diff options
-rw-r--r-- | debian/vyos-1x-vmware.preinst | 1 | ||||
-rw-r--r-- | debian/vyos-1x.install | 2 | ||||
-rw-r--r-- | debian/vyos-1x.preinst | 3 | ||||
-rw-r--r-- | src/etc/securetty | 83 | ||||
-rw-r--r-- | src/etc/security/capability.conf | 10 | ||||
-rw-r--r-- | src/etc/vmware-tools/tools.conf | 2 |
6 files changed, 101 insertions, 0 deletions
diff --git a/debian/vyos-1x-vmware.preinst b/debian/vyos-1x-vmware.preinst new file mode 100644 index 000000000..2e612522c --- /dev/null +++ b/debian/vyos-1x-vmware.preinst @@ -0,0 +1 @@ +dpkg-divert --package vyos-1x-vmware --add --rename /etc/vmware-tools/tools.conf diff --git a/debian/vyos-1x.install b/debian/vyos-1x.install index 07827650b..2ed25755f 100644 --- a/debian/vyos-1x.install +++ b/debian/vyos-1x.install @@ -4,6 +4,8 @@ etc/ipsec.d etc/netplug etc/opennhrp etc/rsyslog.d +etc/securetty +etc/security etc/sudoers.d etc/systemd etc/sysctl.d diff --git a/debian/vyos-1x.preinst b/debian/vyos-1x.preinst index 009fd22a2..45440bf64 100644 --- a/debian/vyos-1x.preinst +++ b/debian/vyos-1x.preinst @@ -1 +1,4 @@ +dpkg-divert --package vyos-1x --add --rename /etc/securetty +dpkg-divert --package vyos-1x --add --rename /etc/security/capability.conf dpkg-divert --package vyos-1x --add --rename /lib/systemd/system/lcdproc.service + diff --git a/src/etc/securetty b/src/etc/securetty new file mode 100644 index 000000000..17d8610a0 --- /dev/null +++ b/src/etc/securetty @@ -0,0 +1,83 @@ +# /etc/securetty: list of terminals on which root is allowed to login. +# See securetty(5) and login(1). +console + +# Standard serial ports +ttyS0 +ttyS1 + +# USB dongles +ttyUSB0 +ttyUSB1 +ttyUSB2 + +# Standard hypervisor virtual console +hvc0 + +# Oldstyle Xen console +xvc0 + +# Standard consoles +tty1 +tty2 +tty3 +tty4 +tty5 +tty6 +tty7 +tty8 +tty9 +tty10 +tty11 +tty12 +tty13 +tty14 +tty15 +tty16 +tty17 +tty18 +tty19 +tty20 +tty21 +tty22 +tty23 +tty24 +tty25 +tty26 +tty27 +tty28 +tty29 +tty30 +tty31 +tty32 +tty33 +tty34 +tty35 +tty36 +tty37 +tty38 +tty39 +tty40 +tty41 +tty42 +tty43 +tty44 +tty45 +tty46 +tty47 +tty48 +tty49 +tty50 +tty51 +tty52 +tty53 +tty54 +tty55 +tty56 +tty57 +tty58 +tty59 +tty60 +tty61 +tty62 +tty63 diff --git a/src/etc/security/capability.conf b/src/etc/security/capability.conf new file mode 100644 index 000000000..0a7235f16 --- /dev/null +++ b/src/etc/security/capability.conf @@ -0,0 +1,10 @@ +# this is a capability file (used in conjunction with the pam_cap.so module) + +# Special capability for Vyatta admin +all %vyattacfg + +# Vyatta Operator +cap_net_admin,cap_sys_boot,cap_audit_write %vyattaop + +## 'everyone else' gets no inheritable capabilities +none * diff --git a/src/etc/vmware-tools/tools.conf b/src/etc/vmware-tools/tools.conf new file mode 100644 index 000000000..da98a4f85 --- /dev/null +++ b/src/etc/vmware-tools/tools.conf @@ -0,0 +1,2 @@ +[guestinfo] + poll-interval=30 |