mirror of
https://github.com/Kicksecure/security-misc.git
synced 2024-12-23 01:03:35 +07:00
add user "user" to group "console" in Whonix and Kicksecure
enable Console Lockdown in Whonix and Kicksecure
This commit is contained in:
parent
b5a2d1dc58
commit
e89552c984
35
debian/security-misc.preinst
vendored
35
debian/security-misc.preinst
vendored
@ -138,7 +138,42 @@ console_users_check() {
|
||||
fi
|
||||
}
|
||||
|
||||
legacy() {
|
||||
if [ -f "/var/lib/legacy/do_once/${FUNCNAME}_version_1" ]; then
|
||||
return 0
|
||||
fi
|
||||
|
||||
if [ -f "/usr/share/whonix/marker" ]; then
|
||||
continue_yes=true
|
||||
if [ -f "/usr/share/kicksecure/marker" ]; then
|
||||
continue_yes=true
|
||||
fi
|
||||
|
||||
if [ "$continue_yes" = "yes" ]; then
|
||||
return 0
|
||||
fi
|
||||
|
||||
if command -v "qubesdb-read" &>/dev/null; then
|
||||
## Qubes users can use dom0 to get a root terminal emulator.
|
||||
## For example:
|
||||
## qvm-run -u root debian-10 xterm
|
||||
return 0
|
||||
fi
|
||||
|
||||
## https://forums.whonix.org/t/etc-security-hardening-console-lockdown-pam-access-access-conf/8592/7
|
||||
|
||||
user_to_be_created=user
|
||||
|
||||
addgroup "$user_to_be_created" console
|
||||
|
||||
pam-auth-update --enable console-lockdown-security-misc
|
||||
|
||||
mkdir --parents "/var/lib/legacy/do_once"
|
||||
touch "/var/lib/legacy/do_once/${FUNCNAME}_version_1"
|
||||
}
|
||||
|
||||
user_groups_modifications
|
||||
legacy
|
||||
|
||||
if [ "$1" = "install" ] || [ "$1" = "upgrade" ]; then
|
||||
sudo_users_check
|
||||
|
Loading…
Reference in New Issue
Block a user