Module submission - shadow
dveatch@woh.rr.com
dveatch at woh.rr.com
Thu May 26 23:08:14 UTC 2005
module name : shadow
suggested section : security
update (y/n) : n
bugfix (y/n) : y
security (y/n) : n
Fails on sha1sum because the file now lives in ......shadow/old
Dennis
==================== BEGIN securetty ====================
console
vc/1
vc/2
vc/3
vc/4
vc/5
vc/6
vc/7
vc/8
vc/9
vc/10
vc/11
tty1
tty2
tty3
tty4
tty5
tty6
tty7
tty8
tty9
tty10
tty11
===================== END securetty =====================
==================== BEGIN deluser ====================
if [ "$UID" == 0 ]; then
if [ "$1"="-r" ]; then
OPTS="-r"
shift
fi
if [ -z "$1" ]; then
read -p "Username: " DEADDUCK
else
DEADDUCK=$1
fi
userdel $OPTS $DEADDUCK
else
su - -c "PATH=$PATH $0 $1"
fi
===================== END deluser =====================
==================== BEGIN BUILD ====================
(
patch_it $SOURCE_CACHE/$SOURCE2 1 &&
if module_installed Linux-PAM; then
WITH_LIBPAM="--with-libpam"
fi
sedit "s/CRACKLIB_DICTPATH \/var\/cache\/cracklib\/cracklib_dict/CRACKLIB_DICTPATH \/usr\/share\/dict\/pw_dict/" etc/login.defs.linux
sedit "s/#MD5_CRYPT_ENAB no/MD5_CRYPT_ENAB yes/" etc/login.defs.linux
touch *
./configure --build=$BUILD \
--prefix=/usr \
--sysconfdir=/etc \
--localstatedir=/var \
--with-libcrack \
$WITH_LIBPAM \
$OPTS &&
default_make || return 1
for FILE in limits login.access login.defs.linux defaults ; do
[ -e /etc/$FILE ] || install etc/$FILE /etc/
done
[ -e /etc/login.defs ] || install etc/login.defs.linux /etc/login.defs
[ -e /etc/securetty ] || install $SCRIPT_DIRECTORY/securetty /etc/
ln -sf /usr/sbin/vipw /usr/sbin/vigr &&
install $SCRIPT_DIRECTORY/adduser /usr/sbin/ &&
install $SCRIPT_DIRECTORY/deluser /usr/sbin/ &&
sedit "s/CRACKLIB_DICTPATH \/var\/cache\/cracklib\/cracklib_dict/CRACKLIB_DICTPATH \/usr\/share\/dict\/pw_dict/" /etc/login.defs
sedit "s/#MD5_CRYPT_ENAB no/MD5_CRYPT_ENAB yes/" /etc/login.defs
) > $C_FIFO 2>&1
===================== END BUILD =====================
==================== BEGIN pam.d/su ====================
auth sufficient pam_rootok.so
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session optional pam_xauth.so
===================== END pam.d/su =====================
==================== BEGIN pam.d/chfn ====================
auth sufficient pam_rootok.so
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
===================== END pam.d/chfn =====================
==================== BEGIN pam.d/chsh ====================
auth sufficient pam_rootok.so
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
===================== END pam.d/chsh =====================
==================== BEGIN pam.d/login ====================
auth required pam_securetty.so
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session optional pam_console.so
===================== END pam.d/login =====================
==================== BEGIN pam.d/groupadd ====================
auth sufficient pam_rootok.so
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
password required pam_permit.so
===================== END pam.d/groupadd =====================
==================== BEGIN pam.d/groupdel ====================
auth sufficient pam_rootok.so
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
password required pam_permit.so
===================== END pam.d/groupdel =====================
==================== BEGIN pam.d/passwd ====================
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
===================== END pam.d/passwd =====================
==================== BEGIN pam.d/shadow ====================
auth sufficient pam_rootok.so
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
===================== END pam.d/shadow =====================
==================== BEGIN pam.d/useradd ====================
auth sufficient pam_rootok.so
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
password required pam_permit.so
===================== END pam.d/useradd =====================
==================== BEGIN pam.d/userdel ====================
auth sufficient pam_rootok.so
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
password required pam_permit.so
===================== END pam.d/userdel =====================
==================== BEGIN pam.d/usermod ====================
auth sufficient pam_rootok.so
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
password required pam_permit.so
===================== END pam.d/usermod =====================
==================== BEGIN adduser ====================
if ! [ "$UID" == 0 ]; then
echo "You have to be r00t for that. Enter root password for su"
su - -c "PATH=$PATH $0 $1"
exit
fi
echo
echo -n "Login name for new user [$1]: "
read LOGIN
if [ -z "$LOGIN" ]; then
LOGIN=$1
if [ -z "$LOGIN" ]; then
echo "Come on, man, you can't leave the login field empty..."
exit
fi
fi
echo
echo -n "User id for $LOGIN [ defaults to next available]: "
read ID
GUID="-u $ID"
if [ -z "$ID" ]; then
GUID=""
fi
echo
echo -n "Initial group for $LOGIN [$LOGIN]: "
read GID
if [ -z "$GID" ]; then
GID="$LOGIN"
fi
GGID="-g $GID"
echo
echo "Additional groups for $LOGIN (seperated"
echo -n "with commas, no spaces) []: "
read AGID
GAGID="-G $AGID"
if [ -z "$AGID" ]; then
GAGID=""
fi
echo
echo -n "$LOGIN's home directory [/home/$LOGIN]: "
read HME
if [ -z "$HME" ]; then
HME="/home/$LOGIN"
fi
GHME="-d $HME"
echo
echo -n "$LOGIN's shell [/bin/bash]: "
read SHL
GSHL="-s $SHL"
if [ -z "$SHL" ]; then
GSHL="-s /bin/bash"
SHL="/bin/bash"
fi
echo
echo -n "$LOGIN's account expiry date (YYYY-MM-DD) []: "
read EXP
GEXP="-e $EXP"
if [ -z "$EXP" ]; then
GEXP=""
fi
echo
echo "OK, I'm about to make a new account. Here's what you entered so far:"
echo
echo New login name: $LOGIN
if [ -z "$GUID" ]; then
echo New UID: [Next available]
else
echo New UID: $UID
fi
if [ -z "$GGID" ]; then
echo Initial group: users
else
echo Initial group: $GID
fi
if [ -z "$GAGID" ]; then
echo Additional groups: [none]
else
echo Additional groups: $AGID
fi
if [ -z "$GHME" ]; then
echo Home directory: /home/$LOGIN
else
echo Home directory: $HME
fi
if [ -z "$GSHL" ]; then
echo Shell: /bin/bash
else
echo Shell: $SHL
fi
if [ -z "$GEXP" ]; then
echo Expiry date: [no expiration]
else
echo Expiry date: $EXP
fi
echo
echo "This is it... if you want to bail out, hit Control-C. Otherwise, press"
echo "ENTER to go ahead and make the account."
read FOO
echo
if ! grep -q "^$GID:" /etc/group ; then
echo Making new group...
/usr/sbin/groupadd $GID
fi
echo Making new account...
/usr/sbin/useradd $GHME -m $GEXP $GGID $GAGID $GSHL $GUID $LOGIN
if [ -d $HME ]; then
chmod 711 $HME
fi
echo
/usr/bin/chfn $LOGIN
echo
/usr/bin/passwd $LOGIN
echo
if ! [ -d /var/spool/mail ]; then
mkdir -p /var/spool/mail
chmod 1777 /var/spool/mail
chown mail:mail /var/spool/mail
fi
touch /var/spool/mail/$LOGIN
chown $LOGIN:mail /var/spool/mail/$LOGIN
chmod 0660 /var/spool/mail/$LOGIN
echo "Done..."
===================== END adduser =====================
==================== BEGIN DEPENDS ====================
depends cracklib
===================== END DEPENDS =====================
==================== BEGIN DETAILS ====================
MODULE=shadow
####### warning: 4.0.8 is a dud. please sign off this module
####### first before upgrading.
VERSION=4.0.7
SOURCE=$MODULE-$VERSION.tar.bz2
SOURCE2=$MODULE-4.0.4.1.newgrp_getlogin.patch
SOURCE_URL[0]=http://www.wiretapped.be/security/host-security/shadow/old
SOURCE_URL[1]=ftp://ftp.pld.net.pl/software/$MODULE/
SOURCE2_URL=$PATCH_URL/
SOURCE_VFY=sha1:5af35730c7fdff8d23021e05f0b7823abb658949
SOURCE2_VFY=sha1:6c8776f0df157b0f18d4f6c5effd854e5ec208ce
WEB_SITE=ftp://ftp.pld.org.pl/software/shadow
ENTERED=20010922
UPDATED=20050126
SHORT="shadow contains the shadow password file utilities."
cat << EOF
The Shadow password file utilities package includes the programs
necessary to convert traditional V7 UNIX password files to the SVR4
shadow password format, and additional tools to maintain password and
group files (that work with both shadow and non-shadow passwords).
EOF
===================== END DETAILS =====================
More information about the Lunar
mailing list