No ubuntu user, disallow root login, root shell on tty1
Conflicts:
ubuntu-14.04/scripts/base.sh
ubuntu-14.04/template.json
diff --git a/ubuntu-14.04/configs/cloud/cloud.cfg b/ubuntu-14.04/configs/cloud/cloud.cfg
index 3de7043..929840e 100644
--- a/ubuntu-14.04/configs/cloud/cloud.cfg
+++ b/ubuntu-14.04/configs/cloud/cloud.cfg
@@ -1,9 +1,6 @@
-users:
- - default
-
# If this is set, 'root' will not be able to ssh in and they
# will get a message to login instead as the above $user (ubuntu)
-disable_root: true
+disable_root: false
# This will cause the set+update hostname module to not operate (if true)
preserve_hostname: false
diff --git a/ubuntu-14.04/configs/cloud/cloud.cfg.d/99_tcp.cfg b/ubuntu-14.04/configs/cloud/cloud.cfg.d/99_tcp.cfg
index ce94590..e4f11d1 100644
--- a/ubuntu-14.04/configs/cloud/cloud.cfg.d/99_tcp.cfg
+++ b/ubuntu-14.04/configs/cloud/cloud.cfg.d/99_tcp.cfg
@@ -6,14 +6,6 @@
system_info:
# This will affect which distro class gets used
distro: ubuntu
- # Default user name + that default users groups (if added/used)
- default_user:
- name: ubuntu
- lock_passwd: True
- gecos: Ubuntu
- groups: [adm, audio, cdrom, dialout, dip, floppy, netdev, plugdev, sudo, video]
- sudo: ["ALL=(ALL) NOPASSWD:ALL"]
- shell: /bin/bash
# Other config here will be given to the distro class and/or path classes
paths:
cloud_dir: /var/lib/cloud/
diff --git a/ubuntu-14.04/http/preseed-lvm.cfg b/ubuntu-14.04/http/preseed-lvm.cfg
index 0bb68ec..4690b8e 100644
--- a/ubuntu-14.04/http/preseed-lvm.cfg
+++ b/ubuntu-14.04/http/preseed-lvm.cfg
@@ -60,7 +60,12 @@
d-i pkgsel/upgrade select none
d-i time/zone string UTC
+d-i passwd/root-login boolean true
+d-i passwd/make-user boolean false
+d-i openssh-server/permit-root-login boolean true
d-i user-setup/allow-password-weak boolean true
d-i user-setup/encrypt-home boolean false
tasksel tasksel/first multiselect minimal, ssh-server, openssh-server
+d-i preseed/late_command string \
+ in-target sed -i 's/PermitRootLogin.*/PermitRootLogin yes/g' /etc/ssh/sshd_config
diff --git a/ubuntu-14.04/http/preseed.cfg b/ubuntu-14.04/http/preseed.cfg
index 8ffddd9..d2b6f92 100644
--- a/ubuntu-14.04/http/preseed.cfg
+++ b/ubuntu-14.04/http/preseed.cfg
@@ -13,6 +13,7 @@
d-i netcfg/get_domain string unassigned-domain
d-i netcfg/get_hostname string unassigned-hostname
+d-i partman-auto/disk string /dev/sda /dev/vda
d-i partman-auto/method string regular
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
@@ -22,14 +23,14 @@
d-i partman-auto/choose_recipe select boot-root
d-i partman-auto/expert_recipe string \
- boot-root:: \
+ boot-root :: \
512 512 -1 ext4 \
$primary{ } $bootable{ } \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ / } \
options/noatime{ noatime } \
- . \
+ . \
d-i pkgsel/include string openssh-server
d-i pkgsel/install-language-support boolean false
@@ -39,6 +40,12 @@
d-i pkgsel/upgrade select none
d-i time/zone string UTC
+d-i passwd/root-login boolean true
+d-i passwd/make-user boolean false
+d-i openssh-server/permit-root-login boolean true
d-i user-setup/allow-password-weak boolean true
d-i user-setup/encrypt-home boolean false
tasksel tasksel/first multiselect minimal, ssh-server, openssh-server
+
+d-i preseed/late_command string \
+ in-target sed -i 's/PermitRootLogin.*/PermitRootLogin yes/g' /etc/ssh/sshd_config
diff --git a/ubuntu-14.04/scripts/base.sh b/ubuntu-14.04/scripts/base.sh
index c1a7a06..841954f 100644
--- a/ubuntu-14.04/scripts/base.sh
+++ b/ubuntu-14.04/scripts/base.sh
@@ -5,8 +5,8 @@
apt-get update
# Cleanup old kernels, ensure latest is installed via virtual package
+apt-get purge -y linux-image-* linux-headers-*
if [ ! -f /tmp/no_install_kernel ]; then
- apt-get purge -y linux-image-* linux-headers-*
apt-get install -y linux-generic-lts-utopic
# Update grub cmdline
diff --git a/ubuntu-14.04/scripts/cleanup.sh b/ubuntu-14.04/scripts/cleanup.sh
index ae0b269..9793e9b 100644
--- a/ubuntu-14.04/scripts/cleanup.sh
+++ b/ubuntu-14.04/scripts/cleanup.sh
@@ -1,4 +1,4 @@
-apt-get -y autoremove
+apt-get -y autoremove --purge
apt-get -y clean
echo "cleaning up guest additions"
diff --git a/ubuntu-14.04/scripts/security.sh b/ubuntu-14.04/scripts/security.sh
new file mode 100644
index 0000000..7dd89b6
--- /dev/null
+++ b/ubuntu-14.04/scripts/security.sh
@@ -0,0 +1,9 @@
+# Auto login root on tty1
+sed -i 's|/sbin/getty|/sbin/getty --autologin root|g' /etc/init/tty1.conf
+
+# Disable password root login
+usermod -p '!' root
+
+# Disable SSH password authentication and permit root login
+sed -i 's|[#]*PasswordAuthentication yes|PasswordAuthentication no|g' /etc/ssh/sshd_config
+sed -i 's|[#]*PermitRootLogin no|PermitRootLogin yes|g' /etc/ssh/sshd_config
diff --git a/ubuntu-14.04/template.json b/ubuntu-14.04/template.json
index d7ac736..f8fdac3 100644
--- a/ubuntu-14.04/template.json
+++ b/ubuntu-14.04/template.json
@@ -1,7 +1,7 @@
{
"variables": {
- "user": "{{ env `BUILD_USER` }}",
- "password": "{{ env `BUILD_PASSWORD` }}",
+ "user": "root",
+ "password": "ho5uo7Uome5d",
"do_api_token": "{{ env `DO_API_TOKEN` }}",
"distro": "ubuntu-14-04-x64",
"disk_size": "8000"
@@ -18,6 +18,7 @@
"scripts/salt.sh",
"scripts/vagrant.sh",
"scripts/virtualbox.sh",
+ "scripts/security.sh",
"scripts/cleanup.sh",
"scripts/zerodisk.sh"
]
@@ -27,6 +28,7 @@
"scripts/base.sh",
"scripts/salt.sh",
"scripts/vmware.sh",
+ "scripts/security.sh",
"scripts/cleanup.sh",
"scripts/zerodisk.sh"
]
@@ -35,6 +37,7 @@
"scripts": [
"scripts/base.sh",
"scripts/salt.sh",
+ "scripts/security.sh",
"scripts/cleanup.sh",
"scripts/zerodisk.sh"
]
@@ -51,6 +54,7 @@
"scripts": [
"scripts/base.sh",
"scripts/salt.sh",
+ "scripts/security.sh",
"scripts/cleanup.sh"
]
}
@@ -114,10 +118,8 @@
" kbd-chooser/method=us<wait>",
" keyboard-configuration/layout=USA<wait>",
" keyboard-configuration/variant=USA<wait>",
- " passwd/user-fullname={{user `user`}} ",
- " passwd/user-password-again={{user `password`}} ",
- " passwd/user-password={{user `password`}} ",
- " passwd/username={{user `user`}} ",
+ " passwd/root-password={{user `password`}} ",
+ " passwd/root-password-again={{user `password`}} ",
" locale=en_US<wait>",
" netcfg/get_hostname=ubuntu-1404<wait>",
" netcfg/get_domain=cloudlab.cz<wait>",
@@ -162,10 +164,8 @@
" kbd-chooser/method=us<wait>",
" keyboard-configuration/layout=USA<wait>",
" keyboard-configuration/variant=USA<wait>",
- " passwd/user-fullname={{user `user`}} ",
- " passwd/user-password-again={{user `password`}} ",
- " passwd/user-password={{user `password`}} ",
- " passwd/username={{user `user`}} ",
+ " passwd/root-password={{user `password`}} ",
+ " passwd/root-password-again={{user `password`}} ",
" locale=en_US<wait>",
" netcfg/get_hostname=ubuntu-1404<wait>",
" netcfg/get_domain=changeme<wait>",
@@ -228,10 +228,8 @@
" kbd-chooser/method=us<wait>",
" keyboard-configuration/layout=USA<wait>",
" keyboard-configuration/variant=USA<wait>",
- " passwd/user-fullname={{user `user`}} ",
- " passwd/user-password-again={{user `password`}} ",
- " passwd/user-password={{user `password`}} ",
- " passwd/username={{user `user`}} ",
+ " passwd/root-password={{user `password`}} ",
+ " passwd/root-password-again={{user `password`}} ",
" locale=en_US<wait>",
" netcfg/get_hostname=ubuntu-1404<wait>",
" netcfg/get_domain=changeme<wait>",
@@ -245,7 +243,7 @@
"type": "docker",
"image": "ubuntu:14.04",
"commit": true
- },
+ },
{
"type": "digitalocean",
"api_token": "{{user `do_api_token`}}",