Hibbian
/
Raspi-image-spec
1
0
Fork 0
Code Issues 3 Pull Requests Packages Projects Releases Wiki Activity

Build the images with an empty root password, disallowing remote root logins

This commit is contained in:
Gunnar Wolf 2019-07-18 22:20:28 -03:00
parent 0931b306ff
commit 478a8253cf
3 changed files with 6 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
raspi0w.yaml
View File

@ -89,19 +89,13 @@ steps:
- shell: | - shell: |
echo "rpi-z" > "${ROOT?}/etc/hostname" echo "rpi-z" > "${ROOT?}/etc/hostname"
# '..VyaTFxP8kT6' is crypt.crypt('raspberry', '..') # Allow root logins with no password
sed -i 's,root:[^:]*,root:..VyaTFxP8kT6,' "${ROOT?}/etc/shadow" sed -i 's,root:[^:]*:,root::' "${ROOT?}/etc/shadow"
sed -i 's,#PermitRootLogin prohibit-password,PermitRootLogin yes,g' "${ROOT?}/etc/ssh/sshd_config"
install -m 644 -o root -g root fstab "${ROOT?}/etc/fstab" install -m 644 -o root -g root fstab "${ROOT?}/etc/fstab"
install -m 644 -o root -g root eth0 "${ROOT?}/etc/network/interfaces.d/eth0" install -m 644 -o root -g root eth0 "${ROOT?}/etc/network/interfaces.d/eth0"
mkdir -p "${ROOT?}/etc/iptables"
install -m 644 -o root -g root rules.v4 "${ROOT?}/etc/iptables/rules.v4"
install -m 644 -o root -g root rules.v6 "${ROOT?}/etc/iptables/rules.v6"
install -m 755 -o root -g root rpi-resizerootfs "${ROOT?}/usr/sbin/rpi-resizerootfs" install -m 755 -o root -g root rpi-resizerootfs "${ROOT?}/usr/sbin/rpi-resizerootfs"
install -m 644 -o root -g root rpi-resizerootfs.service "${ROOT?}/etc/systemd/system" install -m 644 -o root -g root rpi-resizerootfs.service "${ROOT?}/etc/systemd/system"
mkdir -p "${ROOT?}/etc/systemd/system/systemd-remount-fs.service.requires/" mkdir -p "${ROOT?}/etc/systemd/system/systemd-remount-fs.service.requires/"

10
raspi2.yaml
View File

@ -87,19 +87,13 @@ steps:
- shell: | - shell: |
echo "rpi2" > "${ROOT?}/etc/hostname" echo "rpi2" > "${ROOT?}/etc/hostname"
# '..VyaTFxP8kT6' is crypt.crypt('raspberry', '..') # Allow root logins with no password
sed -i 's,root:[^:]*,root:..VyaTFxP8kT6,' "${ROOT?}/etc/shadow" sed -i 's,root:[^:]*:,root::' "${ROOT?}/etc/shadow"
sed -i 's,#PermitRootLogin prohibit-password,PermitRootLogin yes,g' "${ROOT?}/etc/ssh/sshd_config"
install -m 644 -o root -g root fstab "${ROOT?}/etc/fstab" install -m 644 -o root -g root fstab "${ROOT?}/etc/fstab"
install -m 644 -o root -g root eth0 "${ROOT?}/etc/network/interfaces.d/eth0" install -m 644 -o root -g root eth0 "${ROOT?}/etc/network/interfaces.d/eth0"
mkdir -p "${ROOT?}/etc/iptables"
install -m 644 -o root -g root rules.v4 "${ROOT?}/etc/iptables/rules.v4"
install -m 644 -o root -g root rules.v6 "${ROOT?}/etc/iptables/rules.v6"
install -m 755 -o root -g root rpi-resizerootfs "${ROOT?}/usr/sbin/rpi3-resizerootfs" install -m 755 -o root -g root rpi-resizerootfs "${ROOT?}/usr/sbin/rpi3-resizerootfs"
install -m 644 -o root -g root rpi-resizerootfs.service "${ROOT?}/etc/systemd/system" install -m 644 -o root -g root rpi-resizerootfs.service "${ROOT?}/etc/systemd/system"
mkdir -p "${ROOT?}/etc/systemd/system/systemd-remount-fs.service.requires/" mkdir -p "${ROOT?}/etc/systemd/system/systemd-remount-fs.service.requires/"

10
raspi3.yaml
View File

@ -89,19 +89,13 @@ steps:
- shell: | - shell: |
echo "rpi" > "${ROOT?}/etc/hostname" echo "rpi" > "${ROOT?}/etc/hostname"
# '..VyaTFxP8kT6' is crypt.crypt('raspberry', '..') # Allow root logins with no password
sed -i 's,root:[^:]*,root:..VyaTFxP8kT6,' "${ROOT?}/etc/shadow" sed -i 's,root:[^:]*:,root::,' "${ROOT?}/etc/shadow"
sed -i 's,#PermitRootLogin prohibit-password,PermitRootLogin yes,g' "${ROOT?}/etc/ssh/sshd_config"
install -m 644 -o root -g root fstab "${ROOT?}/etc/fstab" install -m 644 -o root -g root fstab "${ROOT?}/etc/fstab"
install -m 644 -o root -g root eth0 "${ROOT?}/etc/network/interfaces.d/eth0" install -m 644 -o root -g root eth0 "${ROOT?}/etc/network/interfaces.d/eth0"
mkdir -p "${ROOT?}/etc/iptables"
install -m 644 -o root -g root rules.v4 "${ROOT?}/etc/iptables/rules.v4"
install -m 644 -o root -g root rules.v6 "${ROOT?}/etc/iptables/rules.v6"
install -m 755 -o root -g root rpi-resizerootfs "${ROOT?}/usr/sbin/rpi3-resizerootfs" install -m 755 -o root -g root rpi-resizerootfs "${ROOT?}/usr/sbin/rpi3-resizerootfs"
install -m 644 -o root -g root rpi-resizerootfs.service "${ROOT?}/etc/systemd/system" install -m 644 -o root -g root rpi-resizerootfs.service "${ROOT?}/etc/systemd/system"
mkdir -p "${ROOT?}/etc/systemd/system/systemd-remount-fs.service.requires/" mkdir -p "${ROOT?}/etc/systemd/system/systemd-remount-fs.service.requires/"