diff options
| author | Filip Pytloun <filip@pytloun.cz> | 2016-03-09 11:09:41 +0100 |
|---|---|---|
| committer | Filip Pytloun <filip@pytloun.cz> | 2016-03-11 09:50:51 +0100 |
| commit | ea1f8911cd69216027df5f9d727f47a1b67ef29b (patch) | |
| tree | a1f2590c4b1be985b4a276ac291e0dfc9ad78484 /bootstrap.d/30-security.sh | |
| parent | 27d947162017091ac25267c7f235c97d5c685dd2 (diff) | |
| download | rpi2-gen-image-ea1f8911cd69216027df5f9d727f47a1b67ef29b.tar.gz rpi2-gen-image-ea1f8911cd69216027df5f9d727f47a1b67ef29b.tar.bz2 rpi2-gen-image-ea1f8911cd69216027df5f9d727f47a1b67ef29b.zip | |
Refactor: split bootstrap actions and allow custom
Diffstat (limited to 'bootstrap.d/30-security.sh')
| -rw-r--r-- | bootstrap.d/30-security.sh | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/bootstrap.d/30-security.sh b/bootstrap.d/30-security.sh new file mode 100644 index 0000000..31aa782 --- /dev/null +++ b/bootstrap.d/30-security.sh @@ -0,0 +1,30 @@ +# +# Setup users and security settings +# + +. ./functions.sh + +# Generate crypt(3) password string +ENCRYPTED_PASSWORD=`mkpasswd -m sha-512 ${PASSWORD}` + +# Set up default user +if [ "$ENABLE_USER" = true ] ; then + chroot_exec adduser --gecos pi --add_extra_groups --disabled-password pi + chroot_exec usermod -a -G sudo -p "${ENCRYPTED_PASSWORD}" pi +fi + +# Set up root password or not +if [ "$ENABLE_ROOT" = true ]; then + chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root + + if [ "$ENABLE_ROOT_SSH" = true ]; then + sed -i 's|[#]*PermitRootLogin.*|PermitRootLogin yes|g' $R/etc/ssh/sshd_config + fi +else + chroot_exec usermod -p \'!\' root +fi + +# Enable serial console systemd style +if [ "$ENABLE_CONSOLE" = true ] ; then + chroot_exec systemctl enable serial-getty\@ttyAMA0.service +fi |