summaryrefslogtreecommitdiff
path: root/meta-security/meta-hardening/recipes-extended
diff options
context:
space:
mode:
Diffstat (limited to 'meta-security/meta-hardening/recipes-extended')
-rw-r--r--meta-security/meta-hardening/recipes-extended/shadow/shadow_%.bbappend10
-rw-r--r--meta-security/meta-hardening/recipes-extended/sudo/sudo_%.bbappend7
2 files changed, 17 insertions, 0 deletions
diff --git a/meta-security/meta-hardening/recipes-extended/shadow/shadow_%.bbappend b/meta-security/meta-hardening/recipes-extended/shadow/shadow_%.bbappend
new file mode 100644
index 000000000..3f363f069
--- /dev/null
+++ b/meta-security/meta-hardening/recipes-extended/shadow/shadow_%.bbappend
@@ -0,0 +1,10 @@
+do_install_append_harden () {
+ # to hardend
+ sed -i -e 's:UMASK.*:UMASK 027:' ${D}${sysconfdir}/login.defs
+ sed -i -e 's:PASS_MAX_DAYS.*:PASS_MAX_DAYS 365:' ${D}${sysconfdir}/login.defs
+ sed -i -e 's:PASS_MIN_DAYS.*:PASS_MIN_DAYS 1:' ${D}${sysconfdir}/login.defs
+ sed -i -e 's:#PASS_MIN_LEN.*:PASS_MIN_LEN 11:' ${D}${sysconfdir}/login.defs
+ sed -i -e 's:PASS_WARN_AGE.*:PASS_WARN_AGE 14:' ${D}${sysconfdir}/login.defs
+ sed -i -e 's:LOGIN_RETRIES.*:LOGIN_RETRIES 3:' ${D}${sysconfdir}/login.defs
+ sed -i -e 's:LOGIN_TIMEOUT.*:LOGIN_TIMEOUT 30:' ${D}${sysconfdir}/login.defs
+}
diff --git a/meta-security/meta-hardening/recipes-extended/sudo/sudo_%.bbappend b/meta-security/meta-hardening/recipes-extended/sudo/sudo_%.bbappend
new file mode 100644
index 000000000..a31c081fe
--- /dev/null
+++ b/meta-security/meta-hardening/recipes-extended/sudo/sudo_%.bbappend
@@ -0,0 +1,7 @@
+
+PACKAGECONFIG_append_harden = " pam-wheel"
+do_install_append_harden () {
+ if [ "${@bb.utils.contains('DISABLE_ROOT', 'True', 'yes', 'no', d)}" = "yes" ]; then
+ sed -i -e 's:root ALL=(ALL) ALL:#root ALL=(ALL) ALL:' ${D}${sysconfdir}/sudoers
+ fi
+}
generated by cgit v1.2.3 (git 2.39.0) at 2024-07-01 03:38:11 +0300