From 407074ee8e51ee47dfddb91d630c54521777f34f Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Wed, 21 Jun 2023 22:50:45 +0200 Subject: tacacs: T141: cleanup configuration files on system boot --- scripts/init/vyos-router | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/scripts/init/vyos-router b/scripts/init/vyos-router index ec68db2..7b752b8 100755 --- a/scripts/init/vyos-router +++ b/scripts/init/vyos-router @@ -208,11 +208,11 @@ cleanup_post_commit_hooks () { # system defaults. security_reset () { - # restore PAM back to virgin state (no radius other services) + # restore PAM back to virgin state (no radius/tacacs services) + pam-auth-update --package --remove radius rm -f /etc/pam_radius_auth.conf - if grep -q radius /etc/pam.d/common-auth; then - pam-auth-update --package --remove radius - fi + pam-auth-update --package --remove tacplus + rm -f /etc/tacplus_nss.conf /etc/tacplus_servers # Certain configuration files are re-generated by the configuration # subsystem and must reside under /etc and can not easily be moved to /run. @@ -278,6 +278,9 @@ gen_duid () start () { + # reset and clean config files + security_reset || log_failure_msg "security reset failed" + # some legacy directories migrated over from old rl-system.init mkdir -p /var/run/vyatta /var/log/vyatta chgrp vyattacfg /var/run/vyatta /var/log/vyatta @@ -308,9 +311,6 @@ start () [ ! -d ${cni_dir} ] && mkdir -p ${cni_dir} mount -t tmpfs none ${cni_dir} - # reset and clean config files - security_reset || log_failure_msg "security reset failed" - # Init firewall nfct helper add rpc inet tcp nfct helper add rpc inet udp @@ -324,6 +324,7 @@ start () # As VyOS does not execute commands that are not present in the CLI we call # the script by hand to have a single source for the login banner and MOTD ${vyos_conf_scripts_dir}/system_console.py || log_failure_msg "could not reset serial console" + ${vyos_conf_scripts_dir}/system-login.py || log_failure_msg "could not reset system login" ${vyos_conf_scripts_dir}/system-login-banner.py || log_failure_msg "could not reset motd and issue files" ${vyos_conf_scripts_dir}/system-option.py || log_failure_msg "could not reset system option files" ${vyos_conf_scripts_dir}/conntrack.py || log_failure_msg "could not reset conntrack subsystem" -- cgit v1.2.3