summaryrefslogtreecommitdiff
path: root/debian
diff options
context:
space:
mode:
Diffstat (limited to 'debian')
-rw-r--r--debian/control10
-rw-r--r--debian/vyos-1x-smoketest.install1
-rwxr-xr-xdebian/vyos-1x-smoketest.postinst10
-rw-r--r--debian/vyos-1x.install1
-rw-r--r--debian/vyos-1x.postinst25
-rw-r--r--debian/vyos-1x.preinst1
6 files changed, 42 insertions, 6 deletions
diff --git a/debian/control b/debian/control
index 6a6ccf602..7e69003ff 100644
--- a/debian/control
+++ b/debian/control
@@ -9,6 +9,7 @@ Build-Depends:
gcc-multilib [amd64],
clang [amd64],
llvm [amd64],
+ libbpf-dev [amd64],
libelf-dev (>= 0.2) [amd64],
libpcap-dev [amd64],
build-essential,
@@ -24,6 +25,7 @@ Build-Depends:
python3-setuptools,
python3-sphinx,
python3-xmltodict,
+ python3-pyhumps,
quilt,
whois
Standards-Version: 3.9.6
@@ -58,8 +60,9 @@ Depends:
frr-pythontools,
frr-rpki-rtrlib,
frr-snmp,
+ libpam-google-authenticator,
grc,
- hostapd (>= 0.6.8),
+ hostapd,
hvinfo,
igmpproxy,
ipaddrcheck,
@@ -75,6 +78,7 @@ Depends:
lcdproc,
lcdproc-extra-drivers,
libatomic1,
+ libbpf0 [amd64],
libcharon-extra-plugins (>=5.9),
libcharon-extauth-plugins (>=5.9),
libndp-tools,
@@ -128,6 +132,7 @@ Depends:
python3-netifaces,
python3-paramiko,
python3-psutil,
+ python3-pyhumps,
python3-pystache,
python3-pyudev,
python3-six,
@@ -149,8 +154,10 @@ Depends:
squidguard,
sshguard,
ssl-cert,
+ sstp-client,
strongswan (>= 5.9),
strongswan-swanctl (>= 5.9),
+ stunnel4,
sudo,
systemd,
telegraf (>= 1.20),
@@ -190,6 +197,7 @@ Description: VyOS configuration scripts and data for VMware
Package: vyos-1x-smoketest
Architecture: all
Depends:
+ skopeo,
snmp,
vyos-1x
Description: VyOS build sanity checking toolkit
diff --git a/debian/vyos-1x-smoketest.install b/debian/vyos-1x-smoketest.install
index 3739763b9..406fef4be 100644
--- a/debian/vyos-1x-smoketest.install
+++ b/debian/vyos-1x-smoketest.install
@@ -1,4 +1,5 @@
usr/bin/vyos-smoketest
usr/bin/vyos-configtest
+usr/bin/vyos-configtest-pki
usr/libexec/vyos/tests/smoke
usr/libexec/vyos/tests/config
diff --git a/debian/vyos-1x-smoketest.postinst b/debian/vyos-1x-smoketest.postinst
new file mode 100755
index 000000000..18612804c
--- /dev/null
+++ b/debian/vyos-1x-smoketest.postinst
@@ -0,0 +1,10 @@
+#!/bin/sh -e
+
+BUSYBOX_TAG="docker.io/library/busybox:stable"
+OUTPUT_PATH="/usr/share/vyos/busybox-stable.tar"
+
+if [[ -f $OUTPUT_PATH ]]; then
+ rm -f $OUTPUT_PATH
+fi
+
+skopeo copy --additional-tag "$BUSYBOX_TAG" "docker://$BUSYBOX_TAG" "docker-archive:/$OUTPUT_PATH"
diff --git a/debian/vyos-1x.install b/debian/vyos-1x.install
index 493c896eb..edd090993 100644
--- a/debian/vyos-1x.install
+++ b/debian/vyos-1x.install
@@ -1,4 +1,3 @@
-etc/cron.hourly
etc/dhcp
etc/ipsec.d
etc/logrotate.d
diff --git a/debian/vyos-1x.postinst b/debian/vyos-1x.postinst
index 1ca6687a3..d5f5cbbc7 100644
--- a/debian/vyos-1x.postinst
+++ b/debian/vyos-1x.postinst
@@ -13,6 +13,7 @@ if ! grep -q '^minion' /etc/passwd; then
adduser --quiet minion dip
adduser --quiet minion disk
adduser --quiet minion users
+ adduser --quiet minion frr
fi
# OpenVPN should get its own user
@@ -20,6 +21,14 @@ if ! grep -q '^openvpn' /etc/passwd; then
adduser --quiet --firstuid 100 --system --group --shell /usr/sbin/nologin openvpn
fi
+# Enable 2FA/MFA support for SSH and local logins
+for file in /etc/pam.d/sshd /etc/pam.d/login
+do
+ PAM_CONFIG="auth required pam_google_authenticator.so nullok"
+ grep -qF -- "${PAM_CONFIG}" $file || \
+ sed -i "/^@include common-auth/a # Check 2FA/MFA authentication token if enabled (per user)\n${PAM_CONFIG}" $file
+done
+
# Add RADIUS operator user for RADIUS authenticated users to map to
if ! grep -q '^radius_user' /etc/passwd; then
adduser --quiet --firstuid 1000 --disabled-login --ingroup vyattaop \
@@ -45,6 +54,7 @@ if ! grep -q '^radius_priv_user' /etc/passwd; then
adduser --quiet radius_priv_user dip
adduser --quiet radius_priv_user disk
adduser --quiet radius_priv_user users
+ adduser --quiet radius_priv_user frr
fi
# add hostsd group for vyos-hostsd
@@ -86,11 +96,18 @@ fi
# Remove unwanted daemon files from /etc
# conntackd
+# pmacct
+# fastnetmon
+# ntp
DELETE="/etc/logrotate.d/conntrackd.distrib /etc/init.d/conntrackd /etc/default/conntrackd
- /etc/default/pmacctd /etc/pmacct"
-for file in $DELETE; do
- if [ -f ${file} ]; then
- rm -f ${file}
+ /etc/default/pmacctd /etc/pmacct
+ /etc/networks_list /etc/networks_whitelist /etc/fastnetmon.conf
+ /etc/ntp.conf /etc/default/ssh
+ /etc/powerdns /etc/default/pdns-recursor
+ /etc/ppp/ip-up.d/0000usepeerdns /etc/ppp/ip-down.d/0000usepeerdns"
+for tmp in $DELETE; do
+ if [ -e ${tmp} ]; then
+ rm -rf ${tmp}
fi
done
diff --git a/debian/vyos-1x.preinst b/debian/vyos-1x.preinst
index 71750b3a1..213a23d9e 100644
--- a/debian/vyos-1x.preinst
+++ b/debian/vyos-1x.preinst
@@ -2,3 +2,4 @@ dpkg-divert --package vyos-1x --add --rename /etc/securetty
dpkg-divert --package vyos-1x --add --rename /etc/security/capability.conf
dpkg-divert --package vyos-1x --add --rename /lib/systemd/system/lcdproc.service
dpkg-divert --package vyos-1x --add --rename /etc/logrotate.d/conntrackd
+dpkg-divert --package vyos-1x --add --rename /usr/share/pam-configs/radius
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-18 16:03:19 +0000