path: root/bootstrap.d/30-security.sh



#
# Setup users and security settings
#

# Load utility functions
. ./functions.sh

# Generate crypt(3) password string
ENCRYPTED_PASSWORD=`mkpasswd -m sha-512 "${PASSWORD}"`

# Setup default user
if [ "$ENABLE_USER" = true ] ; then
  chroot_exec adduser --gecos pi --add_extra_groups --disabled-password pi
  chroot_exec usermod -a -G sudo -p "${ENCRYPTED_PASSWORD}" pi
fi

# Setup root password or not
if [ "$ENABLE_ROOT" = true ] ; then
  chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root

  if [ "$ENABLE_ROOT_SSH" = true ] ; then
    sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" "${ETCDIR}/ssh/sshd_config"
  fi
else
  # Set no root password to disable root login
  chroot_exec usermod -p \'!\' root
fi

# Enable serial console systemd style
if [ "$ENABLE_CONSOLE" = true ] ; then
  chroot_exec systemctl enable serial-getty\@ttyAMA0.service
fi
#
# Setup users and security settings
#

# Load utility functions
. ./functions.sh

# Generate crypt(3) password string
ENCRYPTED_PASSWORD=`mkpasswd -m sha-512 "${PASSWORD}"`

# Setup default user
if [ "$ENABLE_USER" = true ] ; then
  chroot_exec adduser --gecos pi --add_extra_groups --disabled-password pi
  chroot_exec usermod -a -G sudo -p "${ENCRYPTED_PASSWORD}" pi
fi

# Setup root password or not
if [ "$ENABLE_ROOT" = true ] ; then
  chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root

  if [ "$ENABLE_ROOT_SSH" = true ] ; then
    sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" "${ETCDIR}/ssh/sshd_config"
  fi
else
  # Set no root password to disable root login
  chroot_exec usermod -p \'!\' root
fi

# Enable serial console systemd style
if [ "$ENABLE_CONSOLE" = true ] ; then
  chroot_exec systemctl enable serial-getty\@ttyAMA0.service
fi