summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2023-06-21 22:50:45 +0200
committerChristian Breunig <christian@breunig.cc>2023-06-21 22:50:45 +0200
commit407074ee8e51ee47dfddb91d630c54521777f34f (patch)
treeec09820e8f90d4127daf3d9af884d393759d6586
parent0c1f4c358298498468e162bb847edb3467642ce4 (diff)
downloadvyatta-cfg-407074ee8e51ee47dfddb91d630c54521777f34f.tar.gz
vyatta-cfg-407074ee8e51ee47dfddb91d630c54521777f34f.zip
tacacs: T141: cleanup configuration files on system boot
-rwxr-xr-xscripts/init/vyos-router15
1 files changed, 8 insertions, 7 deletions
diff --git a/scripts/init/vyos-router b/scripts/init/vyos-router
index ec68db2..7b752b8 100755
--- a/scripts/init/vyos-router
+++ b/scripts/init/vyos-router
@@ -208,11 +208,11 @@ cleanup_post_commit_hooks () {
# system defaults.
security_reset ()
{
- # restore PAM back to virgin state (no radius other services)
+ # restore PAM back to virgin state (no radius/tacacs services)
+ pam-auth-update --package --remove radius
rm -f /etc/pam_radius_auth.conf
- if grep -q radius /etc/pam.d/common-auth; then
- pam-auth-update --package --remove radius
- fi
+ pam-auth-update --package --remove tacplus
+ rm -f /etc/tacplus_nss.conf /etc/tacplus_servers
# Certain configuration files are re-generated by the configuration
# subsystem and must reside under /etc and can not easily be moved to /run.
@@ -278,6 +278,9 @@ gen_duid ()
start ()
{
+ # reset and clean config files
+ security_reset || log_failure_msg "security reset failed"
+
# some legacy directories migrated over from old rl-system.init
mkdir -p /var/run/vyatta /var/log/vyatta
chgrp vyattacfg /var/run/vyatta /var/log/vyatta
@@ -308,9 +311,6 @@ start ()
[ ! -d ${cni_dir} ] && mkdir -p ${cni_dir}
mount -t tmpfs none ${cni_dir}
- # reset and clean config files
- security_reset || log_failure_msg "security reset failed"
-
# Init firewall
nfct helper add rpc inet tcp
nfct helper add rpc inet udp
@@ -324,6 +324,7 @@ start ()
# As VyOS does not execute commands that are not present in the CLI we call
# the script by hand to have a single source for the login banner and MOTD
${vyos_conf_scripts_dir}/system_console.py || log_failure_msg "could not reset serial console"
+ ${vyos_conf_scripts_dir}/system-login.py || log_failure_msg "could not reset system login"
${vyos_conf_scripts_dir}/system-login-banner.py || log_failure_msg "could not reset motd and issue files"
${vyos_conf_scripts_dir}/system-option.py || log_failure_msg "could not reset system option files"
${vyos_conf_scripts_dir}/conntrack.py || log_failure_msg "could not reset conntrack subsystem"