Applications
/
ublinux-init
10
0
Fork 1
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

Fix and rewrite AUDITD

Browse Source
master
Dmitry Razumov 7 months ago
parent 8830f2c71e
commit 4401e2458f
Signed by: asmeron
GPG Key ID: 50BC1DB583B79706
24 changed files with 350 additions and 228 deletions
Show Stats Download Patch File Download Diff File

6
ublinux/functions
Unescape View File

@ -135,7 +135,7 @@ globalconf_convert_pass_plain_to_hash(){
[[ -n ${HASHPASSWD} ]] || HASHPASSWD=$(/usr/bin/ubconfig --raw --default get users HASHPASSWD)
[[ -n ${HASHPASSWD} && ${HASHPASSWD} != "(null)" ]] || HASHPASSWD='yescrypt'
if [[ -n ${PARAM} ]]; then
[[ ${PARAM%%=*} =~ [!\$%\&()*+,/\;\<\=\>?\^\{|\}~] ]] || eval ${PARAM%%=*}=${PARAM#*=}
[[ ${PARAM} =~ ^[[:alnum:]_]+("="|"[".*"]=") ]] && eval "${PARAM%%=*}=\${PARAM#*=}"
else
SOURCE=${SYSCONF}/users; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null
SOURCE=${SYSCONF}/.users_credential; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null
@ -1546,6 +1546,8 @@ ubconfig_exec_system(){
;;
"[${SYSCONF}/logging]"|"[logging]")
case "${NAME_VAR}" in
AUDITD) ${ROOTFS}/usr/lib/ublinux/rc.preinit.d/24-logging exec_auditd "${COMMAND_MODE_VAR}" "${NAME_VAR}=${VALUE_VAR}"
setsid ${ROOTFS}/usr/lib/ublinux/rc.preinit.d/24-logging exec_auditd_live & ;;
AUDITD\[*\]) ${ROOTFS}/usr/lib/ublinux/rc.preinit.d/24-logging exec_auditd "${COMMAND_MODE_VAR}" "${NAME_VAR}=${VALUE_VAR}"
setsid ${ROOTFS}/usr/lib/ublinux/rc.preinit.d/24-logging exec_auditd_live & ;;
JOURNALD\[*\]) ${ROOTFS}/usr/lib/ublinux/rc.preinit.d/24-logging exec_journald "${COMMAND_MODE_VAR}" "${NAME_VAR}=${VALUE_VAR}"
@ -1662,7 +1664,7 @@ ubconfig_exec_system(){
done < <(declare -F | grep "declare -f exec_")
else
while [[ $# -gt 0 ]]; do
[[ -z ${1} ]] || { declare -f ${1} &>/dev/null && FUNCTION+="; ${1}" || FUNCTION+=" '${1}'"; }
[[ -z ${1} ]] || { declare -f "${1}" &>/dev/null && FUNCTION+="; ${1}" || FUNCTION+=" '${1//\'/}'"; }
shift
done
eval ${FUNCTION#*; }

6
ublinux/rc.desktop/all/autoexec
Unescape View File

@ -12,7 +12,11 @@ SOURCE=${SYSCONF}/desktop; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null
# ARG1: AUTOEXEC[user-1,@wheel]="xbindkeys;kde:yakuake;gnome:guake;xfce:plank.desktop,xterm;lxde:guake"
exec_autoexec_set(){
local PARAM="$@"
[[ -n ${PARAM} ]] && declare -A AUTOEXEC && eval "${PARAM%%=*}='${PARAM#*=}'"
if [[ -n ${PARAM} ]]; then
local AUTOEXEC=
declare -A AUTOEXEC=()
[[ ${PARAM} =~ ^[[:alnum:]_]+("="|"[".*"]=") ]] && eval "${PARAM%%=*}=\${PARAM#*=}"
fi
[[ -n ${AUTOEXEC[@]} ]] || return
CURRENT_DE=$(detectDE)
for ITEM_UNIT in "${!AUTOEXEC[@]}"; do

2
ublinux/rc.halt.pre/20-grub
Unescape View File

@ -218,7 +218,7 @@ exec_grub_kernel_boot(){
else
FUNCTION=
while [[ $# -gt 0 ]]; do
[[ -z ${1} ]] || { declare -f ${1} &>/dev/null && FUNCTION+="; ${1}" || FUNCTION+=" '${1}'"; }
[[ -z ${1} ]] || { declare -f "${1}" &>/dev/null && FUNCTION+="; ${1}" || FUNCTION+=" '${1//\'/}'"; }
shift
done
eval ${FUNCTION#*; }

14
ublinux/rc.halt.pre/25-accounts-sync
Unescape View File

@ -99,9 +99,9 @@ exec_useradd_sync(){
[[ -n ${COMMAND} ]] || COMMAND="set="
local PARAM="$@"
if [[ -n ${PARAM} ]]; then
unset USERADD_SYNC
declare -A USERADD_SYNC
[[ ${PARAM%%=*} =~ [!\$%\&()*+,./:\;\<\=\>?\@\^\{|\}~-] ]] || eval "${PARAM%%=*}=\${PARAM#*=}"
local USERADD_SYNC=
declare -A USERADD_SYNC=()
[[ ${PARAM} =~ ^[[:alnum:]_]+("="|"[".*"]=") ]] && eval "${PARAM%%=*}=\${PARAM#*=}"
fi
while IFS= read -u3 SELECT_USERADD_SYNC; do
if [[ ${SELECT_USERADD_SYNC} == 'shutdown@all' ]]; then
@ -161,9 +161,9 @@ exec_groupadd_sync(){
[[ -n ${COMMAND} ]] || COMMAND="set="
local PARAM="$@"
if [[ -n ${PARAM} ]]; then
unset GROUPADD_SYNC
declare -A GROUPADD_SYNC
[[ ${PARAM%%=*} =~ [!\$%\&()*+,./:\;\<\=\>?\@\^\{|\}~-] ]] || eval "${PARAM%%=*}=\${PARAM#*=}"
local GROUPADD_SYNC=
declare -A GROUPADD_SYNC=()
[[ ${PARAM} =~ ^[[:alnum:]_]+("="|"[".*"]=") ]] && eval "${PARAM%%=*}=\${PARAM#*=}"
fi
# Если синхронизируем группы по шаблону, то удалим все группы из глобальной конфигурации
if [[ ${USERADD_SYNC} =~ 'shutdown' ]]; then
@ -206,7 +206,7 @@ exec_groupadd_sync(){
else
FUNCTION=
while [[ $# -gt 0 ]]; do
[[ -z ${1} ]] || { declare -f ${1} &>/dev/null && FUNCTION+="; ${1}" || FUNCTION+=" '${1}'"; }
[[ -z ${1} ]] || { declare -f "${1}" &>/dev/null && FUNCTION+="; ${1}" || FUNCTION+=" '${1//\'/}'"; }
shift
done
eval ${FUNCTION#*; }

2
ublinux/rc.local.d/20-pwgr-check
Unescape View File

@ -52,7 +52,7 @@ exec_check_user_group(){
else
FUNCTION=
while [[ $# -gt 0 ]]; do
[[ -z ${1} ]] || { declare -f ${1} &>/dev/null && FUNCTION+="; ${1}" || FUNCTION+=" '${1}'"; }
[[ -z ${1} ]] || { declare -f "${1}" &>/dev/null && FUNCTION+="; ${1}" || FUNCTION+=" '${1//\'/}'"; }
shift
done
eval ${FUNCTION#*; }

2
ublinux/rc.local.d/43-repository
Unescape View File

@ -616,7 +616,7 @@ exec_remove_duplicated_pacman(){
else
FUNCTION=
while [[ $# -gt 0 ]]; do
[[ -z ${1} ]] || { declare -f ${1} &>/dev/null && FUNCTION+="; ${1}" || FUNCTION+=" '${1}'"; }
[[ -z ${1} ]] || { declare -f "${1}" &>/dev/null && FUNCTION+="; ${1}" || FUNCTION+=" '${1//\'/}'"; }
shift
done
eval ${FUNCTION#*; }

12
ublinux/rc.local.d/98-ubpile
Unescape View File

@ -49,8 +49,8 @@ exec_01_ubpile_db(){
local PARAM="$@"
if [[ -n ${PARAM} ]]; then
local UBPILE=
declare -A UBPILE
[[ ${PARAM%%=*} =~ [!\$%\&()*+,/\;\<\=\>?\^\{|\}~] ]] || eval "${PARAM%%=*}=\${PARAM#*=}"
declare -A UBPILE=()
[[ ${PARAM} =~ ^[[:alnum:]_]+("="|"[".*"]=") ]] && eval "${PARAM%%=*}=\${PARAM#*=}"
fi
[[ -n ${UBPILE_DB[0]} ]] && case ${UBPILE_DB[0]} in
fs) FILE_STORAGE_DB_TAMPLATE=${PATH_STORAGE_DB_TAMPLATE}/storage.fs.json ;;
@ -160,8 +160,8 @@ exec_02_ubpile(){
local PARAM="$@"
if [[ -n ${PARAM} ]]; then
local UBPILE=
declare -A UBPILE
[[ ${PARAM%%=*} =~ [!\$%\&()*+,/\;\<\=\>?\^\{|\}~] ]] || eval "${PARAM%%=*}=\${PARAM#*=}"
declare -A UBPILE=()
[[ ${PARAM} =~ ^[[:alnum:]_]+("="|"[".*"]=") ]] && eval "${PARAM%%=*}=\${PARAM#*=}"
fi
if [[ ${COMMAND} == @("set="|"set+="|"set++=") ]] && [[ ${#UBPILE[@]} != 0 ]]; then
local STRING_ARG_CONF=
@ -254,7 +254,7 @@ exec_03_ubpile_reverse_proxy(){
local PARAM="$@"
if [[ -n ${PARAM} ]]; then
local UBPILE_REVERSE_PROXY=
[[ ${PARAM%%=*} =~ [!\$%\&()*+,/\;\<\=\>?\^\{|\}~] ]] || eval "${PARAM%%=*}=\${PARAM#*=}"
[[ ${PARAM} =~ ^[[:alnum:]_]+("="|"[".*"]=") ]] && eval "${PARAM%%=*}=\${PARAM#*=}"
fi
if [[ ${COMMAND} == @("set="|"set+="|"set++=") ]] && [[ -n ${UBPILE_REVERSE_PROXY} ]]; then
if [[ ${UBPILE_REVERSE_PROXY} == @(disable|no) ]]; then
@ -312,7 +312,7 @@ message_motd(){
else
FUNCTION=
while [[ $# -gt 0 ]]; do
[[ -z ${1} ]] || { declare -f ${1} &>/dev/null && FUNCTION+="; ${1}" || FUNCTION+=" '${1}'"; }
[[ -z ${1} ]] || { declare -f "${1}" &>/dev/null && FUNCTION+="; ${1}" || FUNCTION+=" '${1//\'/}'"; }
shift
done
eval ${FUNCTION#*; }

2
ublinux/rc.network.d/10-network
Unescape View File

@ -108,7 +108,7 @@ exec_network(){
else
FUNCTION=
while [[ $# -gt 0 ]]; do
[[ -z ${1} ]] || { declare -f ${1} &>/dev/null && FUNCTION+="; ${1}" || FUNCTION+=" '${1}'"; }
[[ -z ${1} ]] || { declare -f "${1}" &>/dev/null && FUNCTION+="; ${1}" || FUNCTION+=" '${1//\'/}'"; }
shift
done
eval ${FUNCTION#*; }

14
ublinux/rc.pamsession.d/01-placeondesktop
Unescape View File

@ -69,9 +69,9 @@ exec_02_place_on_desktop_init(){
[[ $(declare -p APPDESKTOP_PLACEONDESKTOP_INIT 2>/dev/null) =~ ^"declare -A" ]] || declare -gA APPDESKTOP_PLACEONDESKTOP_INIT
local PARAM="$@"
if [[ -n ${PARAM} ]]; then
local APPDESKTOP_PLACEONDESKTOP_INIT
declare -A APPDESKTOP_PLACEONDESKTOP_INIT
[[ ${PARAM%%=*} =~ [!\$%\&()*+/\<\=\>?\^\{|\}~] ]] || eval "${PARAM%%=*}=\${PARAM#*=}"
local APPDESKTOP_PLACEONDESKTOP_INIT=
declare -A APPDESKTOP_PLACEONDESKTOP_INIT=()
[[ ${PARAM} =~ ^[[:alnum:]_]+("="|"[".*"]=") ]] && eval "${PARAM%%=*}=\${PARAM#*=}"
fi
if [[ ${COMMAND} == @("set="|"set+="|"set++=") ]] && [[ ${#APPDESKTOP_PLACEONDESKTOP_INIT[@]} -ne 0 ]]; then
local ID_GROUPS= SELECT_USER_HOME=
@ -170,9 +170,9 @@ exec_03_place_on_desktop(){
[[ $(declare -p APPDESKTOP_PLACEONDESKTOP 2>/dev/null) =~ ^"declare -A" ]] || declare -gA APPDESKTOP_PLACEONDESKTOP
local PARAM="$@"
if [[ -n ${PARAM} ]]; then
local APPDESKTOP_PLACEONDESKTOP
declare -A APPDESKTOP_PLACEONDESKTOP
[[ ${PARAM%%=*} =~ [!\$%\&()*+/\<\=\>?\^\{|\}~] ]] || eval "${PARAM%%=*}=\${PARAM#*=}"
local APPDESKTOP_PLACEONDESKTOP=
declare -A APPDESKTOP_PLACEONDESKTOP=()
[[ ${PARAM} =~ ^[[:alnum:]_]+("="|"[".*"]=") ]] && eval "${PARAM%%=*}=\${PARAM#*=}"
fi
if [[ ${COMMAND} == @("set="|"set+="|"set++=") ]] && [[ ${#APPDESKTOP_PLACEONDESKTOP[@]} -ne 0 ]]; then
local ID_GROUPS= SELECT_USER_HOME=
@ -392,7 +392,7 @@ remove_desktop(){
else
FUNCTION=
while [[ $# -gt 0 ]]; do
[[ -z ${1} ]] || { declare -f ${1} &>/dev/null && FUNCTION+="; ${1}" || FUNCTION+=" '${1}'"; }
[[ -z ${1} ]] || { declare -f "${1}" &>/dev/null && FUNCTION+="; ${1}" || FUNCTION+=" '${1//\'/}'"; }
shift
done
eval ${FUNCTION#*; }

2
ublinux/rc.post.d/42-access-suid-sgid
Unescape View File

@ -53,7 +53,7 @@ exec_access_allowed_sgid(){
# declare -f ${FUNCTION} &>/dev/null && ${FUNCTION}
# done
while [[ $# -gt 0 ]]; do
[[ -z ${1} ]] || { declare -f ${1} &>/dev/null && FUNCTION+="; ${1}" || FUNCTION+=" '${1}'"; }
[[ -z ${1} ]] || { declare -f "${1}" &>/dev/null && FUNCTION+="; ${1}" || FUNCTION+=" '${1//\'/}'"; }
shift
done
eval ${FUNCTION#*; }

11
ublinux/rc.post.d/46-cgroup-quota
Unescape View File

@ -25,8 +25,12 @@ get_compat_unit(){
# ARG1: CGROUP_QUOTA[superadmin]=MemoryHigh=500M,MemorySwapMax=100M,CPUQuota=400%
exec_cgroup_quota_set(){
## Квоты на ресурсы, через cgroup2. Механизм systemd или напрямую cgroup
PARAM="$@"
[[ -n $@ ]] && declare -A CGROUP_QUOTA && eval "${PARAM%%=*}='${PARAM#*=}'"
local PARAM="$@"
if [[ -n ${PARAM} ]]; then
local CGROUP_QUOTA=
declare -A CGROUP_QUOTA=()
[[ ${PARAM} =~ ^[[:alnum:]_]+("="|"[".*"]=") ]] && eval "${PARAM%%=*}=\${PARAM#*=}"
fi
if [[ -n ${CGROUP_QUOTA[@]} ]]; then
for ITEM_UNIT in "${!CGROUP_QUOTA[@]}"; do
get_compat_unit
@ -44,7 +48,7 @@ exec_cgroup_quota_set(){
# ARG1: CGROUP_QUOTA[superadmin]=
exec_cgroup_quota_remove(){
## Очистить квоты на ресурсы, через cgroup2. Механизм systemd или напрямую cgroup
PARAM="$@"
local PARAM="$@"
[[ -n ${PARAM} ]] && ITEM_UNIT=${PARAM#*[} && ITEM_UNIT=${ITEM_UNIT%%]*} || return 0
[[ -n ${ITEM_UNIT} ]] || return 0
get_compat_unit
@ -53,6 +57,7 @@ exec_cgroup_quota_remove(){
#systemctl revert ${COMPAT_UNIT}
/usr/bin/systemctl daemon-reload
else
# Напрямую cgroup
true
fi
}

2
ublinux/rc.preinit.d/10-system
Unescape View File

@ -118,7 +118,7 @@ exec_environment(){
else
FUNCTION=
while [[ $# -gt 0 ]]; do
[[ -z ${1} ]] || { declare -f ${1} &>/dev/null && FUNCTION+="; ${1}" || FUNCTION+=" '${1}'"; }
[[ -z ${1} ]] || { declare -f "${1}" &>/dev/null && FUNCTION+="; ${1}" || FUNCTION+=" '${1//\'/}'"; }
shift
done
eval ${FUNCTION#*; }

101
ublinux/rc.preinit.d/20-services
Unescape View File

@ -38,12 +38,13 @@ exec_services_enabledisable(){
# $2 Параметр со значением, пример: SERVICES_ENABLE=pcscd.service,nmb,smb
# null Если отсутствует $@, то применяем из системной конфигурации SERVICESSTART SERVICESNOSTART SERVICESMASK SERVICESUNMASK
ISSYSTEMD=$(readlink -fq ${ROOTFS}/usr/bin/init | grep "lib/systemd/systemd$")
[[ $1 == @("set="|"set+="|"set++="|"set-="|"set--="|"remove") ]] && shift
[[ $1 == @("set="|"set+="|"set++="|"set-="|"set--="|"remove") ]] && COMMAND=$1 && shift
[[ -n ${COMMAND} ]] || COMMAND="set="
local PARAM="$@"
if [[ -n ${PARAM} ]]; then
unset SERVICESSTART SERVICESNOSTART SERVICESMASK SERVICESUNMASK
unset SERVICES_ENABLE SERVICES_DISABLE SERVICES_MASK SERVICES_UNMASK
eval "${PARAM%%=*}=\${PARAM#*=}"
local SERVICESSTART= SERVICESNOSTART= SERVICESMASK= SERVICESUNMASK=
local SERVICES_ENABLE= SERVICES_DISABLE= SERVICES_MASK= SERVICES_UNMASK=
[[ ${PARAM} =~ ^[[:alnum:]_]+("="|"[".*"]=") ]] && eval "${PARAM%%=*}=\${PARAM#*=}"
else
SERVICESSTART_KERNEL=$(cmdline_value servicesstart)
SERVICES_ENABLE_KERNEL=$(cmdline_value services_enable)
@ -59,6 +60,7 @@ exec_services_enabledisable(){
mkdir -p proc
mount -o rbind /proc proc
fi
if [[ ${COMMAND} == @("set="|"set+="|"set++=") ]]; then
while IFS= read -ru3 SELECT_SERVICE; do
[[ -n ${SELECT_SERVICE} ]] || continue
if [[ -n ${ISSYSTEMD} ]]; then
@ -84,7 +86,33 @@ exec_services_enabledisable(){
${CMD_CHROOT} /usr/bin/systemctl --quiet mask ${SELECT_SERVICE}
fi
done 3< <(tr ',; ' '\n' <<< "${SERVICESMASK},${SERVICES_MASK}" | tr -s '\n')
[[ -n ${ROOTFS} ]] && umount proc
elif [[ ${COMMAND} == @("set-="|"set--="|"remove") ]]; then
while IFS= read -ru3 SELECT_SERVICE; do
[[ -n ${SELECT_SERVICE} ]] || continue
if [[ -n ${ISSYSTEMD} ]]; then
true
fi
done 3< <(tr ',; ' '\n' <<< "${SERVICESUNMASK},${SERVICESSTART},${SERVICES_UNMASK},${SERVICES_ENABLE}" | tr -s '\n')
while IFS= read -ru3 SELECT_SERVICE; do
[[ -n ${SELECT_SERVICE} ]] || continue
if [[ -n ${ISSYSTEMD} ]]; then
${CMD_CHROOT} /usr/bin/systemctl --quiet disable ${SELECT_SERVICE}
fi
done 3< <(tr ',; ' '\n' <<< "${SERVICESSTART},${SERVICES_ENABLE}" | tr -s '\n')
while IFS= read -ru3 SELECT_SERVICE; do
[[ -n ${SELECT_SERVICE} ]] || continue
if [[ -n ${ISSYSTEMD} ]]; then
true
fi
done 3< <(tr ',; ' '\n' <<< "${SERVICESNOSTART},${SERVICES_DISABLE}" | tr -s '\n')
while IFS= read -ru3 SELECT_SERVICE; do
[[ -n ${SELECT_SERVICE} ]] || continue
if [[ -n ${ISSYSTEMD} ]]; then
${CMD_CHROOT} /usr/bin/systemctl --quiet unmask ${SELECT_SERVICE}
fi
done 3< <(tr ',; ' '\n' <<< "${SERVICESMASK},${SERVICES_MASK}" | tr -s '\n')
fi
[[ -z ${ROOTFS} ]] || umount proc
fi
}
@ -100,30 +128,49 @@ exec_services_startstop_live(){
[[ -n ${COMMAND} ]] || COMMAND="set="
local PARAM="$@"
if [[ -n ${PARAM} ]]; then
unset SERVICESSTART SERVICESNOSTART SERVICESMASK SERVICESUNMASK
unset SERVICES_ENABLE SERVICES_DISABLE SERVICES_MASK SERVICES_UNMASK
[[ ${PARAM%%=*} =~ [!\$%\&()*+,./:\;\<\=\>?\@\^\{|\}~-] ]] || eval "${PARAM%%=*}=\${PARAM#*=}"
local SERVICESSTART= SERVICESNOSTART= SERVICESMASK= SERVICESUNMASK=
local SERVICES_ENABLE= SERVICES_DISABLE= SERVICES_MASK= SERVICES_UNMASK=
[[ ${PARAM} =~ ^[[:alnum:]_]+("="|"[".*"]=") ]] && eval "${PARAM%%=*}=\${PARAM#*=}"
fi
if [[ ${COMMAND} == @("set="|"set+="|"set++=") ]]; then
while IFS= read -ru3 SELECT_SERVICE; do
[[ -n ${SELECT_SERVICE} ]] || continue
if [[ ${COMMAND} == @("set="|"set+="|"set++=") ]]; then
if [[ -n ${ISSYSTEMD} ]]; then
systemctl --quiet start ${SELECT_SERVICE}
fi
elif [[ ${COMMAND} == @("set-="|"set--=") ]]; then
done 3< <(tr ',; ' '\n' <<< "${SERVICESSTART},${SERVICES_ENABLE}" | tr -s '\n')
while IFS= read -ru3 SELECT_SERVICE; do
[[ -n ${SELECT_SERVICE} ]] || continue
if [[ -n ${ISSYSTEMD} ]]; then
systemctl --quiet stop ${SELECT_SERVICE}
fi
done 3< <(tr ',; ' '\n' <<< "${SERVICESNOSTART},${SERVICES_DISABLE}" | tr -s '\n')
while IFS= read -ru3 SELECT_SERVICE; do
[[ -n ${SELECT_SERVICE} ]] || continue
if [[ -n ${ISSYSTEMD} ]]; then
systemctl --quiet stop ${SELECT_SERVICE}
fi
done 3< <(tr ',; ' '\n' <<< "${SERVICESSTART},${SERVICES_ENABLE}" | tr -s '\n')
done 3< <(tr ',; ' '\n' <<< "${SERVICESMASK},${SERVICES_MASK}" | tr -s '\n')
elif [[ ${COMMAND} == @("set-="|"set--="|"remove") ]]; then
while IFS= read -ru3 SELECT_SERVICE; do
[[ -n ${SELECT_SERVICE} ]] || continue
if [[ ${COMMAND} == @("set="|"set+="|"set++=") ]]; then
if [[ -n ${ISSYSTEMD} ]]; then
systemctl --quiet stop ${SELECT_SERVICE}
fi
done 3< <(tr ',; ' '\n' <<< "${SERVICESSTART},${SERVICES_ENABLE}" | tr -s '\n')
while IFS= read -ru3 SELECT_SERVICE; do
[[ -n ${SELECT_SERVICE} ]] || continue
if [[ -n ${ISSYSTEMD} ]]; then
true
fi
done 3< <(tr ',; ' '\n' <<< "${SERVICESNOSTART},${SERVICES_DISABLE}" | tr -s '\n')
while IFS= read -ru3 SELECT_SERVICE; do
[[ -n ${SELECT_SERVICE} ]] || continue
if [[ -n ${ISSYSTEMD} ]]; then
systemctl --quiet unmask ${SELECT_SERVICE}
fi
done 3< <(tr ',; ' '\n' <<< "${SERVICESMASK},${SERVICES_MASK}" | tr -s '\n')
fi
done 3< <(tr ',; ' '\n' <<< "${SERVICESNOSTART},${SERVICESMASK},${SERVICES_DISABLE},${SERVICES_MASK}" | tr -s '\n')
}
#Выключил, т.к. не перезапишет параметры по умолчанию
@ -137,9 +184,9 @@ exec_services_startstop_live(){
# [[ $1 == @("set="|"set+="|"set++="|"set-="|"set--="|"remove") ]] && shift
# local PARAM="$@"
# if [[ -n ${PARAM} ]]; then
# unset SERVICE
# declare -A SERVICE
# eval "${PARAM%%=*}=\${PARAM#*=}"
# local SERVICE=
# declare -A SERVICE=()
# [[ ${PARAM} =~ ^[[:alnum:]_]+("="|"[".*"]=") ]] && eval "${PARAM%%=*}=\${PARAM#*=}"
# else
# SERVICES_ENABLE_KERNEL=$(cmdline_value services_enable)
# [[ -z ${SERVICES_ENABLE_KERNEL} ]] || while read -u3 SELECT_SERVICE; do
@ -162,21 +209,21 @@ exec_services_startstop_live(){
# [[ -n ${SELECT_SERVICE} ]] || continue
# if [[ ${SERVICE[${SELECT_SERVICE}]} == @(start|enable|on) ]]; then
# if [[ -n ${ISSYSTEMD} ]]; then
# echo ${CMD_CHROOT} /usr/bin/systemctl --quiet unmask ${SELECT_SERVICE}
# echo ${CMD_CHROOT} /usr/bin/systemctl --quiet enable ${SELECT_SERVICE}
# ${CMD_CHROOT} /usr/bin/systemctl --quiet unmask ${SELECT_SERVICE}
# ${CMD_CHROOT} /usr/bin/systemctl --quiet enable ${SELECT_SERVICE}
# fi
# elif [[ ${SERVICE[${SELECT_SERVICE}]} == @(stop|disable|off) ]]; then
# if [[ -n ${ISSYSTEMD} ]]; then
# echo ${CMD_CHROOT} /usr/bin/systemctl --quiet disable ${SELECT_SERVICE}
# ${CMD_CHROOT} /usr/bin/systemctl --quiet disable ${SELECT_SERVICE}
# fi
# elif [[ ${SERVICE[${SELECT_SERVICE}]} == @(mask) ]]; then
# if [[ -n ${ISSYSTEMD} ]]; then
# echo ${CMD_CHROOT} /usr/bin/systemctl --quiet disable ${SELECT_SERVICE}
# echo ${CMD_CHROOT} /usr/bin/systemctl --quiet mask ${SELECT_SERVICE}
# ${CMD_CHROOT} /usr/bin/systemctl --quiet disable ${SELECT_SERVICE}
# ${CMD_CHROOT} /usr/bin/systemctl --quiet mask ${SELECT_SERVICE}
# fi
# elif [[ ${SERVICE[${SELECT_SERVICE}]} == @(unmask) ]]; then
# if [[ -n ${ISSYSTEMD} ]]; then
# echo ${CMD_CHROOT} /usr/bin/systemctl --quiet unmask ${SELECT_SERVICE}
# ${CMD_CHROOT} /usr/bin/systemctl --quiet unmask ${SELECT_SERVICE}
# fi
# fi
# done 3< <(printf "%s\n" "${!SERVICE[@]}")
@ -198,17 +245,17 @@ exec_services_startstop_live(){
# local PARAM="$@"
# if [[ -n ${PARAM} ]]; then
# local SERVICE=
# declare -A SERVICE
# [[ ${PARAM%%=*} =~ [!\$%\&()*+,/\;\<\=\>?\^\{|\}~-] ]] || eval "${PARAM%%=*}=\${PARAM#*=}"
# declare -A SERVICE=()
# [[ ${PARAM} =~ ^[[:alnum:]_]+("="|"[".*"]=") ]] && eval "${PARAM%%=*}=\${PARAM#*=}"
# fi
# while read -u3 SELECT_SERVICE; do
# if [[ ${SERVICE[${SELECT_SERVICE}]} == @(start|enable|on) ]]; then
# if [[ -n ${ISSYSTEMD} ]]; then
# echo ${CMD_CHROOT} /usr/bin/systemctl --quiet start ${SELECT_SERVICE}
# ${CMD_CHROOT} /usr/bin/systemctl --quiet start ${SELECT_SERVICE}
# fi
# elif [[ ${SERVICE[${SELECT_SERVICE}]} == @(stop|disable|off) ]]; then
# if [[ -n ${ISSYSTEMD} ]]; then
# echo ${CMD_CHROOT} /usr/bin/systemctl --quiet stop ${SELECT_SERVICE}
# ${CMD_CHROOT} /usr/bin/systemctl --quiet stop ${SELECT_SERVICE}
# fi
# fi
# done 3< <(printf "%s\n" "${!SERVICE[@]}")
@ -227,7 +274,7 @@ exec_services_startstop_live(){
else
FUNCTION=
while [[ $# -gt 0 ]]; do
[[ -z ${1} ]] || { declare -f ${1} &>/dev/null && FUNCTION+="; ${1}" || FUNCTION+=" '${1}'"; }
[[ -z ${1} ]] || { declare -f "${1}" &>/dev/null && FUNCTION+="; ${1}" || FUNCTION+=" '${1//\'/}'"; }
shift
done
eval ${FUNCTION#*; }

8
ublinux/rc.preinit.d/23-realmd
Unescape View File

@ -47,9 +47,9 @@ exec_domain(){
local PARAM="$@"
[[ $(declare -p DOMAIN 2>/dev/null) =~ "declare -A" ]] || declare -A DOMAIN
if [[ -n ${PARAM} ]]; then
unset DOMAIN
declare -A DOMAIN
[[ ${PARAM%%=*} =~ [!\$%\&()*+,./:\;\<\=\>?\@\^\{|\}~-] ]] || eval "${PARAM%%=*}=\${PARAM#*=}"
local DOMAIN=
declare -A DOMAIN=()
[[ ${PARAM} =~ ^[[:alnum:]_]+("="|"[".*"]=") ]] && eval "${PARAM%%=*}=\${PARAM#*=}"
fi
if [[ ${COMMAND} == @("set="|"set+="|"set++=") ]]; then
if [[ -n ${DOMAIN} && ${DOMAIN[client]} == "realmd_sssd" ]]; then
@ -99,7 +99,7 @@ domain_configure_live(){
else
FUNCTION=
while [[ $# -gt 0 ]]; do
[[ -z ${1} ]] || { declare -f ${1} &>/dev/null && FUNCTION+="; ${1}" || FUNCTION+=" '${1}'"; }
[[ -z ${1} ]] || { declare -f "${1}" &>/dev/null && FUNCTION+="; ${1}" || FUNCTION+=" '${1//\'/}'"; }
shift
done
eval ${FUNCTION#*; }

125
ublinux/rc.preinit.d/24-logging
Unescape View File

@ -24,55 +24,106 @@ SOURCE=${SYSCONF}/config; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null
SOURCE=${SYSCONF}/logging; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null
## Настройка мониторинга и сбора системных событий и записи их в журналы для аудита
## AUDITD=disable|no|none|off # Отключить все созданные правила из конфигурации
## AUDITD[<id_name>]=<rule>
## AUDITD=disable|no|none|off<-># Отключить все созданные правила из конфигурации
## AUDITD[<id_name>[:<status>]]=<rule>[#<description>]
## <id_name> # Уникальное имя правила
## <rule> # Правило
## <status> # Статус правила, модет принимать значения: отсутствовать,enable,disable
## Отстутствует # Правило выключено или только комментарий
## enable # Правило включено
## disable # Правило выключено
## <rule> # Правило, без использование символа #
## <description> # Описание правила, начинается с символа #
#AUDITD[comment_1]="#Global settings"
#AUDITD[conf-d:enable]="-D #Remove any existing rules"
#AUDITD[conf-b:enable]="-b 8192 #Buffer Size. Feel free to increase this if the machine panic's"
#AUDITD[conf-f:enable]="-f 1 #Failure Mode. Possible values: 0 (silent), 1 (printk, print a failure message), 2 (panic, halt the system)"
#AUDITD[conf-i:disable]="-i #Ignore errors. e.g. caused by users or files not found in the local environment"
#AUDITD[comment_1221]="#Self Auditing ---------------------------------------------------------------------"
#AUDITD[comment_32423]="#Audit the audit logs"
#AUDITD[comment_23423]="#Successful and unsuccessful attempts to read information from the audit records"
#AUDITD[fs_auditlog_1]="-w /var/log/audit/ -p wra -k auditlog"
#AUDITD[fs_auditlog_2:disable]="-w /var/audit/ -p wra -k auditlog"
#AUDITD[event_chmod]="-a always,exit -F arch=x86_64 -S chmod,fchmod,fchmodat -F key=event_chmod"
#AUDITD[passwd_changes]="-w /etc/passwd -p wa -k passwd_changes"
exec_auditd(){
[[ $1 == @("set="|"set+="|"set++="|"set-="|"set--="|"remove") ]] && COMMAND=$1 && shift
[[ -n ${COMMAND} ]] || COMMAND="set="
FILE_PATTERN_AUDITD_CONF="${ROOTFS}/etc/audit/rules.d/00-ubconfig.rules"
local PARAM="$@"
if [[ -n ${PARAM} ]]; then
AUDITD_NAME=${PARAM%%=*}
AUDITD_VAR=${PARAM#*=}
local SERVICE_AUDITD="auditd.service"
local FILE_PATTERN_AUDITD_CONF="${ROOTFS}/etc/audit/rules.d/00-ubconfig.rules"
local SEPARATE_RULES_NAME_COMMENT=": "
local PREFIX_RULES_DISABLE="## "
if [[ ${AUDITD} == @(enable|yes|on) ]]; then
# Только для init
[[ -n ${ROOTFS} ]] && [[ -f ${ROOTFS}/lib/systemd/system/${SERVICE_AUDITD} ]] && [[ ! -e ${ROOTFS}/etc/systemd/system/multi-user.target.wants/${SERVICE_AUDITD} ]] \
&& ln -sf /usr/lib/systemd/system/${SERVICE_AUDITD} ${ROOTFS}/etc/systemd/system/multi-user.target.wants/${SERVICE_AUDITD}
elif [[ ${AUDITD} == @(disable|no|none|off) ]]; then
rm -f "${FILE_PATTERN_AUDITD_CONF}"
[[ -n ${ROOTFS} ]] && [[ -e ${ROOTFS}/etc/systemd/system/multi-user.target.wants/${SERVICE_AUDITD} ]] && rm -f "${ROOTFS}/etc/systemd/system/multi-user.target.wants/${SERVICE_AUDITD}"
return 0
fi
[[ -d ${FILE_PATTERN_AUDITD_CONF%/*} ]] || mkdir -p ${FILE_PATTERN_AUDITD_CONF%/*}
[[ -f ${FILE_PATTERN_AUDITD_CONF} ]] || true > "${FILE_PATTERN_AUDITD_CONF}"
if [[ -z ${PARAM} ]]; then
if [[ -n ${PARAM} && ! ${PARAM} =~ ^"AUDITD="('enable'|'yes'|'on')?$ ]]; then
local SOURCE_AUDITD_RULES="${PARAM}"
elif [[ -n ${PARAM} && ${PARAM} =~ ^"AUDITD="('disable'|'no'|'none'|'off')?$ ]]; then
return 0
else
# Полное перезаполнение правил из конфигурации
SOURCE_AUDITD_RULES=$(grep -E "^[[:blank:]]*AUDITD\[" ${SYSCONF}/logging 2>/dev/null)
true > "${FILE_PATTERN_AUDITD_CONF}"
while IFS='=' read -u3 AUDITD_NAME AUDITD_VAR; do
[[ ${AUDITD_NAME} =~ ^.*'['(.*)']' ]] && AUDITD_NAME=${BASH_REMATCH[1]}
[[ ${AUDITD_VAR} =~ ^\"(.*)\"$ ]] && AUDITD_VAR=${BASH_REMATCH[1]}
echo "${AUDITD_VAR}" >> "${FILE_PATTERN_AUDITD_CONF}"
done 3< <(grep -E "^[[:space:]]*AUDITD\[" ${SYSCONF}/logging 2>/dev/null)
elif [[ ${COMMAND} == @("set="|"set+="|"set++=") ]]; then
[[ ${AUDITD_NAME} =~ ^.*'['(.*)']' ]] && AUDITD_NAME=${BASH_REMATCH[1]}
[[ ${AUDITD_VAR} =~ ^\"(.*)\"$ ]] && AUDITD_VAR=${BASH_REMATCH[1]}
echo "${AUDITD_VAR}" >> "${FILE_PATTERN_AUDITD_CONF}"
fi
if [[ ${COMMAND} == @("set="|"set+="|"set++=") ]]; then
# т.к. важен порядок, то считываем последовательно из конфигурации
while IFS='=' read -u3 AUDITD_RULE_NAME AUDITD_RULE_VAR; do
[[ ${AUDITD_RULE_NAME} =~ ^[[:blank:]]*'AUDITD['([^:]+)':'?('enable'|'disable'|'yes'|'no'|'none'|'on'|'off')?']' ]] && AUDITD_RULE_NAME=${BASH_REMATCH[1]} && AUDITD_RULE_STATUS=${BASH_REMATCH[2]}
[[ ${AUDITD_RULE_NAME} == @("AUDITD"|"") ]] && return 0
[[ ${AUDITD_RULE_STATUS} == @(""|disable|no|none|off) ]] && AUDITD_RULE_STATUS="#" || AUDITD_RULE_STATUS=
[[ ${AUDITD_RULE_VAR} =~ ^[\"\']?([^#]*)'#'?([^\"]*)[\'\"]?$ ]] && AUDITD_RULE_VAR=${BASH_REMATCH[1]} && AUDITD_RULE_COMMENT=${BASH_REMATCH[2]}
[[ ${AUDITD_RULE_VAR} =~ ^[[:blank:]]*([^[:blank:]$]*)[[:blank:]]*$ ]] && AUDITD_RULE_VAR=${BASH_REMATCH[1]}
[[ -n ${AUDITD_RULE_COMMENT} ]] && echo "${PREFIX_RULES_DISABLE}${AUDITD_RULE_NAME}${SEPARATE_RULES_NAME_COMMENT}${AUDITD_RULE_COMMENT}" >> "${FILE_PATTERN_AUDITD_CONF}" \
|| echo "${PREFIX_RULES_DISABLE}${AUDITD_RULE_NAME}" >> "${FILE_PATTERN_AUDITD_CONF}"
[[ -n ${AUDITD_RULE_VAR} ]] && echo "${AUDITD_RULE_STATUS}${AUDITD_RULE_VAR}" >> "${FILE_PATTERN_AUDITD_CONF}"
done 3<<<${SOURCE_AUDITD_RULES}
elif [[ ${COMMAND} == @("set-="|"set--="|"remove") ]]; then
if [[ -n ${AUDITD_NAME} && ${AUDITD_VAR} != "" ]]; then
[[ ${AUDITD_NAME} =~ ^.*'['(.*)']' ]] && AUDITD_NAME=${BASH_REMATCH[1]}
AUDITD_VAR=${AUDITD[${AUDITD_NAME}]}
[[ -f ${FILE_PATTERN_AUDITD_CONF} ]] && while IFS='=' read -u3 AUDITD_RULE_NAME AUDITD_RULE_VAR; do
[[ ${AUDITD_RULE_NAME} =~ ^[[:blank:]]*'AUDITD['([^:]+)':'?('enable'|'disable'|'yes'|'no'|'none'|'on'|'off')?']' ]] && AUDITD_RULE_NAME=${BASH_REMATCH[1]} && AUDITD_RULE_STATUS=${BASH_REMATCH[2]}
# Уазан параметр не массив: AUDITD=
[[ ${AUDITD_RULE_NAME} == @("AUDITD"|"") ]] && return 0
[[ ${AUDITD_RULE_STATUS} == @(""|disable|no|none|off) ]] && AUDITD_RULE_STATUS="#" || AUDITD_RULE_STATUS=
[[ ${AUDITD_RULE_VAR} =~ ^[\"\']?([^#]*)'#'?([^\"]*)[\'\"]?$ ]] && AUDITD_RULE_VAR=${BASH_REMATCH[1]} && AUDITD_RULE_COMMENT=${BASH_REMATCH[2]}
[[ ${AUDITD_RULE_VAR} =~ ^[[:blank:]]*([^[:blank:]$]*)[[:blank:]]*$ ]] && AUDITD_RULE_VAR=${BASH_REMATCH[1]}
if [[ -n ${AUDITD_RULE_COMMENT} ]]; then
sed -E "/^$(ere_quote_sed "${PREFIX_RULES_DISABLE}${AUDITD_RULE_NAME}${SEPARATE_RULES_NAME_COMMENT}${AUDITD_RULE_COMMENT}")[[:blank:]]*$/d" -i "${FILE_PATTERN_AUDITD_CONF}"
else
sed -E "/^$(ere_quote_sed "${PREFIX_RULES_DISABLE}${AUDITD_RULE_NAME}")[[:blank:]]*$/d" -i "${FILE_PATTERN_AUDITD_CONF}"
fi
[[ ${AUDITD_VAR} =~ ^\"(.*)\"$ ]] && AUDITD_VAR=${BASH_REMATCH[1]}
ESC_AUDITD_VAR=$(sed 's/[^a-zA-Z0-9=",_@#%&<> -]/\\&/g' <<< "${AUDITD_VAR}")
sed "/^${ESC_AUDITD_VAR}$/d" -i "${FILE_PATTERN_AUDITD_CONF}"
[[ -n ${AUDITD_RULE_VAR} ]] && sed -E "/^$(ere_quote_sed "${AUDITD_RULE_STATUS}${AUDITD_RULE_VAR}")[[:blank:]]*$/d" -i "${FILE_PATTERN_AUDITD_CONF}"
done 3<<<${SOURCE_AUDITD_RULES}
fi
}
exec_auditd_live(){
[[ -z ${ROOTFS} ]] || return 0
SERVICE_NAME="auditd.service"
if [[ $(pgrep -fc "exec_audit_live") == 1 ]]; then
if systemctl --quiet is-enabled ${SERVICE_NAME} 2>/dev/null; then
local SERVICE_AUDIT_RULES="audit-rules.service"
local SERVICE_AUDITD="auditd.service"
if [[ -n ${AUDITD} ]]; then
# Если получен параметр AUDITD на включение или выключение, не массив, то
if [[ ${AUDITD} == @(enable|yes|on) ]]; then
if [[ $(pgrep -fc "exec_auditd_live") == 1 ]]; then
sleep 5
systemctl --quiet reset-failed ${SERVICE_NAME}
systemctl --quiet restart ${SERVICE_NAME} 2>/dev/null
if systemctl --quiet is-active ${SERVICE_AUDITD} 2>/dev/null; then
systemctl --quiet reset-failed ${SERVICE_AUDITD} 2>/dev/null
systemctl --quiet restart ${SERVICE_AUDITD} 2>/dev/null
fi
ubconfig --quiet --target system set [system] SERVICES_ENABLE++="${SERVICE_AUDITD}"
fi
elif [[ ${AUDITD} == @(disable|no|none|off) ]]; then
pkill ${SERVICE_AUDITD%%.*}
ubconfig --quiet --target system set [system] SERVICES_ENABLE--="${SERVICE_AUDITD}" 2>/dev/null
fi
fi
return 0
}
## Настройка журналов
@ -109,8 +160,8 @@ exec_journald(){
local PARAM="$@"
if [[ -n ${PARAM} ]]; then
local JOURNALD=
declare -A JOURNALD
[[ ${PARAM%%=*} =~ [!\$%\&()*+,/\;\<\=\>?\^\{|\}~] ]] || eval "${PARAM%%=*}=\${PARAM#*=}"
declare -A JOURNALD=()
[[ ${PARAM} =~ ^[[:alnum:]_]+("="|"[".*"]=") ]] && eval "${PARAM%%=*}=\${PARAM#*=}"
fi
[[ ! -f ${FILE_JOURNALD_CONF} ]] && mkdir -p "${FILE_JOURNALD_CONF%/*}" && touch ${FILE_JOURNALD_CONF}
[[ $(cat ${FILE_JOURNALD_CONF}) =~ "[Journal]" ]] || echo "[Journal]" > ${FILE_JOURNALD_CONF}
@ -135,8 +186,8 @@ exec_journald_live(){
SERVICE_NAME="systemd-journald.service"
if [[ $(pgrep -fc "exec_journald_live") == 1 ]]; then
sleep 5
systemctl reset-failed ${SERVICE_NAME}
systemctl --quiet restart ${SERVICE_NAME}
systemctl reset-failed ${SERVICE_NAME} 2>/dev/null
systemctl --quiet restart ${SERVICE_NAME} 2>/dev/null
fi
}
@ -167,8 +218,8 @@ exec_systemd_coredump(){
local PARAM="$@"
if [[ -n ${PARAM} ]]; then
local SYSTEMD_COREDUMP=
declare -A SYSTEMD_COREDUMP
[[ ${PARAM%%=*} =~ [!\$%\&()*+,/\;\<\=\>?\^\{|\}~] ]] || eval "${PARAM%%=*}=\${PARAM#*=}"
declare -A SYSTEMD_COREDUMP=()
[[ ${PARAM} =~ ^[[:alnum:]_]+("="|"[".*"]=") ]] && eval "${PARAM%%=*}=\${PARAM#*=}"
fi
[[ ! -f ${FILE_SYSTEMD_COREDUMP_CONF} ]] && mkdir -p "${FILE_SYSTEMD_COREDUMP_CONF%/*}" && touch ${FILE_SYSTEMD_COREDUMP_CONF}
[[ $(cat ${FILE_SYSTEMD_COREDUMP_CONF}) =~ "[Coredump]" ]] || echo "[Coredump]" > ${FILE_SYSTEMD_COREDUMP_CONF}
@ -201,8 +252,8 @@ exec_logrotate(){
local PARAM="$@"
if [[ -n ${PARAM} ]]; then
local LOGROTATE=
declare -A LOGROTATE
[[ ${PARAM%%=*} =~ [!\$%\&()*+,/\;\<\=\>?\^\{|\}~] ]] || eval "${PARAM%%=*}=\${PARAM#*=}"
declare -A LOGROTATE=()
[[ ${PARAM} =~ ^[[:alnum:]_]+("="|"[".*"]=") ]] && eval "${PARAM%%=*}=\${PARAM#*=}"
fi
[[ -d ${FILE_PATTERN_LOGROTATE_CONF%/*} ]] || mkdir -p ${PATH_LOGROTATE_CONF%/*}
if [[ ${COMMAND} == "set=" ]] && [[ ${#LOGROTATE[@]} != 0 ]]; then
@ -285,7 +336,7 @@ exec_logrotate_live(){
else
FUNCTION=
while [[ $# -gt 0 ]]; do
[[ -z ${1} ]] || { declare -f ${1} &>/dev/null && FUNCTION+="; ${1}" || FUNCTION+=" '${1}'"; }
[[ -z ${1} ]] || { declare -f "${1}" &>/dev/null && FUNCTION+="; ${1}" || FUNCTION+=" '${1//\'/}'"; }
shift
done
eval ${FUNCTION#*; }

3
ublinux/rc.preinit.d/40-authpam
Unescape View File

@ -27,7 +27,7 @@ exec_authpam(){
[[ $1 == @("set="|"set+="|"set++="|"set-="|"set--="|"remove") ]] && COMMAND=$1 && shift
[[ -n ${COMMAND} ]] || COMMAND="set="
[[ $(declare -p AUTHPAM 2>/dev/null) =~ "declare -A" ]] || declare -A AUTHPAM
local PARAM="$@"
# local PARAM="$@"
# AUTHSELECT_LIST_ALL=$(${CMD_CHROOT} /usr/bin/authselect list)
AUTHPAM_FEATURE=${AUTHPAM[${AUTHPAM[0]}]//,/ }; AUTHPAM_FEATURE=${AUTHPAM_FEATURE//;/ }
if [[ ${COMMAND} == @("set="|"set+="|"set++=") ]]; then
@ -41,7 +41,6 @@ exec_authpam(){
${CMD_CHROOT} /usr/bin/authselect select ${AUTHPAM[0]} ${AUTHPAM_FEATURE} --force --nobackup --quiet
fi
fi
}

2
ublinux/rc.preinit.d/58-access-login
Unescape View File

@ -59,7 +59,7 @@ exec_access_denied_login(){
else
FUNCTION=
while [[ $# -gt 0 ]]; do
[[ -z ${1} ]] || { declare -f ${1} &>/dev/null && FUNCTION+="; ${1}" || FUNCTION+=" '${1}'"; }
[[ -z ${1} ]] || { declare -f "${1}" &>/dev/null && FUNCTION+="; ${1}" || FUNCTION+=" '${1//\'/}'"; }
shift
done
eval ${FUNCTION#*; }

10
ublinux/rc.preinit.d/60-lightdm-settings
Unescape View File

@ -41,8 +41,8 @@ exec_lightdm_xdmcp(){
local PARAM="$@"
if [[ -n ${PARAM} ]]; then
local LIGHTDM_XDMCP=
declare -A LIGHTDM_XDMCP
[[ ${PARAM%%=*} =~ [!\$%\&()*+,/\;\<\=\>?\^\{|\}~] ]] || eval "${PARAM%%=*}=\${PARAM#*=}"
declare -A LIGHTDM_XDMCP=()
[[ ${PARAM} =~ ^[[:alnum:]_]+("="|"[".*"]=") ]] && eval "${PARAM%%=*}=\${PARAM#*=}"
fi
FILE_LIGHTDM_CONF="${ROOTFS}/etc/lightdm/lightdm.conf"
FILE_LIGHTDM_XDMCP_CONF="${ROOTFS}/etc/lightdm/lightdm.conf.d/99-xdmcp-ubconfig.conf"
@ -84,8 +84,8 @@ exec_lightdm_greeter(){
local PARAM="$@"
if [[ -n ${PARAM} ]]; then
local LIGHTDM_GREETER=
declare -A LIGHTDM_GREETER
[[ ${PARAM%%=*} =~ [!\$%\&()*+,/\;\<\=\>?\^\{|\}~] ]] || eval "${PARAM%%=*}=\${PARAM#*=}"
declare -A LIGHTDM_GREETER=()
[[ ${PARAM} =~ ^[[:alnum:]_]+("="|"[".*"]=") ]] && eval "${PARAM%%=*}=\${PARAM#*=}"
fi
FILE_LIGHTDM_CONF="${ROOTFS}/etc/lightdm/lightdm.conf"
FILE_LIGHTDM_GREETER_CONF="${ROOTFS}/etc/lightdm/lightdm.conf.d/99-greeter-ubconfig.conf"
@ -127,7 +127,7 @@ EOF
else
FUNCTION=
while [[ $# -gt 0 ]]; do
[[ -z ${1} ]] || { declare -f ${1} &>/dev/null && FUNCTION+="; ${1}" || FUNCTION+=" '${1}'"; }
[[ -z ${1} ]] || { declare -f "${1}" &>/dev/null && FUNCTION+="; ${1}" || FUNCTION+=" '${1//\'/}'"; }
shift
done
eval ${FUNCTION#*; }

2
ublinux/rc.preinit.d/80-server-containers-storage
Unescape View File

@ -142,7 +142,7 @@ EOF
else
FUNCTION=
while [[ $# -gt 0 ]]; do
[[ -z ${1} ]] || { declare -f ${1} &>/dev/null && FUNCTION+="; ${1}" || FUNCTION+=" '${1}'"; }
[[ -z ${1} ]] || { declare -f "${1}" &>/dev/null && FUNCTION+="; ${1}" || FUNCTION+=" '${1//\'/}'"; }
shift
done
eval ${FUNCTION#*; }

60
ublinux/rc.preinit/10-accounts
Unescape View File

@ -117,21 +117,24 @@ exec_01_defaultrootpasswd(){
[[ -n ${COMMAND} ]] || local COMMAND="set="
local PARAM="$@"
if [[ -n ${PARAM} ]]; then
[[ ${PARAM%%=*} =~ [!\$%\&()*+,/\;\<\=\>?\^\{|\}~] ]] || eval "${PARAM%%=*}=\${PARAM#*=}"
[[ ${PARAM} =~ ^[[:alnum:]_]+("="|"[".*"]=") ]] && eval "${PARAM%%=*}=\${PARAM#*=}"
fi
if [[ ${COMMAND} == @("set="|"set+="|"set++=") ]] && [[ -n ${DEFAULTROOTPASSWD} && ! ${DEFAULTROOTPASSWD,,} == @(no|none|disable) ]]; then
if [[ ${COMMAND} == @("set="|"set+="|"set++=") ]]; then
[[ ${DEFAULTROOTPASSWD,,} == @(no|none|disable|" ") ]] && DEFAULTROOTPASSWD=" "
# Добавить параметр в ${FILE_ROOT_USERS}=.users_credential и удалить параметр DEFAULTROOTPASSWD из '/etc/ublinux/users
if [[ -f ${FILE_ROOT_USERS} ]]; then
sed "/DEFAULTROOTPASSWD=/d" -i "${FILE_ROOT_USERS}"
echo "DEFAULTROOTPASSWD='${DEFAULTROOTPASSWD}'" >> ${FILE_ROOT_USERS}
[[ -n ${DEFAULTROOTPASSWD} ]] && echo "DEFAULTROOTPASSWD='${DEFAULTROOTPASSWD}'" >> ${FILE_ROOT_USERS}
fi
[[ -f "${SYSCONF}/users" ]] && sed "/DEFAULTROOTPASSWD=/d" -i "${SYSCONF}/users"
DEFAULTROOTPASSWD=$(return_hash_password hash ${HASHPASSWD} ${DEFAULTROOTPASSWD})
[[ -n ${DEFAULTROOTPASSWD} ]] && DEFAULTROOTPASSWD=$(return_hash_password hash ${HASHPASSWD} ${DEFAULTROOTPASSWD})
#set_passwd root "${DEFAULTROOTPASSWD}"
user_add "root:+:+:+:${DEFAULTROOTPASSWD}:+:+:+:+:+:+:+:+"
elif [[ ${COMMAND} == @("set-="|"set--="|"remove") ]]; then
[[ -f ${FILE_ROOT_USERS} ]] && sed "/DEFAULTROOTPASSWD=/d" -i "${FILE_ROOT_USERS}"
[[ -f "${SYSCONF}/users" ]] && sed "/DEFAULTROOTPASSWD=/d" -i "${SYSCONF}/users"
# Если пробел " " пробел, то пароль не будет установлен
user_add "root:+:+:+: :+:+:+:+:+:+:+:+"
fi
}
@ -142,13 +145,13 @@ exec_02_defaultpasswd(){
[[ -n ${COMMAND} ]] || local COMMAND="set="
local PARAM="$@"
if [[ -n ${PARAM} ]]; then
[[ ${PARAM%%=*} =~ [!\$%\&()*+,/\;\<\=\>?\^\{|\}~] ]] || eval "${PARAM%%=*}=\${PARAM#*=}"
[[ ${PARAM} =~ ^[[:alnum:]_]+("="|"[".*"]=") ]] && eval "${PARAM%%=*}=\${PARAM#*=}"
fi
if [[ ${COMMAND} == @("set="|"set+="|"set++=") ]] && [[ -n ${DEFAULTPASSWD} ]]; then
if [[ ${COMMAND} == @("set="|"set+="|"set++=") ]]; then
# Добавить параметр в ${FILE_ROOT_USERS}=.users_credential и удалить параметр DEFAULTROOTPASSWD из '/etc/ublinux/users
if [[ -f ${FILE_ROOT_USERS} ]]; then
sed "/DEFAULTPASSWD=/d" -i "${FILE_ROOT_USERS}"
echo "DEFAULTPASSWD='${DEFAULTPASSWD}'" >> ${FILE_ROOT_USERS}
[[ -n ${DEFAULTPASSWD} ]] && echo "DEFAULTPASSWD='${DEFAULTPASSWD}'" >> ${FILE_ROOT_USERS}
fi
[[ -f "${SYSCONF}/users" ]] && sed "/DEFAULTPASSWD=/d" -i "${SYSCONF}/users"
elif [[ ${COMMAND} == @("set-="|"set--="|"remove") ]]; then
@ -238,8 +241,8 @@ exec_04_groupadd(){
local DATA_SYSUSERS=$(cat ${ROOTFS}/usr/lib/sysusers.d/*.conf ${ROOTFS}/usr/share/ublinux-sysusers/*.sysusers)
if [[ -n ${PARAM} ]]; then
local GROUPADD=
declare -A GROUPADD
[[ ${PARAM%%=*} =~ [!\$%\&()*+,/\;\<\=\>?\^\{|\}~] ]] || eval "${PARAM%%=*}=\${PARAM#*=}"
declare -A GROUPADD=()
[[ ${PARAM} =~ ^[[:alnum:]_]+("="|"[".*"]=") ]] && eval "${PARAM%%=*}=\${PARAM#*=}"
fi
if [[ ${COMMAND} == @("set="|"set+="|"set++=") ]] && [[ ${#GROUPADD[@]} != 0 ]]; then
groupadd_local(){
@ -272,8 +275,8 @@ exec_04_groupadd(){
[[ ${SELECT_OPTIONAL} == 'x' ]] && SELECT_OPTIONAL=
[[ ${SELECT_OPTIONAL} =~ ('-r'|'--system') ]] && SELECT_GID="system"
#[[ ! ${SELECT_OPTIONAL} =~ ('-o'|'--non-unique') && ${DATA_FILE_GROUP} =~ ($'\n'|^)+[^:]*:[^:]*:"${SELECT_GID}": ]] && { >&2 echo "ERROR: '${SELECT_GROUP}' non unique a group ID (GID)"; return 1; }
[[ ${SELECT_PASSWORD} == @(""|"x") ]] && SELECT_PASSWORD=
[[ ${SELECT_PASSWORD} != @(""|'!*'|'!'|'*') ]] && SELECT_PASSWORD=$(return_hash_password hash ${HASHPASSWD} ${SELECT_PASSWORD})
[[ ${SELECT_PASSWORD} == @(""|" "|"x") ]] && SELECT_PASSWORD=
[[ ${SELECT_PASSWORD} != @(""|" "|'!*'|'!'|'*') ]] && SELECT_PASSWORD=$(return_hash_password hash ${HASHPASSWD} ${SELECT_PASSWORD})
#echo "==> exec_04_groupadd: ${SELECT_GROUP}:${SELECT_USERS}:${SELECT_GID}:${SELECT_OPTIONAL}:${SELECT_ADMINISTRATORS}:${SELECT_PASSWORD}"
group_add "${SELECT_GROUP}:${SELECT_GID}:${SELECT_USERS}:${SELECT_PASSWORD}:${SELECT_ADMINISTRATORS}"
if [[ -n ${PARAM} && -z ${ROOTFS} ]]; then
@ -322,10 +325,10 @@ exec_05_neededusers(){
[[ $1 == @("set="|"set+="|"set++="|"set-="|"set--="|"remove") ]] && local COMMAND=$1 && shift
[[ -n ${COMMAND} ]] || local COMMAND="set="
local PARAM="$@"
local SELECT_USERNAME SELECT_UID SELECT_PASSWORD SELECT_GECOS NULL ADDGROUPS
local ARG_DEFAULTGROUP ARG_SELECT_UID ARG_SELECT_GECOS
local SELECT_USERNAME= SELECT_UID= SELECT_PASSWORD= SELECT_GECOS= NULL= ADDGROUPS=
local ARG_DEFAULTGROUP= ARG_SELECT_UID= ARG_SELECT_GECOS=
if [[ -n ${PARAM} ]]; then
[[ ${PARAM%%=*} =~ [!\$%\&()*+,/\;\<\=\>?\^\{|\}~] ]] || eval "${PARAM%%=*}=\${PARAM#*=}"
[[ ${PARAM} =~ ^[[:alnum:]_]+("="|"[".*"]=") ]] && eval "${PARAM%%=*}=\${PARAM#*=}"
fi
# Если по умолчанию нет ни одного пользователя, то создаём администратора
#[[ -z ${NEEDEDUSERS} ]] && NEEDEDUSERS="${DEFAULTUSER}:${ADMUID}:${DEFAULTPASSWD}:Administrator"
@ -411,9 +414,10 @@ exec_05_neededusers(){
## -N, --no-user-group # Не создавать группу с тем же именем что и у пользователя
## -o, --non-unique # Разрешить создание пользователей с повторяющимися (не уникальными) UID, использовать только совместно с параметром <uid>
## --badnames # Не проверять имя на несоответствие правилам использования символов
## <password|x> # Хеш пароля пользователя, если 'x', то 'password=${DEFAULTPASSWD}'
## <password|x> # Хеш пароля пользователя
## # Если пароль пустой или состоит из символа 'x', то 'password=${DEFAULTPASSWD}'
## # Если user_name=root, то пароль не применяется, а используется password=${DEFAULTROOTPASSWD}
## # Если пароль не задан, поле пустое, то вход без пароля
## # Если пароль состоит из символов ' ' (пробел), то вход без пароля
## # Если пароль состоит из символов '!*' или '!' или '*' или '!!', то аутентификация запрещена
## # Если первый символ '!' , то аутентификация по паролю заблокирована,
## # но другие методы входа, такие как аутентификация на основе ключей или переключение на пользователя, по-прежнему разрешены.
@ -446,8 +450,8 @@ exec_06_useradd(){
local PARAM="$@"
if [[ -n ${PARAM} ]]; then
local USERADD=
declare -A USERADD
[[ ${PARAM%%=*} =~ [!\$%\&()*+,/\;\<\=\>?\^\{|\}~] ]] || eval "${PARAM%%=*}=\${PARAM#*=}"
declare -A USERADD=()
[[ ${PARAM} =~ ^[[:alnum:]_]+("="|"[".*"]=") ]] && eval "${PARAM%%=*}=\${PARAM#*=}"
fi
# Если в GRUB указан параметр useradd, то создать пользователя
[[ -n ${ROOTFS} ]] && while IFS=':' read -u3 SELECT_USERNAME SELECT_UID SELECT_GROUP SELECT_EXTRAGROUP SELECT_PASSWORD NULL; do
@ -479,9 +483,9 @@ exec_06_useradd(){
[[ ${SELECT_OPTIONAL} =~ ("--shell "|"-s ")([^' ']*)(' '|$) ]] && SELECT_SHELL="${BASH_REMATCH[2]}" || SELECT_SHELL="+"
[[ ${SELECT_OPTIONAL} =~ ("--no-create-home"|"-M") ]] && SELECT_MKHOME= || SELECT_MKHOME="yes"
# -----------
[[ ${SELECT_PASSWORD} == "x" && ${SELECT_USERNAME} != "root" ]] && SELECT_PASSWORD="${DEFAULTPASSWD}"
[[ ${SELECT_PASSWORD} == @(""|"x") && ${SELECT_USERNAME} != "root" ]] && SELECT_PASSWORD="${DEFAULTPASSWD}"
[[ ${SELECT_USERNAME} == "root" ]] && SELECT_PASSWORD="${DEFAULTROOTPASSWD}"
[[ ${SELECT_PASSWORD} != @(""|'!*'|'!'|'!!'|'*') ]] && SELECT_PASSWORD="$(return_hash_password hash ${HASHPASSWD} ${SELECT_PASSWORD})"
[[ ${SELECT_PASSWORD} != @(""|" "|'!*'|'!'|'!!'|'*') ]] && SELECT_PASSWORD="$(return_hash_password hash ${HASHPASSWD} ${SELECT_PASSWORD})"
# -----------
[[ ${SELECT_GECOS,,} == "x" ]] && SELECT_GECOS=
# -----------
@ -643,9 +647,9 @@ exec_07_usershadow(){
local PARAM="$@"
local DATA_FILE_SHADOW=$(< ${FILE_SHADOW})
if [[ -n ${PARAM} ]]; then
local USERSHADOW
declare -A USERSHADOW
[[ ${PARAM%%=*} =~ [!\$%\&()*+,/\;\<\=\>?\^\{|\}~] ]] || eval "${PARAM%%=*}=\${PARAM#*=}"
local USERSHADOW=
declare -A USERSHADOW=()
[[ ${PARAM} =~ ^[[:alnum:]_]+("="|"[".*"]=") ]] && eval "${PARAM%%=*}=\${PARAM#*=}"
fi
if [[ ${COMMAND} == @("set="|"set+="|"set++=") ]] && [[ ${#USERSHADOW[@]} -ne 0 ]]; then
while IFS= read -ru3 SELECT_USERNAME; do
@ -695,10 +699,10 @@ exec_08_user_members(){
local PARAM="$@"
if [[ -n ${PARAM} ]]; then
local USERADD=
declare -A USERADD
declare -A USERADD=()
local GROUPADD=
declare -A GROUPADD
[[ ${PARAM%%=*} =~ [!\$%\&()*+,/\;\<\=\>?\^\{|\}~] ]] || eval "${PARAM%%=*}=\${PARAM#*=}"
declare -A GROUPADD=()
[[ ${PARAM} =~ ^[[:alnum:]_]+("="|"[".*"]=") ]] && eval "${PARAM%%=*}=\${PARAM#*=}"
fi
local SELECT_USERNAME= SELECT_UID= SELECT_GROUP= SELECT_EXTRAGROUP= SELECT_PASSWORD= NULL=
# Если в GRUB указан параметр useradd, то создать пользователя
@ -775,7 +779,7 @@ exec_99_dm_hint_password(){
local PARAM="$@"
if [[ -n ${PARAM} ]]; then
local DM_HINT_PASSWORD=
[[ ${PARAM%%=*} =~ [!\$%\&()*+,/\;\<\=\>?\^\{|\}~] ]] || eval "${PARAM%%=*}=\${PARAM#*=}"
[[ ${PARAM} =~ ^[[:alnum:]_]+("="|"[".*"]=") ]] && eval "${PARAM%%=*}=\${PARAM#*=}"
fi
if [[ -n ${ROOTFS} ]]; then
if grep -q "^$(grep ".*:x:${ADMUID}:" ${ROOTFS}/etc/passwd | cut -d: -f1):${NOSECUREROOTPASSWD}:" ${ROOTFS}/etc/shadow; then
@ -804,7 +808,7 @@ exec_99_dm_hint_password(){
else
FUNCTION=
while [[ $# -gt 0 ]]; do
[[ -z ${1} ]] || { declare -f ${1} &>/dev/null && FUNCTION+="; ${1}" || FUNCTION+=" '${1}'"; }
[[ -z ${1} ]] || { declare -f "${1}" &>/dev/null && FUNCTION+="; ${1}" || FUNCTION+=" '${1//\'/}'"; }
shift
done
eval ${FUNCTION#*; }

5
ublinux/scripts/grub-functions
Unescape View File

@ -37,6 +37,7 @@ exec_get_all_menuentry(){
s/menuentry \"(.*${NAME_DISTRIB}.*${VER_DISTRIB}.*)\" .*/\1/p
}
}" ${FILE_GRUB_ADDON}
#"
fi
FILE_GRUB_BOOTHDD="${PATH_GRUB}/ublinux/grub_${LANG%_*}_boothdd.cfg"
@ -49,6 +50,7 @@ exec_get_all_menuentry(){
s/menuentry \"(.*)\" .*/\1/p
}
}" ${FILE_GRUB_BOOTHDD}
#"
fi
FILE_GRUB_LOCAL="${PATH_GRUB}/ublinux/grub_local.cfg"
@ -61,6 +63,7 @@ exec_get_all_menuentry(){
s/menuentry \"(.*)\" .*/\1/p
}
}" ${FILE_GRUB_LOCAL}
#"
fi
}
@ -84,7 +87,7 @@ exec_get_last_menuentry(){
else
FUNCTION=
while [[ $# -gt 0 ]]; do
[[ -z ${1} ]] || { declare -f ${1} &>/dev/null && FUNCTION+="; ${1}" || FUNCTION+=" '${1}'"; }
[[ -z ${1} ]] || { declare -f "${1}" &>/dev/null && FUNCTION+="; ${1}" || FUNCTION+=" '${1//\'/}'"; }
shift
done
eval ${FUNCTION#*; }

39
ublinux/templates/ublinux-data.ini
Unescape View File

@ -196,15 +196,19 @@ VERSION=
## Чтобы получить хэш "openssl passwd -6 <password>" | "mkpasswd2 -m sha256crypt <password>" | "mkpasswd2 -m help"
## Пароль для пользователей без паролей или "x" в переменных USERADD или NEEDUSERS, по умолчанию: ublinux
## DEFAULTPASSWD=<password>
## password # Хеш пароля или если первые символы (%%), то пароль хранится в нешифрованном виде
## <password> # Хеш пароля
## # Если первые символы (%%), то пароль хранится в нешифрованном виде
## # Если пароль состоит из символов '!*', то аутентификация запрещена
## # Если пароль состоит из символов ' ' (пробел), то не использовать пароль
## # Если пароль =DEFAULTROOTPASSWD, то включен первый запуск для настройки системы,
## # отображается подсказка пароля на фоне рабочего стола Lightdm и "[config] firstboot=yes"
#DEFAULTPASSWD='$6$E7stRhRS8fCKk7UU$Qoqw62AUaUa5uLIc2KC7WV3MUThhrR8kjXtCODmnKCzKe2zHu1/wmsiWBHZEIk/IQnk/aELQYbUK93OUtrwg60'
## Хеш пароля для пользователя root, по умолчанию: ublinux
## DEFAULTROOTPASSWD=<password>
## password # Хеш пароля или если первые символы (%%), то пароль хранится в нешифрованном виде
## <password> # Хеш пароля
## # Если первые символы (%%), то пароль хранится в нешифрованном виде
## # Если пароль состоит из символов ' ' (пробел), то не использовать пароль
#DEFAULTROOTPASSWD='$6$E7stRhRS8fCKk7UU$Qoqw62AUaUa5uLIc2KC7WV3MUThhrR8kjXtCODmnKCzKe2zHu1/wmsiWBHZEIk/IQnk/aELQYbUK93OUtrwg60'
## Default user name is 'superadmin'
@ -241,9 +245,10 @@ VERSION=
## -N, --no-user-group # Не создавать группу с тем же именем что и у пользователя
## -o, --non-unique # Разрешить создание пользователей с повторяющимися (не уникальными) UID, использовать только совместно с параметром <uid>
## --badnames # Не проверять имя на несоответствие правилам использования символов
## <password|x> # Хеш пароля пользователя, если 'x', то 'password=${DEFAULTPASSWD}'
## <password|x> # Хеш пароля пользователя
## # Если пароль пустой или состоит из символа 'x', то 'password=${DEFAULTPASSWD}'
## # Если user_name=root, то пароль не применяется, а используется password=${DEFAULTROOTPASSWD}
## # Если пароль не задан, поле пустое, то вход без пароля
## # Если пароль состоит из символов ' ' (пробел), то вход без пароля
## # Если пароль состоит из символов '!*' или '!' или '*' или '!!', то аутентификация запрещена
## # Если первый символ '!' , то аутентификация по паролю заблокирована,
## # но другие методы входа, такие как аутентификация на основе ключей или переключение на пользователя, по-прежнему разрешены.
@ -288,16 +293,17 @@ VERSION=
## USERADD_SYNC[superadmin]=boot,shutdown
## Группы системы /etc/group. Создаст или изменит существующие группы
## GROUPADD[group_name]='group_users:gid:optional:administrators:password|x'
## group_name # Имя группы
## group_users # Пользователи группы, перечисление через запятую, если выбрано 'x' то пусто. Может быть пусто.
## gid # GID группы, если необходимо автоматически рассчитывать, то оставить пустым или 'x'
## GROUPADD[<group_name>]='<group_users>:<gid>:<optional>:<administrators>:<password|x>'
## <group_name> # Имя группы
## <group_users> # Пользователи группы, перечисление через запятую, если выбрано 'x' то пусто. Может быть пусто.
## <gid> # GID группы, если необходимо автоматически рассчитывать, то оставить пустым или 'x'
## # Если указано 's' или 'system', то свободный gid системной группы
## optional # Дополнительные параметры, например: '--system --non-unique', если выбрано 'x' то пусто
## <optional> # Дополнительные параметры, например: '--system --non-unique', если выбрано 'x' то пусто
## -o, --non-unique # Разрешить создание групп с повторяющимися (не уникальными) GID, использовать только совместно с параметром <gid>
## -r, --system # Cоздавать системную группу
## administrators # Администраторы группы которые могут менять пароль группы и добавлять членов. Список с разделителем запятая
## password|x # Хеш пароля группа, если выбрано 'x' или пусто, то группа без пароля
## <administrators> # Администраторы группы которые могут менять пароль группы и добавлять членов. Список с разделителем запятая
## <password|x> # Хеш пароля группа
## # Если состоит из символа 'x' или пусто, то группа без пароля
## # Если первые символы (%%), то пароль хранится в нешифрованном виде
## # Если первые символы (!*), то аутентификация запрещена
## # Если первый символ (*) или (!), то аутентификация по паролю заблокирована. Но другие методы входа, такие как аутентификация на основе ключей или переключение на пользователя, по-прежнему разрешены
@ -314,8 +320,8 @@ VERSION=
## shutdown@<gid> # При завершении работы системы синхронизировать GID группы в системе с глобальной конфигурацией
## GROUPADD_SYNC=shutdown
##
## GROUPADD_SYNC[group_name]='shutdown'
## group_name # Имя группы, необязательное поле. Если не указано, то применяется для всех групп
## GROUPADD_SYNC[<group_name>]='shutdown'
## <group_name> # Имя группы, необязательное поле. Если не указано, то применяется для всех групп
## shutdown # При завершении работы системы синхронизировать указанную группу в системе с глобальной конфигурацией
## GROUPADD_SYNC[users]='shutdown'
@ -591,7 +597,9 @@ VERSION=
## Настройка аудита и логгирования
################################################################################
## Настройка мониторинга и сбора системных событий и записи их в журналы для аудита
## AUDITD=disable|no|none|off # Отключить все созданные правила из конфигурации
## AUDITD=enable|yes|on|disable|no|none|off
## enable|yes|on # Включить управление сервисом auditd.service
## disable|no|none|off # Отключить все созданные правила из конфигурации и не запускать сервис auditd.service
## AUDITD[<id_name>[:<status>]]=<rule>[#<description>]
## <id_name> # Уникальное имя правила
## <status> # Статус правила, модет принимать значения: отсутствовать,enable,disable
@ -599,7 +607,7 @@ VERSION=
## enable # Правило включено
## disable # Правило выключено
## <rule> # Правило, без использование символа #
## <description> # Описание правила, начинается с символа #
## <description> # Описание правила, начинается с символа '#'
#AUDITD[comment_1]="#Global settings"
#AUDITD[conf-d:enable]="-D #Remove any existing rules"
#AUDITD[conf-b:enable]="-b 8192 #Buffer Size. Feel free to increase this if the machine panic's"
@ -613,7 +621,6 @@ VERSION=
#AUDITD[event_chmod]="-a always,exit -F arch=x86_64 -S chmod,fchmod,fchmodat -F key=event_chmod"
#AUDITD[passwd_changes]="-w /etc/passwd -p wa -k passwd_changes"
## Настройка журналов
## https://www.freedesktop.org/software/systemd/man/latest/journald.conf.html
## JOURNALD[<var>]=<value>

Write Preview
Loading…
Cancel
Save