No ubuntu user, disallow root login, root shell on tty1
diff --git a/ubuntu-14.04/configs/cloud/cloud.cfg.d/99_tcp.cfg b/ubuntu-14.04/configs/cloud/cloud.cfg.d/99_tcp.cfg
index bfaa1fe..b2dd586 100644
--- a/ubuntu-14.04/configs/cloud/cloud.cfg.d/99_tcp.cfg
+++ b/ubuntu-14.04/configs/cloud/cloud.cfg.d/99_tcp.cfg
@@ -6,14 +6,6 @@
system_info:
# This will affect which distro class gets used
distro: ubuntu
- # Default user name + that default users groups (if added/used)
- default_user:
- name: ubuntu
- lock_passwd: True
- gecos: Ubuntu
- groups: [adm, audio, cdrom, dialout, dip, floppy, netdev, plugdev, sudo, video]
- sudo: ["ALL=(ALL) NOPASSWD:ALL"]
- shell: /bin/bash
# Other config here will be given to the distro class and/or path classes
paths:
cloud_dir: /var/lib/cloud/
diff --git a/ubuntu-14.04/http/preseed-lvm.cfg b/ubuntu-14.04/http/preseed-lvm.cfg
index 528a577..c382581 100644
--- a/ubuntu-14.04/http/preseed-lvm.cfg
+++ b/ubuntu-14.04/http/preseed-lvm.cfg
@@ -60,6 +60,9 @@
d-i pkgsel/upgrade select none
d-i time/zone string UTC
+d-i passwd/root-login boolean true
+d-i passwd/make-user boolean false
+d-i openssh-server/permit-root-login boolean true
d-i user-setup/allow-password-weak boolean true
d-i user-setup/encrypt-home boolean false
tasksel tasksel/first multiselect minimal, ssh-server, openssh-server
diff --git a/ubuntu-14.04/http/preseed.cfg b/ubuntu-14.04/http/preseed.cfg
index adb5924..20d37d7 100644
--- a/ubuntu-14.04/http/preseed.cfg
+++ b/ubuntu-14.04/http/preseed.cfg
@@ -26,6 +26,9 @@
d-i pkgsel/upgrade select none
d-i time/zone string UTC
+d-i passwd/root-login boolean true
+d-i passwd/make-user boolean false
+d-i openssh-server/permit-root-login boolean true
d-i user-setup/allow-password-weak boolean true
d-i user-setup/encrypt-home boolean false
tasksel tasksel/first multiselect minimal, ssh-server, openssh-server
diff --git a/ubuntu-14.04/scripts/base.sh b/ubuntu-14.04/scripts/base.sh
index 43e6360..73af61c 100644
--- a/ubuntu-14.04/scripts/base.sh
+++ b/ubuntu-14.04/scripts/base.sh
@@ -17,7 +17,7 @@
apt-get purge -y linux-image-* linux-headers-*
apt-get install -y linux-generic-lts-utopic
-apt-get autoremove --purge
+apt-get -y autoremove --purge
# Setup cloud-init
apt-get -y install cloud-init
diff --git a/ubuntu-14.04/scripts/cleanup.sh b/ubuntu-14.04/scripts/cleanup.sh
index ae0b269..9793e9b 100644
--- a/ubuntu-14.04/scripts/cleanup.sh
+++ b/ubuntu-14.04/scripts/cleanup.sh
@@ -1,4 +1,4 @@
-apt-get -y autoremove
+apt-get -y autoremove --purge
apt-get -y clean
echo "cleaning up guest additions"
diff --git a/ubuntu-14.04/scripts/security.sh b/ubuntu-14.04/scripts/security.sh
new file mode 100644
index 0000000..7dd89b6
--- /dev/null
+++ b/ubuntu-14.04/scripts/security.sh
@@ -0,0 +1,9 @@
+# Auto login root on tty1
+sed -i 's|/sbin/getty|/sbin/getty --autologin root|g' /etc/init/tty1.conf
+
+# Disable password root login
+usermod -p '!' root
+
+# Disable SSH password authentication and permit root login
+sed -i 's|[#]*PasswordAuthentication yes|PasswordAuthentication no|g' /etc/ssh/sshd_config
+sed -i 's|[#]*PermitRootLogin no|PermitRootLogin yes|g' /etc/ssh/sshd_config
diff --git a/ubuntu-14.04/template.json b/ubuntu-14.04/template.json
index 2f0dccb..4a19baf 100644
--- a/ubuntu-14.04/template.json
+++ b/ubuntu-14.04/template.json
@@ -1,7 +1,7 @@
{
"variables": {
- "user": "{{ env `BUILD_USER` }}",
- "password": "{{ env `BUILD_PASSWORD` }}",
+ "user": "root",
+ "password": "ho5uo7Uome5d",
"do_api_token": "{{ env `DO_API_TOKEN` }}",
"distro": "ubuntu-14-04-x64",
"disk_size": "8000"
@@ -18,6 +18,7 @@
"scripts/salt.sh",
"scripts/vagrant.sh",
"scripts/virtualbox.sh",
+ "scripts/security.sh",
"scripts/cleanup.sh",
"scripts/zerodisk.sh"
]
@@ -27,6 +28,7 @@
"scripts/base.sh",
"scripts/salt.sh",
"scripts/vmware.sh",
+ "scripts/security.sh",
"scripts/cleanup.sh",
"scripts/zerodisk.sh"
]
@@ -35,6 +37,7 @@
"scripts": [
"scripts/base.sh",
"scripts/salt.sh",
+ "scripts/security.sh",
"scripts/cleanup.sh",
"scripts/zerodisk.sh"
]
@@ -43,6 +46,7 @@
"scripts": [
"scripts/base.sh",
"scripts/salt.sh",
+ "scripts/security.sh",
"scripts/cleanup.sh"
]
}
@@ -92,10 +96,8 @@
" kbd-chooser/method=us<wait>",
" keyboard-configuration/layout=USA<wait>",
" keyboard-configuration/variant=USA<wait>",
- " passwd/user-fullname={{user `user`}} ",
- " passwd/user-password-again={{user `password`}} ",
- " passwd/user-password={{user `password`}} ",
- " passwd/username={{user `user`}} ",
+ " passwd/root-password={{user `password`}} ",
+ " passwd/root-password-again={{user `password`}} ",
" locale=en_US<wait>",
" netcfg/get_hostname=ubuntu-1404<wait>",
" netcfg/get_domain=cloudlab.cz<wait>",
@@ -140,10 +142,8 @@
" kbd-chooser/method=us<wait>",
" keyboard-configuration/layout=USA<wait>",
" keyboard-configuration/variant=USA<wait>",
- " passwd/user-fullname={{user `user`}} ",
- " passwd/user-password-again={{user `password`}} ",
- " passwd/user-password={{user `password`}} ",
- " passwd/username={{user `user`}} ",
+ " passwd/root-password={{user `password`}} ",
+ " passwd/root-password-again={{user `password`}} ",
" locale=en_US<wait>",
" netcfg/get_hostname=ubuntu-1404<wait>",
" netcfg/get_domain=changeme<wait>",
@@ -206,10 +206,8 @@
" kbd-chooser/method=us<wait>",
" keyboard-configuration/layout=USA<wait>",
" keyboard-configuration/variant=USA<wait>",
- " passwd/user-fullname={{user `user`}} ",
- " passwd/user-password-again={{user `password`}} ",
- " passwd/user-password={{user `password`}} ",
- " passwd/username={{user `user`}} ",
+ " passwd/root-password={{user `password`}} ",
+ " passwd/root-password-again={{user `password`}} ",
" locale=en_US<wait>",
" netcfg/get_hostname=ubuntu-1404<wait>",
" netcfg/get_domain=changeme<wait>",
@@ -219,7 +217,7 @@
"<enter><wait>"
]
},
- {
+ {
"type": "digitalocean",
"api_token": "{{user `do_api_token`}}",
"image": "{{user `distro`}}",