msw/CISS.debian.installer
SHA256
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

V8.00.000.2025.06.17
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m46s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-10-15 23:37:48 +01:00
parent 3e934a017e
commit cbf472c4dd
10 changed files with 143 additions and 102 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.archive/4520_accounts_setup.sh
View File

@@ -25,7 +25,7 @@ guard_sourcing
# user_root_authentication_access_tty # user_root_authentication_access_tty
# user_root_authentication_password # user_root_authentication_password
# user_root_shell # user_root_shell
# user_root_specific # VAR_USER_ROOT_SPECIFIC
# user_root_sshpubkey # user_root_sshpubkey
# Arguments: # Arguments:
# None # None
@@ -63,7 +63,7 @@ accounts_setup() {
if [[ -x "${TARGET}${user_root_shell}" ]]; then if [[ -x "${TARGET}${user_root_shell}" ]]; then
case "${user_root_specific,,}" in case "${VAR_USER_ROOT_SPECIFIC,,}" in
"ciss") "ciss")
zsh_omz_installer "root" zsh_omz_installer "root"

63
func/cdi_1250_yaml/1251_yaml_reader.sh
View File

@@ -17,43 +17,26 @@ guard_sourcing
# Globals: # Globals:
# BASH_REMATCH # BASH_REMATCH
# HMP_RECIPE_DEV_PARTITIONS # HMP_RECIPE_DEV_PARTITIONS
# VAR_APT_FULL_UPGRADE # VAR_APT_FULL_UPGRADE VAR_ARCHITECTURE
# VAR_ARCHITECTURE # VAR_CHROOT_DEBUG VAR_CODENAME
# VAR_CHROOT_DEBUG # VAR_DEB822 VAR_DROPBEAR
# VAR_CODENAME # VAR_GRUB_PASSWORD VAR_LUKS_BACKUP
# VAR_DEB822 # VAR_LUKS_PGP VAR_LUKS_URL
# VAR_DROPBEAR # VAR_NEED_RUN_IN_TARGET VAR_NUKE
# VAR_GRUB_PASSWORD # VAR_NUKE_ROUNDS VAR_PRESEED
# VAR_LUKS_BACKUP # VAR_PROVIDER VAR_RECIPE_FIRMWARE
# VAR_LUKS_PGP # VAR_RECIPE_HIGHEST_DEVICE VAR_RECIPE_STRING
# VAR_LUKS_URL # VAR_RECIPE_TABLE VAR_RECOVERY
# VAR_NEED_RUN_IN_TARGET # VAR_SEC_FW VAR_SSH_CA
# VAR_NUKE # VAR_SSH_PORT VAR_UFW_OUT
# VAR_NUKE_ROUNDS # VAR_USER_ROOT_SPECIFIC
# VAR_PRESEED # apt_default_deb822 apt_full_upgrade
# VAR_PROVIDER # architecture chroot_debug
# VAR_RECIPE_FIRMWARE # distribution dropbear_boot
# VAR_RECIPE_HIGHEST_DEVICE # grub_password needrun
# VAR_RECIPE_STRING # provider security_ext
# VAR_RECIPE_TABLE # security_ufw_out ssh_port
# VAR_RECOVERY # ssh_root_ca user_root_specific
# VAR_SEC_FW
# VAR_SSH_CA
# VAR_SSH_PORT
# VAR_UFW_OUT
# apt_default_deb822
# apt_full_upgrade
# architecture
# chroot_debug
# distribution
# dropbear_boot
# grub_password
# needrun
# provider
# security_ext
# security_ufw_out
# ssh_port
# ssh_root_ca
# Arguments: # Arguments:
# None # None
# Returns: # Returns:
@@ -68,7 +51,7 @@ yaml_reader() {
VAR_RECIPE_TABLE="" VAR_NEED_RUN_IN_TARGET="false" VAR_CODENAME="" VAR_DROPBEAR="" VAR_RECOVERY="" \ VAR_RECIPE_TABLE="" VAR_NEED_RUN_IN_TARGET="false" VAR_CODENAME="" VAR_DROPBEAR="" VAR_RECOVERY="" \
VAR_GRUB_PASSWORD="false" VAR_SSH_PORT="22" VAR_DEB822="true" VAR_PROVIDER="" VAR_SSH_CA="" VAR_UFW_OUT="deny" \ VAR_GRUB_PASSWORD="false" VAR_SSH_PORT="22" VAR_DEB822="true" VAR_PROVIDER="" VAR_SSH_CA="" VAR_UFW_OUT="deny" \
VAR_CHROOT_DEBUG="false" VAR_SEC_FW="selinux" VAR_APT_FULL_UPGRADE="true" VAR_LUKS_BACKUP="false" \ VAR_CHROOT_DEBUG="false" VAR_SEC_FW="selinux" VAR_APT_FULL_UPGRADE="true" VAR_LUKS_BACKUP="false" \
VAR_LUKS_URL="" VAR_LUKS_PGP="" VAR_LUKS_URL="" VAR_LUKS_PGP="" VAR_USER_ROOT_SPECIFIC=""
### Declare and substitute input files. ### Declare and substitute input files.
declare -r var_if="${VAR_PRESEED}" declare -r var_if="${VAR_PRESEED}"
declare var_line="" var_middle_part="" var_highest_dev="" var_device="" var_fields="" var_partition="" \ declare var_line="" var_middle_part="" var_highest_dev="" var_device="" var_fields="" var_partition="" \
@@ -271,6 +254,10 @@ END { print max }
# shellcheck disable=SC2034 # shellcheck disable=SC2034
VAR_UFW_OUT="${security_ufw_out,,}" VAR_UFW_OUT="${security_ufw_out,,}"
### Extract User Root Specific Branch.
# shellcheck disable=SC2034
VAR_USER_ROOT_SPECIFIC="${user_root_specific,,}"
guard_dir && return 0 guard_dir && return 0
} }
### Prevents accidental 'unset -f'. ### Prevents accidental 'unset -f'.

2
func/cdi_3200_partitioning/3220_partition_encryption.sh
View File

@@ -33,12 +33,12 @@ guard_sourcing
# VAR_KDF_MEMORY # VAR_KDF_MEMORY
# VAR_KDF_THREADS # VAR_KDF_THREADS
# VAR_LUKS_BACKUP # VAR_LUKS_BACKUP
# VAR_LUKS_PGP
# VAR_LUKS_URL # VAR_LUKS_URL
# VAR_RECIPE_STRING # VAR_RECIPE_STRING
# VAR_SETUP_PART # VAR_SETUP_PART
# VAR_SETUP_PATH # VAR_SETUP_PATH
# VAR_TEMP_PLAIN_NC_AUTH # VAR_TEMP_PLAIN_NC_AUTH
# user_root_specific
# Arguments: # Arguments:
# None # None
# Returns: # Returns:

45
func/cdi_4500_user/4500_accounts_preparation.sh
View File

@@ -15,8 +15,10 @@ guard_sourcing
####################################### #######################################
# Prepare '/etc/skel'-Directory. # Prepare '/etc/skel'-Directory.
# Globals: # Globals:
# RECOVERY
# TARGET # TARGET
# VAR_SETUP_PATH # VAR_RUN_RECOVERY
# VAR_USER_ROOT_SPECIFIC
# Arguments: # Arguments:
# None # None
# Returns: # Returns:
@@ -24,39 +26,32 @@ guard_sourcing
####################################### #######################################
accounts_preparation() { accounts_preparation() {
### Declare Arrays, HashMaps, and Variables. ### Declare Arrays, HashMaps, and Variables.
declare -r var_logfile="/root/.ciss/cdi/log/4130_installation_toolset.log" declare -r var_logfile="/root/.ciss/cdi/log/4500_accounts_preparation.sh.log"
declare var_target="${TARGET}"
chroot_logger "${TARGET}${var_logfile}" ### Check for TARGET / RECOVERY.
[[ "${VAR_RUN_RECOVERY}" == "true" ]] && var_target="${RECOVERY}"
chroot_script "${TARGET}" " chroot_logger "${var_target}${var_logfile}"
chroot_script "${var_target}" "
export INITRD=No export INITRD=No
apt-get install -y --no-install-recommends --no-install-suggests bash-completion fzf 2>&1 | tee -a ${var_logfile} apt-get install -y --no-install-recommends --no-install-suggests bash-completion fzf 2>&1 | tee -a ${var_logfile}
" "
mkdir -p "${TARGET}/etc/skel/.ciss" mkdir -p "${var_target}/etc/skel/.ciss"
install -m 0600 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/skel/.bashrc" "${TARGET}/etc/skel/.bashrc" case "${VAR_USER_ROOT_SPECIFIC}" in
install -m 0600 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/skel/.zshrc" "${TARGET}/etc/skel/.zshrc"
install -m 0600 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/skel/.ciss/theme_eza_ciss.yml" "${TARGET}/etc/skel/.ciss/"
install -m 0600 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/skel/.ciss/alias" "${TARGET}/etc/skel/.ciss/"
install -m 0700 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/skel/.ciss/check_chrony.sh" "${TARGET}/etc/skel/.ciss/"
install -m 0700 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/skel/.ciss/clean_logout.sh" "${TARGET}/etc/skel/.ciss/"
install -m 0600 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/skel/.ciss/f2bchk" "${TARGET}/etc/skel/.ciss/"
install -m 0600 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/skel/.ciss/scan_libwrap" "${TARGET}/etc/skel/.ciss/"
install -m 0600 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/skel/.ciss/shortcuts" "${TARGET}/etc/skel/.ciss/"
insert_comments "${TARGET}/etc/skel/.bashrc" "ciss") accounts_preparation_ciss ;;
insert_comments "${TARGET}/etc/skel/.zshrc"
insert_comments "${TARGET}/etc/skel/.ciss/alias"
insert_comments "${TARGET}/etc/skel/.ciss/check_chrony.sh"
insert_comments "${TARGET}/etc/skel/.ciss/clean_logout.sh"
insert_comments "${TARGET}/etc/skel/.ciss/f2bchk"
insert_comments "${TARGET}/etc/skel/.ciss/scan_libwrap"
insert_comments "${TARGET}/etc/skel/.ciss/shortcuts"
### In order to be able to copy/paste from vim, one needs to create a '.vimrc' in every home directory with the following content: "physnet") accounts_preparation_physnet ;;
echo 'set clipboard=unnamed' >| "${TARGET}/etc/skel/.vimrc"
chmod 0600 "${TARGET}/etc/skel/.vimrc" "none") do_log "info" "file_only" "4500() Account preparation [none] selected." ;;
*) do_log "warn" "file_only" "4500() Account preparation nothing selected. Keeping defaults." ;;
esac
guard_dir && return 0 guard_dir && return 0
} }

31
func/cdi_4500_user/4501_accounts_preparation_ciss.sh
View File

@@ -15,7 +15,10 @@ guard_sourcing
####################################### #######################################
# Account preparation CISS specific. # Account preparation CISS specific.
# Globals: # Globals:
# None # RECOVERY
# TARGET
# VAR_RUN_RECOVERY
# VAR_SETUP_PATH
# Arguments: # Arguments:
# None # None
# Returns: # Returns:
@@ -23,7 +26,33 @@ guard_sourcing
####################################### #######################################
accounts_preparation_ciss() { accounts_preparation_ciss() {
### Declare Arrays, HashMaps, and Variables. ### Declare Arrays, HashMaps, and Variables.
declare var_target="${TARGET}"
### Check for TARGET / RECOVERY.
[[ "${VAR_RUN_RECOVERY}" == "true" ]] && var_target="${RECOVERY}"
install -m 0600 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/skel/.bashrc" "${var_target}/etc/skel/.bashrc"
install -m 0600 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/skel/.zshrc" "${var_target}/etc/skel/.zshrc"
install -m 0600 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/skel/.ciss/theme_eza_ciss.yml" "${var_target}/etc/skel/.ciss/"
install -m 0600 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/skel/.ciss/alias" "${var_target}/etc/skel/.ciss/"
install -m 0700 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/skel/.ciss/check_chrony.sh" "${var_target}/etc/skel/.ciss/"
install -m 0700 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/skel/.ciss/clean_logout.sh" "${var_target}/etc/skel/.ciss/"
install -m 0600 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/skel/.ciss/f2bchk" "${var_target}/etc/skel/.ciss/"
install -m 0600 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/skel/.ciss/scan_libwrap" "${var_target}/etc/skel/.ciss/"
install -m 0600 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/skel/.ciss/shortcuts" "${var_target}/etc/skel/.ciss/"
insert_comments "${var_target}/etc/skel/.bashrc"
insert_comments "${var_target}/etc/skel/.zshrc"
insert_comments "${var_target}/etc/skel/.ciss/alias"
insert_comments "${var_target}/etc/skel/.ciss/check_chrony.sh"
insert_comments "${var_target}/etc/skel/.ciss/clean_logout.sh"
insert_comments "${var_target}/etc/skel/.ciss/f2bchk"
insert_comments "${var_target}/etc/skel/.ciss/scan_libwrap"
insert_comments "${var_target}/etc/skel/.ciss/shortcuts"
### In order to be able to copy/paste from vim, one needs to create a '.vimrc' in every home directory with the following content:
echo 'set clipboard=unnamed' >| "${var_target}/etc/skel/.vimrc"
chmod 0600 "${var_target}/etc/skel/.vimrc"
guard_dir && return 0 guard_dir && return 0
} }
### Prevents accidental 'unset -f'. ### Prevents accidental 'unset -f'.

8
func/cdi_4500_user/4502_accounts_preparation_physnet.sh
View File

@@ -15,7 +15,9 @@ guard_sourcing
####################################### #######################################
# Account preparation PHYSNET specific. # Account preparation PHYSNET specific.
# Globals: # Globals:
# None # RECOVERY
# TARGET
# VAR_RUN_RECOVERY
# Arguments: # Arguments:
# None # None
# Returns: # Returns:
@@ -23,6 +25,10 @@ guard_sourcing
####################################### #######################################
accounts_preparation_physnet() { accounts_preparation_physnet() {
### Declare Arrays, HashMaps, and Variables. ### Declare Arrays, HashMaps, and Variables.
declare var_target="${TARGET}"
### Check for TARGET / RECOVERY.
[[ "${VAR_RUN_RECOVERY}" == "true" ]] && var_target="${RECOVERY}"
guard_dir && return 0 guard_dir && return 0
} }

70
func/cdi_4500_user/4510_accounts_hardening.sh
View File

@@ -15,7 +15,9 @@ guard_sourcing
####################################### #######################################
# Hardening accounts: Google TOTP, Wordlists, masking ttys, expiration of accounts. # Hardening accounts: Google TOTP, Wordlists, masking ttys, expiration of accounts.
# Globals: # Globals:
# RECOVERY
# TARGET # TARGET
# VAR_RUN_RECOVERY
# VAR_SETUP_PATH # VAR_SETUP_PATH
# Arguments: # Arguments:
# None # None
@@ -26,24 +28,28 @@ accounts_hardening() {
### Declare Arrays, HashMaps, and Variables. ### Declare Arrays, HashMaps, and Variables.
declare -a ary_security_pkgs=() declare -a ary_security_pkgs=()
declare -r var_logfile="/root/.ciss/cdi/log/4510_accounts_hardening.log" declare -r var_logfile="/root/.ciss/cdi/log/4510_accounts_hardening.log"
declare var_target="${TARGET}"
chroot_logger "${TARGET}${var_logfile}" ### Check for TARGET / RECOVERY.
[[ "${VAR_RUN_RECOVERY}" == "true" ]] && var_target="${RECOVERY}"
chroot_logger "${var_target}${var_logfile}"
### Installing Google TOTP, Wordlists. ### Installing Google TOTP, Wordlists.
ary_security_pkgs=( "libpam-google-authenticator" "wamerican" "wbritish" "wfrench" "wngerman" ) ary_security_pkgs=( "libpam-google-authenticator" "wamerican" "wbritish" "wfrench" "wngerman" )
chroot_script "${TARGET}" " chroot_script "${var_target}" "
export INITRD=No export INITRD=No
apt-get install -y --no-install-recommends --no-install-suggests ${ary_security_pkgs[*]} 2>&1 | tee -a ${var_logfile} apt-get install -y --no-install-recommends --no-install-suggests ${ary_security_pkgs[*]} 2>&1 | tee -a ${var_logfile}
" "
### Preparing 2fa hardening. ### Preparing 2fa hardening.
install -d -m 0755 -o root -g root "${TARGET}/etc/ciss" install -d -m 0755 -o root -g root "${var_target}/etc/ciss"
touch "${TARGET}/etc/ciss/2fa.users" touch "${var_target}/etc/ciss/2fa.users"
chmod 0640 "${TARGET}/etc/ciss/2fa.users" chmod 0640 "${var_target}/etc/ciss/2fa.users"
### Keep 'tty1' active, disable the rest. ### Keep 'tty1' active, disable the rest.
# shellcheck disable=SC2016 # shellcheck disable=SC2016
chroot_script "${TARGET}" ' chroot_script "${var_target}" '
systemctl unmask getty@tty1.service systemctl unmask getty@tty1.service
systemctl enable getty@tty1.service systemctl enable getty@tty1.service
for t in tty2 tty3 tty4 tty5 tty6; do for t in tty2 tty3 tty4 tty5 tty6; do
@@ -52,7 +58,7 @@ accounts_hardening() {
systemctl mask serial-getty@.service systemctl mask serial-getty@.service
' '
chroot_script "${TARGET}" " chroot_script "${var_target}" "
if [[ ! -f /etc/securetty ]]; then if [[ ! -f /etc/securetty ]]; then
touch /etc/securetty touch /etc/securetty
chmod 0600 /etc/securetty chmod 0600 /etc/securetty
@@ -61,40 +67,44 @@ accounts_hardening() {
" "
### Hardening file permissions. ### Hardening file permissions.
chown root:root "${TARGET}/etc/passwd" "${TARGET}/etc/group" chown root:root "${var_target}/etc/passwd" "${var_target}/etc/group"
chown root:shadow "${TARGET}/etc/shadow" "${TARGET}/etc/gshadow" chown root:shadow "${var_target}/etc/shadow" "${var_target}/etc/gshadow"
chmod 0644 "${TARGET}/etc/passwd" "${TARGET}/etc/group" chmod 0644 "${var_target}/etc/passwd" "${var_target}/etc/group"
chmod 0640 "${TARGET}/etc/shadow" "${TARGET}/etc/gshadow" chmod 0640 "${var_target}/etc/shadow" "${var_target}/etc/gshadow"
chmod 0600 "${TARGET}/etc/security/access.conf" chmod 0600 "${var_target}/etc/security/access.conf"
### Hardening '/etc/login.defs'. ### Hardening '/etc/login.defs'.
mkdir -p "${TARGET}/root/.ciss/cdi/backup/etc" mkdir -p "${var_target}/root/.ciss/cdi/backup/etc"
mv "${TARGET}/etc/login.defs" "${TARGET}/root/.ciss/cdi/backup/etc/login.defs.bak" mv "${var_target}/etc/login.defs" "${var_target}/root/.ciss/cdi/backup/etc/login.defs.bak"
insert_header "${TARGET}/etc/login.defs" insert_header "${var_target}/etc/login.defs"
insert_comments "${TARGET}/etc/login.defs" insert_comments "${var_target}/etc/login.defs"
cat "${VAR_SETUP_PATH}/includes/target/etc/login.defs" >> "${TARGET}/etc/login.defs" cat "${VAR_SETUP_PATH}/includes/target/etc/login.defs" >> "${var_target}/etc/login.defs"
### Hardening '/etc/security/pwquality.conf'. ### Hardening '/etc/security/pwquality.conf'.
mkdir -p "${TARGET}/root/.ciss/cdi/backup/etc/security" mkdir -p "${var_target}/root/.ciss/cdi/backup/etc/security"
mv "${TARGET}/etc/security/pwquality.conf" "${TARGET}/root/.ciss/cdi/backup/etc/security/pwquality.conf.bak" mv "${var_target}/etc/security/pwquality.conf" "${var_target}/root/.ciss/cdi/backup/etc/security/pwquality.conf.bak"
insert_header "${TARGET}/etc/security/pwquality.conf" insert_header "${var_target}/etc/security/pwquality.conf"
insert_comments "${TARGET}/etc/security/pwquality.conf" insert_comments "${var_target}/etc/security/pwquality.conf"
cat "${VAR_SETUP_PATH}/includes/target/etc/security/pwquality.cnf" >> "${TARGET}/etc/security/pwquality.conf" cat "${VAR_SETUP_PATH}/includes/target/etc/security/pwquality.cnf" >> "${var_target}/etc/security/pwquality.conf"
### Hardening '/etc/security/access.conf'. ### Hardening '/etc/security/access.conf'.
mv "${TARGET}/etc/security/access.conf" "${TARGET}/root/.ciss/cdi/backup/etc/security/access.conf.bak" mv "${var_target}/etc/security/access.conf" "${var_target}/root/.ciss/cdi/backup/etc/security/access.conf.bak"
insert_header "${TARGET}/etc/security/access.conf" insert_header "${var_target}/etc/security/access.conf"
insert_comments "${TARGET}/etc/security/access.conf" insert_comments "${var_target}/etc/security/access.conf"
cat "${VAR_SETUP_PATH}/includes/target/etc/security/access.cnf" >> "${TARGET}/etc/security/access.conf" cat "${VAR_SETUP_PATH}/includes/target/etc/security/access.cnf" >> "${var_target}/etc/security/access.conf"
### Hardening password expiration; defaults to 16,384 days. ### Hardening password expiration; defaults to 16,384 days.
install -m 0700 -o root -g root "${VAR_SETUP_PATH}/includes/chroot/hooks/4510_password_expiration.hooks.sh" \ install -m 0700 -o root -g root "${VAR_SETUP_PATH}/includes/chroot/hooks/4510_password_expiration.hooks.sh" \
"${TARGET}/root/.ciss/cdi/hooks/4510_password_expiration.hooks.sh" "${var_target}/root/.ciss/cdi/hooks/4510_password_expiration.hooks.sh"
if ! chroot_script "${var_target}" "/root/.ciss/cdi/hooks/4510_password_expiration.hooks.sh" "emergency"; then
do_log "warn" "file_only" "4510() Command: [chroot_script ${var_target} /root/.ciss/cdi/hooks/4510_password_expiration.hooks.sh emergency] failed."
if ! chroot_script "${TARGET}" "/root/.ciss/cdi/hooks/4510_password_expiration.hooks.sh" "emergency"; then
do_log "warn" "file_only" "4510() Command: [chroot_script ${TARGET} /root/.ciss/cdi/hooks/4510_password_expiration.hooks.sh emergency] failed."
else else
do_log "debug" "file_only" "4510() Command: [chroot_script ${TARGET} /root/.ciss/cdi/hooks/4510_password_expiration.hooks.sh emergency] successful."
do_log "debug" "file_only" "4510() Command: [chroot_script ${var_target} /root/.ciss/cdi/hooks/4510_password_expiration.hooks.sh emergency] successful."
fi fi
guard_dir && return 0 guard_dir && return 0

6
func/cdi_4500_user/4520_accounts_setup.sh
View File

@@ -21,17 +21,19 @@ guard_sourcing
####################################### #######################################
# Updating user accounts. # Updating user accounts.
# Globals: # Globals:
# RECOVERY
# TARGET # TARGET
# VAR_RUN_RECOVERY
# VAR_SETUP_PATH # VAR_SETUP_PATH
# VAR_TEMP_PLAIN_MFA_SEED # VAR_TEMP_PLAIN_MFA_SEED
# VAR_USER_MAX # VAR_USER_MAX
# VAR_USER_ROOT_SPECIFIC
# user_root_authentication_2fa_ssh # user_root_authentication_2fa_ssh
# user_root_authentication_2fa_tty # user_root_authentication_2fa_tty
# user_root_authentication_access_ssh # user_root_authentication_access_ssh
# user_root_authentication_access_tty # user_root_authentication_access_tty
# user_root_authentication_password # user_root_authentication_password
# user_root_shell # user_root_shell
# user_root_specific
# user_root_sshpubkey # user_root_sshpubkey
# Arguments: # Arguments:
# None # None
@@ -79,7 +81,7 @@ accounts_setup() {
if [[ -x "${var_target}${user_root_shell}" ]]; then if [[ -x "${var_target}${user_root_shell}" ]]; then
case "${user_root_specific,,}" in case "${VAR_USER_ROOT_SPECIFIC,,}" in
"ciss") "ciss")
zsh_omz_installer "root" "${var_target}" zsh_omz_installer "root" "${var_target}"

8
func/cdi_4500_user/4521_accounts_setup_ciss.sh
View File

@@ -15,7 +15,9 @@ guard_sourcing
####################################### #######################################
# Account setup CISS specific. # Account setup CISS specific.
# Globals: # Globals:
# None # RECOVERY
# TARGET
# VAR_RUN_RECOVERY
# Arguments: # Arguments:
# None # None
# Returns: # Returns:
@@ -23,6 +25,10 @@ guard_sourcing
####################################### #######################################
accounts_setup_ciss() { accounts_setup_ciss() {
### Declare Arrays, HashMaps, and Variables. ### Declare Arrays, HashMaps, and Variables.
declare var_target="${TARGET}"
### Check for TARGET / RECOVERY.
[[ "${VAR_RUN_RECOVERY}" == "true" ]] && var_target="${RECOVERY}"
guard_dir && return 0 guard_dir && return 0
} }

8
func/cdi_4500_user/4522_accounts_setup_physnet.sh
View File

@@ -15,7 +15,9 @@ guard_sourcing
####################################### #######################################
# Account setup PHYSNET specific. # Account setup PHYSNET specific.
# Globals: # Globals:
# None # RECOVERY
# TARGET
# VAR_RUN_RECOVERY
# Arguments: # Arguments:
# None # None
# Returns: # Returns:
@@ -23,6 +25,10 @@ guard_sourcing
####################################### #######################################
accounts_setup_physnet() { accounts_setup_physnet() {
### Declare Arrays, HashMaps, and Variables. ### Declare Arrays, HashMaps, and Variables.
declare var_target="${TARGET}"
### Check for TARGET / RECOVERY.
[[ "${VAR_RUN_RECOVERY}" == "true" ]] && var_target="${RECOVERY}"
guard_dir && return 0 guard_dir && return 0
} }