feature:TSG-7183增加user, admin, support用户并对操作过程进行审计

2021-07-27 17:10:18 +08:00
parent 0735b62643
commit 4b55b24c84
2 changed files with 11 additions and 8 deletions
--- a/installer/distro-setup.sh
+++ b/installer/distro-setup.sh
@@ -2,19 +2,19 @@

 # Create default user: user,admin,support
 echo "Setting user user password as user"
-useradd -s /bin/bash -m -k /dev/null user
+useradd -s /bin/bash -m user
 echo user | passwd user --stdin
 #echo "user    ALL=(ALL)       ALL" >> /etc/sudoers
 echo user | passwd --stdin

 echo "Setting user admin password as admin"
-useradd -s /bin/bash -m -k /dev/null admin
+useradd -s /bin/bash -m admin
 echo admin | passwd admin --stdin
 echo "admin    ALL=(ALL)       ALL" >> /etc/sudoers
 echo admin | passwd --stdin

 echo "Setting user support password as support"
-useradd -s /bin/bash -m -k /dev/null support
+useradd -s /bin/bash -m support
 echo support | passwd support --stdin
 echo "support    ALL=(ALL)       ALL" >> /etc/sudoers
 echo support | passwd --stdin
@@ -49,11 +49,6 @@ rm -rf /data/overlay/rootfs_etc/rw/ld.so.conf.d

 # Setup o/s mount points
 (cat <<EOF2
-tmpfs                   /tmp                    tmpfs   defaults        0 0
-tmpfs                   /dev/shm                tmpfs   defaults        0 0
-devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
-sysfs                   /sys                    sysfs   defaults        0 0
-proc                    /proc                   proc    defaults        0 0
 ${1}               	    /                       ext4    defaults        1 1
 /dev/sda2               /mnt/onie-boot/         ext4    defaults        1 1
 /dev/sda3               /update                 ext4    defaults        1 1
--- a/tools/mk-base-image
+++ b/tools/mk-base-image
@@ -74,6 +74,14 @@ cp -rf $projectdir/rootconf/sysroot-lib/* $target/lib/
 cp -rf $projectdir/rootconf/sysroot-usr/service/* $target/usr/lib/systemd/system
 ln -vfs --relative  $target/usr/lib/systemd/system/ldconfig.service $target/usr/lib/systemd/system/sysinit.target.wants/ldconfig.service

+#tty audit using pam
+mv $target/etc/pam.d/system-auth $target/etc/pam.d/system-auth-local
+mv $target/etc/pam.d/password-auth $target/etc/pam.d/password-auth-local
+echo "session     required      pam_tty_audit.so  enable=*" >> $target/etc/pam.d/system-auth-local
+echo "session     required      pam_tty_audit.so  enable=*" >> $target/etc/pam.d/password-auth-local
+ln -vfs --relative $target/etc/pam.d/system-auth-local $target/etc/pam.d/system-auth
+ln -vfs --relative $target/etc/pam.d/password-auth-local $target/etc/pam.d/password-auth
+
 # ansible-playbook -i tsg-9140-scripts/install_config/tsg_9140_host tsg-9140-scripts/tsg_9140_deploy.yml
 yum -c "$yum_config" --installroot="$target" -y --setopt=$setopt clean all