diff options
Diffstat (limited to 'debian/vyos-1x.postinst')
| -rw-r--r-- | debian/vyos-1x.postinst | 20 |
1 files changed, 18 insertions, 2 deletions
diff --git a/debian/vyos-1x.postinst b/debian/vyos-1x.postinst index dc8ada267..9dd06d5e2 100644 --- a/debian/vyos-1x.postinst +++ b/debian/vyos-1x.postinst @@ -21,6 +21,11 @@ if ! grep -q '^openvpn' /etc/passwd; then adduser --quiet --firstuid 100 --system --group --shell /usr/sbin/nologin openvpn fi +# node_exporter should get its own user +if ! grep -q '^node_exporter' /etc/passwd; then + adduser --quiet --firstuid 100 --system --group --shell /bin/false node_exporter +fi + # We need to have a group for RADIUS service users to use it inside PAM rules if ! grep -q '^radius' /etc/group; then addgroup --firstgid 1000 --quiet radius @@ -45,6 +50,10 @@ if [[ -e /usr/share/pam-configs/tacplus ]]; then rm /usr/share/pam-configs/tacplus fi +# Disable pam_nologin.so behavior for regular users +sed -i '/^auth[[:space:]]\+requisite[[:space:]]\+pam_nologin\.so$/s/^/#/' /etc/pam.d/login +sed -i '/^account[[:space:]]\+required[[:space:]]\+pam_nologin\.so$/s/^/#/' /etc/pam.d/sshd + # Add TACACS system users required for TACACS based system authentication if ! grep -q '^tacacs' /etc/passwd; then # Add the tacacs group and all 16 possible tacacs privilege-level users to @@ -216,11 +225,9 @@ fi # Remove unwanted daemon files from /etc # conntackd # pmacct -# fastnetmon # ntp DELETE="/etc/logrotate.d/conntrackd.distrib /etc/init.d/conntrackd /etc/default/conntrackd /etc/default/pmacctd /etc/pmacct - /etc/networks_list /etc/networks_whitelist /etc/fastnetmon.conf /etc/ntp.conf /etc/default/ssh /etc/avahi/avahi-daemon.conf /etc/avahi/hosts /etc/powerdns /etc/default/pdns-recursor /etc/ppp/ip-up.d/0000usepeerdns /etc/ppp/ip-down.d/0000usepeerdns" @@ -262,3 +269,12 @@ fi # T4287 - as we have a non-signed kernel use the upstream wireless reulatory database update-alternatives --set regulatory.db /lib/firmware/regulatory.db-upstream + +# Restart vyos-configd to apply changes in Python scripts/templates +if systemctl is-active --quiet vyos-configd; then + systemctl restart vyos-configd +fi +# Restart vyos-domain-resolver if running +if systemctl is-active --quiet vyos-domain-resolver; then + systemctl restart vyos-domain-resolver +fi |