msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity
Files
b2282d347501a134baec647b49a88a09e41045d537c09dde2053eefa8ee37a4d
CISS.debian.live.builder/config/hooks/live/9991_file_permissions.chroot
Marc S. Weidner b2282d3475 V8.02.512.2025.05.30 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-05-30 00:28:39 +02:00

106 lines
3.1 KiB
Bash
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
#!/bin/bash
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
set -C -e -u -o pipefail
printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
# sleep 1
chmod 0644 /etc/banner
chmod 0644 /etc/issue
chmod 0644 /etc/issue.net
if [[ -f /etc/motd ]]; then
cp -a /etc/motd /root/.ciss/dlb/backup/motd.bak
chmod 0644 /root/.ciss/dlb/backup/motd.bak
rm /etc/motd
fi
touch /etc/motd
cat << EOF >| /etc/motd
(c) Marc S. Weidner, 2018 - 2025
(p) Centurion Press, 2018 - 2025
Centurion Intelligence Consulting Agency (tm)
https://coresecret.eu/
Please consider making a donation:
https://coresecret.eu/spenden/
EOF
cp -a /etc/login.defs /root/.ciss/dlb/backup/login.defs.bak
sed -i 's/UMASK 022/UMASK 077/' /etc/login.defs
sed -i 's/PASS_MAX_DAYS 99999/PASS_MAX_DAYS 16384/' /etc/login.defs
sed -i 's/PASS_MIN_DAYS 0/PASS_MIN_DAYS 1/' /etc/login.defs
sed -i 's/PASS_WARN_AGE 7/PASS_WARN_AGE 128/' /etc/login.defs
sed -i 's/ENCRYPT_METHOD SHA512/ENCRYPT_METHOD YESCRYPT/' /etc/login.defs
sed -i 's/#SHA_CRYPT_MIN_ROUNDS 5000/SHA_CRYPT_MIN_ROUNDS 8388608/' /etc/login.defs
sed -i 's/#SHA_CRYPT_MAX_ROUNDS 5000/SHA_CRYPT_MAX_ROUNDS 8388608/' /etc/login.defs
sed -i 's/#YESCRYPT_COST_FACTOR 5/YESCRYPT_COST_FACTOR 8/' /etc/login.defs
if [[ -f /etc/cron.deny ]]; then
rm /etc/cron.deny
fi
if [[ -f /etc/cron.allow ]]; then
cp -u /etc/cron.allow /root/.backup/cron.allow.bak
chmod 644 /root/.backup/cron.allow.bak
chmod 600 /etc/cron.allow
cat << EOF >| /etc/cron.allow
root
EOF
else
touch /etc/cron.allow
chmod 0600 /etc/cron.allow
cat << EOF >| /etc/cron.allow
root
EOF
fi
chmod g-wx,o-rwx /etc/cron.allow
chown root:root /etc/cron.allow
chmod 0640 /etc/shadow
chown root:shadow /etc/shadow
chmod 0700 /etc/cron.d /etc/cron.daily /etc/cron.hourly /etc/cron.monthly /etc/cron.weekly
chmod 0700 /etc/sudoers.d
chmod 0600 /etc/crontab
chmod 0600 /etc/ssh/sshd_config /etc/ssh/ssh_config
chmod 0750 /home
if chmod 0750 /var/spool/apt-mirror; then :; fi
mkdir /root/.ansible
declare bin
declare target
for bin in as gcc g++ cc clang; do
target=$(readlink -f "/usr/bin/${bin}") || {
printf "\e[92m✅ Info: '%s' not found, skipping. \e[0m\n" "${bin}"
continue
}
chmod 700 "${target}" || {
printf "\e[92m❌ Error: chmod failed for '%s', skipping. \e[0m\n" "${bin}"
}
done
unset bin target
printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' successful applied. \e[0m\n" "${0}"
# sleep 1
exit 0
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
Reference in New Issue View Git Blame Copy Permalink