diff options
Diffstat (limited to 'debian/vyos-1x.postinst')
| -rw-r--r-- | debian/vyos-1x.postinst | 25 |
1 files changed, 21 insertions, 4 deletions
diff --git a/debian/vyos-1x.postinst b/debian/vyos-1x.postinst index 1ca6687a3..d5f5cbbc7 100644 --- a/debian/vyos-1x.postinst +++ b/debian/vyos-1x.postinst @@ -13,6 +13,7 @@ if ! grep -q '^minion' /etc/passwd; then adduser --quiet minion dip adduser --quiet minion disk adduser --quiet minion users + adduser --quiet minion frr fi # OpenVPN should get its own user @@ -20,6 +21,14 @@ if ! grep -q '^openvpn' /etc/passwd; then adduser --quiet --firstuid 100 --system --group --shell /usr/sbin/nologin openvpn fi +# Enable 2FA/MFA support for SSH and local logins +for file in /etc/pam.d/sshd /etc/pam.d/login +do + PAM_CONFIG="auth required pam_google_authenticator.so nullok" + grep -qF -- "${PAM_CONFIG}" $file || \ + sed -i "/^@include common-auth/a # Check 2FA/MFA authentication token if enabled (per user)\n${PAM_CONFIG}" $file +done + # Add RADIUS operator user for RADIUS authenticated users to map to if ! grep -q '^radius_user' /etc/passwd; then adduser --quiet --firstuid 1000 --disabled-login --ingroup vyattaop \ @@ -45,6 +54,7 @@ if ! grep -q '^radius_priv_user' /etc/passwd; then adduser --quiet radius_priv_user dip adduser --quiet radius_priv_user disk adduser --quiet radius_priv_user users + adduser --quiet radius_priv_user frr fi # add hostsd group for vyos-hostsd @@ -86,11 +96,18 @@ fi # Remove unwanted daemon files from /etc # conntackd +# pmacct +# fastnetmon +# ntp DELETE="/etc/logrotate.d/conntrackd.distrib /etc/init.d/conntrackd /etc/default/conntrackd - /etc/default/pmacctd /etc/pmacct" -for file in $DELETE; do - if [ -f ${file} ]; then - rm -f ${file} + /etc/default/pmacctd /etc/pmacct + /etc/networks_list /etc/networks_whitelist /etc/fastnetmon.conf + /etc/ntp.conf /etc/default/ssh + /etc/powerdns /etc/default/pdns-recursor + /etc/ppp/ip-up.d/0000usepeerdns /etc/ppp/ip-down.d/0000usepeerdns" +for tmp in $DELETE; do + if [ -e ${tmp} ]; then + rm -rf ${tmp} fi done |