V8.00.000.2025.06.17
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 55s
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 55s
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
@@ -672,6 +672,12 @@ software:
|
||||
# ssh
|
||||
#
|
||||
##############################################################################################################################
|
||||
# Installed by 4500_accounts_preparation.sh
|
||||
##############################################################################################################################
|
||||
# bash-completion
|
||||
# fzf
|
||||
#
|
||||
##############################################################################################################################
|
||||
# Installed by 4510_accounts_hardening.sh
|
||||
##############################################################################################################################
|
||||
# libpam-google-authenticator
|
||||
@@ -684,12 +690,10 @@ software:
|
||||
# core software
|
||||
##############################################################################################################################
|
||||
- apt-utils
|
||||
- bash-completion
|
||||
- bat
|
||||
- debconf
|
||||
- debconf-utils
|
||||
- dialog
|
||||
- fzf
|
||||
- git
|
||||
- knot-dnssecutils
|
||||
- knot-dnsutils
|
||||
@@ -807,34 +811,32 @@ user:
|
||||
# root – Superuser account (normally disabled for direct login)
|
||||
##############################################################################################################################
|
||||
root:
|
||||
ensure: present # Must always be 'present'.
|
||||
protected: true # Prevent unintentional edits or deletions.
|
||||
ensure: present # Must always be 'present'. (Not in use in this version of the installer.)
|
||||
protected: true # Prevent unintentional edits or deletions. (Not in use in this version of the installer.)
|
||||
shell: /bin/zsh # Login shell (e.g., '/bin/bash', '/bin/zsh'); use '/usr/sbin/nologin' for non-interactive users.
|
||||
password: "47110815"
|
||||
sshpubkey: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINAYZDAqVZUk3LwJsqeVHKvLn8UKkFx642VBbiSS8uSY 2025_ciss.debian.live.ISO_PUBLIC_ONLY"
|
||||
authentication:
|
||||
access:
|
||||
ssh: false # Allow SSH access.
|
||||
tty: true # Allow TTY (local console) login.
|
||||
password:
|
||||
ssh: false # Allow SSH password login.
|
||||
tty: true # Allow TTY (local console) password login.
|
||||
tty: false # Allow TTY (local console) login.
|
||||
password: false # Allow password login. SSH password login is always disabled.
|
||||
2fa:
|
||||
ssh: false # Require 2FA for SSH access.
|
||||
ssh: true # Require 2FA for SSH access.
|
||||
tty: true # Require 2FA for TTY (local console) login.
|
||||
privileges:
|
||||
description: "Root user with full system access and administrative privileges."
|
||||
sudo: false # Whether the user can escalate to root using sudo.
|
||||
system: true # Whether this is a low-UID system user (e.g., for automation).
|
||||
restricted: false # If true, the user is limited in scope (e.g., no login, no file access, --no-create-home)
|
||||
shell: true # MUST be "true" if the shell is not '/usr/sbin/nologin' or '/bin/false'.
|
||||
sudo: false # Whether the user can escalate to root using sudo.
|
||||
system: true # Whether this is a low-UID system user (e.g., for automation).
|
||||
|
||||
##############################################################################################################################
|
||||
# Primary administrative user with full sudo access
|
||||
##############################################################################################################################
|
||||
user0:
|
||||
ensure: present # "present" = create user; "absent" = remove user
|
||||
protected: true # Prevent unintentional edits or deletions.
|
||||
ensure: present # Must always be 'present'. (Not in use in this version of the installer.)
|
||||
protected: true # Prevent unintentional edits or deletions. (Not in use in this version of the installer.)
|
||||
name: "msw" # The name of the user account.
|
||||
fullname: "msw" # The full name of the user account holder.
|
||||
uid: 1000 # Ensures that the same user has the same UID on all systems.
|
||||
@@ -846,9 +848,7 @@ user:
|
||||
access:
|
||||
ssh: true # Allow SSH access.
|
||||
tty: true # Allow TTY (local console) login.
|
||||
password:
|
||||
ssh: false # Allow SSH password login.
|
||||
tty: true # Allow TTY (local console) password login.
|
||||
password: false # Allow password login. SSH password login is always disabled.
|
||||
2fa:
|
||||
ssh: true # Require 2FA for SSH access.
|
||||
tty: true # Require 2FA for TTY (local console) login.
|
||||
@@ -876,9 +876,7 @@ user:
|
||||
access:
|
||||
ssh: true # Allow SSH access.
|
||||
tty: false # Allow TTY (local console) login.
|
||||
password:
|
||||
ssh: false # Allow SSH password login.
|
||||
tty: false # Allow TTY (local console) password login.
|
||||
password: false # Allow password login. SSH password login is always disabled.
|
||||
2fa:
|
||||
ssh: false # Require 2FA for SSH access.
|
||||
tty: false # Require 2FA for TTY (local console) login.
|
||||
|
||||
Reference in New Issue
Block a user