 786 789 792 795 # -vga_logo="vga=785" +#vga_logo="vga=785" # get list of kernels, except Xen kernel_versions=$(ls $ROOTFSDIR/boot/vmlinuz-* 2> /dev/null | grep -v xen | awk -F/ '{ print $5 }' | sed 's/vmlinuz//g' | sort -r) @@ -228,13 +228,13 @@ fi # options for both serial and KVM console. echo - echo -e "menuentry \"Root password reset to factory (KVM console)\" {" + echo -e "menuentry \"Lost password change (KVM console)\" {" echo -e "\tlinux /boot/vmlinuz $GRUB_OPTIONS $vga_logo $vty_console init=$pass_reset" echo -e "\tinitrd /boot/initrd.img" echo -e "}" echo - echo -e "menuentry \"Root password reset to factory (Serial console)\" {" + echo -e "menuentry \"Lost password change (Serial console)\" {" echo -e "\tlinux /boot/vmlinuz $GRUB_OPTIONS $serial_console init=$pass_reset" echo -e "\tinitrd /boot/initrd.img" echo -e "}" |