Initial commit.

2021-05-24 22:18:33 +03:00
commit e2954d55f4
3701 changed files with 330017 additions and 0 deletions
--- a/one-context.d/loc-35-securetty
+++ b/one-context.d/loc-35-securetty
@@ -0,0 +1,55 @@
+#!/usr/bin/env bash
+
+# -------------------------------------------------------------------------- #
+# Copyright 2002-2020, OpenNebula Project, OpenNebula Systems                #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License. You may obtain    #
+# a copy of the License at                                                   #
+#                                                                            #
+# http://www.apache.org/licenses/LICENSE-2.0                                 #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS,          #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+#--------------------------------------------------------------------------- #
+
+_pam_file="/etc/pam.d/login"
+if [ ! -f "${_pam_file}" ]; then
+    exit 0
+fi
+
+_kernel="$(uname -s)"
+if [ "${_kernel}" = 'FreeBSD' ]; then
+    SED_I="sed -i ''"
+else
+    SED_I="sed -i''"
+fi
+
+### Defaults
+
+# By default, disable pam_securetty in the containers.
+# For virtualized machines, have the securetty enabled.
+if grep -qia 'container=' /proc/1/environ 2>/dev/null; then
+    SECURETTY=${SECURETTY:-NO}
+fi
+
+SECURETTY=${SECURETTY:-YES}
+SECURETTY=${SECURETTY^^}
+
+###
+
+_note='# one-contextd'
+
+if [ "${SECURETTY}" = 'YES' ]; then
+    if grep -qE "^#.*pam_securetty.*${_note}" "${_pam_file}"; then
+        eval "${SED_I} -e 's/^#\([^#]*\)${_note}.*$/\1/' -e 's/[[:space:]]*$//' \"${_pam_file}\""
+    fi
+
+elif [ "${SECURETTY}" = 'NO' ]; then
+    if grep -qE '^[^#]*pam_securetty' "${_pam_file}"; then
+        eval "${SED_I} -e 's/^\([^#]*pam_securetty.*\)$/#\1  ${_note}/' \"${_pam_file}\""
+    fi
+fi