6 files changed, 101 insertions, 0 deletions

diff --git a/debian/vyos-1x-vmware.preinst b/debian/vyos-1x-vmware.preinst
new file mode 100644
index 000000000..2e612522c
--- /dev/null
+++ b/debian/vyos-1x-vmware.preinst
@@ -0,0 +1 @@
+dpkg-divert --package vyos-1x-vmware --add --rename /etc/vmware-tools/tools.conf
diff --git a/debian/vyos-1x.install b/debian/vyos-1x.install
index 07827650b..2ed25755f 100644
--- a/debian/vyos-1x.install
+++ b/debian/vyos-1x.install
@@ -4,6 +4,8 @@ etc/ipsec.d
 etc/netplug
 etc/opennhrp
 etc/rsyslog.d
+etc/securetty
+etc/security
 etc/sudoers.d
 etc/systemd
 etc/sysctl.d
diff --git a/debian/vyos-1x.preinst b/debian/vyos-1x.preinst
index 009fd22a2..45440bf64 100644
--- a/debian/vyos-1x.preinst
+++ b/debian/vyos-1x.preinst
@@ -1 +1,4 @@
+dpkg-divert --package vyos-1x --add --rename /etc/securetty
+dpkg-divert --package vyos-1x --add --rename /etc/security/capability.conf
 dpkg-divert --package vyos-1x --add --rename /lib/systemd/system/lcdproc.service
+
diff --git a/src/etc/securetty b/src/etc/securetty
new file mode 100644
index 000000000..17d8610a0
--- /dev/null
+++ b/src/etc/securetty
@@ -0,0 +1,83 @@
+# /etc/securetty: list of terminals on which root is allowed to login.
+# See securetty(5) and login(1).
+console
+
+# Standard serial ports
+ttyS0
+ttyS1
+
+# USB dongles
+ttyUSB0
+ttyUSB1
+ttyUSB2
+
+# Standard hypervisor virtual console
+hvc0
+
+# Oldstyle Xen console
+xvc0
+
+# Standard consoles
+tty1
+tty2
+tty3
+tty4
+tty5
+tty6
+tty7
+tty8
+tty9
+tty10
+tty11
+tty12
+tty13
+tty14
+tty15
+tty16
+tty17
+tty18
+tty19
+tty20
+tty21
+tty22
+tty23
+tty24
+tty25
+tty26
+tty27
+tty28
+tty29
+tty30
+tty31
+tty32
+tty33
+tty34
+tty35
+tty36
+tty37
+tty38
+tty39
+tty40
+tty41
+tty42
+tty43
+tty44
+tty45
+tty46
+tty47
+tty48
+tty49
+tty50
+tty51
+tty52
+tty53
+tty54
+tty55
+tty56
+tty57
+tty58
+tty59
+tty60
+tty61
+tty62
+tty63
diff --git a/src/etc/security/capability.conf b/src/etc/security/capability.conf
new file mode 100644
index 000000000..0a7235f16
--- /dev/null
+++ b/src/etc/security/capability.conf
@@ -0,0 +1,10 @@
+# this is a capability file (used in conjunction with the pam_cap.so module)
+
+# Special capability for Vyatta admin
+all %vyattacfg
+
+# Vyatta Operator
+cap_net_admin,cap_sys_boot,cap_audit_write	%vyattaop
+
+## 'everyone else' gets no inheritable capabilities
+none  *
diff --git a/src/etc/vmware-tools/tools.conf b/src/etc/vmware-tools/tools.conf
new file mode 100644
index 000000000..da98a4f85
--- /dev/null
+++ b/src/etc/vmware-tools/tools.conf
@@ -0,0 +1,2 @@
+[guestinfo]
+    poll-interval=30