diff --git a/config/hooks/live/9985_clamav.chroot b/config/hooks/live/9985_clamav.chroot index ed92730..d3b1bac 100644 --- a/config/hooks/live/9985_clamav.chroot +++ b/config/hooks/live/9985_clamav.chroot @@ -58,7 +58,7 @@ ReadOnlyPaths=/ ReadWritePaths=/var/lib/clamav /var/log/clamav /var/run/clamav MemoryDenyWriteExecute=yes -MemoryLimit=512M +MemoryLimit=4096M CPUShares=512 RestrictAddressFamilies=AF_INET AF_INET6 diff --git a/config/hooks/live/9990_final_purge.chroot b/config/hooks/live/9990_final_purge.chroot index 89bfec7..9f4ea74 100644 --- a/config/hooks/live/9990_final_purge.chroot +++ b/config/hooks/live/9990_final_purge.chroot @@ -22,7 +22,7 @@ qemu-guest-agent rmail sendmail-base sendmail-bin sendmail-cf sensible-mda sendm apt-mark hold exim4 exim4-daemon-light exim4-base exim4-config \ qemu-guest-agent rmail sendmail-base sendmail-bin sendmail-cf sensible-mda sendmail-doc -dpkg --get-selections | grep deinstall >> /tmp/deinstall.log || true +dpkg --get-selections | grep deinstall >| /tmp/deinstall.log || true if [[ -s /tmp/deinstall.log ]]; then printf "\n" diff --git a/config/hooks/live/9991_file_permissions.chroot b/config/hooks/live/9991_file_permissions.chroot index 632e0ed..cfdf0b2 100644 --- a/config/hooks/live/9991_file_permissions.chroot +++ b/config/hooks/live/9991_file_permissions.chroot @@ -39,7 +39,7 @@ EOF cp -a /etc/login.defs /root/.ciss/dlb/backup/login.defs.bak -sed -i 's/LOGIN_TIMEOUT 60/LOGIN_TIMEOUT 180/' /etc/login.defs +sed -ri 's/^(#?LOGIN_TIMEOUT)[[:space:]]+[0-9]+/\1 180/' /etc/login.defs sed -i 's/UMASK 022/UMASK 077/' /etc/login.defs sed -i 's/PASS_MAX_DAYS 99999/PASS_MAX_DAYS 16384/' /etc/login.defs sed -i 's/PASS_MIN_DAYS 0/PASS_MIN_DAYS 1/' /etc/login.defs diff --git a/config/hooks/live/9994_password_policy.chroot b/config/hooks/live/9994_password_policy.chroot index 2c18cb1..182c26c 100644 --- a/config/hooks/live/9994_password_policy.chroot +++ b/config/hooks/live/9994_password_policy.chroot @@ -51,7 +51,7 @@ difok = 4 ### Minimum acceptable size for the new password (plus one if ### credits are not disabled, which is the default). (See pam_cracklib manual.) ### Cannot be set to a lower value than 6. -minlen = 20 +minlen = 40 ### dcredit = 0, ucredit = 0, lcredit = 0, ocredit = 0, minclass = 0 ### NIST SP 800-63B advises against rigid complexity rules (numbers, symbols, uppercase)