Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-10-01 08:25:45 -04:00
Code Issues Packages Projects Releases Wiki Activity

refactoring

Browse Source
This commit is contained in:
Patrick Schleizer 2019-12-10 03:51:39 -05:00
parent d2f6ac0491
commit 7d8001ddc9
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48
1 changed files with 23 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
debian/security-misc.preinst vendored
View File

@ -15,27 +15,29 @@ true "
#####################################################################
"
## /usr/lib/security-misc/hide-hardware-info
addgroup --system sysfs
addgroup --system cpuinfo
user_groups_modifications() {
## /usr/lib/security-misc/hide-hardware-info
addgroup --system sysfs
addgroup --system cpuinfo
## group 'sudo' membership required to use 'su'
## /usr/share/pam-configs/wheel-security-misc
addgroup root sudo
## group 'sudo' membership required to use 'su'
## /usr/share/pam-configs/wheel-security-misc
addgroup root sudo
## Related to Console Lockdown.
## /usr/share/pam-configs/console-lockdown-security-misc
## /etc/security/access-security-misc.conf
addgroup --system console
addgroup --system console-unrestricted
addgroup --system ssh
## This has no effect since by default this package also ships and an
## /etc/securetty configuration file that contains nothing but comments, i.e.
## an "empty" /etc/securetty.
## In case a system administrator edits /etc/securetty, there is no need to
## block for this to be still blocked by console lockdown. See also:
## https://www.whonix.org/wiki/Root#Root_Login
addgroup root console
## Related to Console Lockdown.
## /usr/share/pam-configs/console-lockdown-security-misc
## /etc/security/access-security-misc.conf
addgroup --system console
addgroup --system console-unrestricted
addgroup --system ssh
## This has no effect since by default this package also ships and an
## /etc/securetty configuration file that contains nothing but comments, i.e.
## an "empty" /etc/securetty.
## In case a system administrator edits /etc/securetty, there is no need to
## block for this to be still blocked by console lockdown. See also:
## https://www.whonix.org/wiki/Root#Root_Login
addgroup root console
}
sudo_users_check () {
if command -v "qubesdb-read" &>/dev/null; then
@ -162,6 +164,8 @@ ssh_users_check() {
fi
}
user_groups_modifications
if [ "$1" = "install" ] || [ "$1" = "upgrade" ]; then
sudo_users_check
console_users_check