This commit is contained in:
psychophoniac 2021-07-12 14:54:55 +02:00
parent 3992a2af3c
commit 3a60a69513
15 changed files with 276 additions and 27 deletions

View File

@ -0,0 +1,146 @@
# This is the configuration file for the LDAP nameservice
# switch library's nslcd daemon. It configures the mapping
# between NSS names (see /etc/nsswitch.conf) and LDAP
# information in the directory.
# See the manual page nslcd.conf(5) for more information.
# The user and group nslcd should run as.
uid nslcd
gid nslcd
# The uri pointing to the LDAP server to use for name lookups.
# Multiple entries may be specified. The address that is used
# here should be resolvable without using LDAP (obviously).
#uri ldap://127.0.0.1/
#uri ldaps://127.0.0.1/
#uri ldapi://%2fvar%2frun%2fldapi_sock/
# Note: %2f encodes the '/' used as directory separator
### CHANGE TO LDAP SERVER URI
uri ldap://127.0.0.1/
# The LDAP version to use (defaults to 3
# if supported by client library)
#ldap_version 3
# The distinguished name of the search base.
### CHANGE TO LDAP BASE
base dc=example,dc=com
# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.
### CHANGE TO BINDDN
#binddn cn=proxyuser,dc=example,dc=com
# The credentials to bind with.
# Optional: default is no credentials.
# Note that if you set a bindpw you should check the permissions of this file.
### CHANGE TO BINDDN PASSWORD
#bindpw secret
# The distinguished name to perform password modifications by root by.
#rootpwmoddn cn=admin,dc=example,dc=com
# The default search scope.
#scope sub
#scope one
#scope base
# Customize certain database lookups.
#base group ou=Groups,dc=example,dc=com
#base passwd ou=People,dc=example,dc=com
#base shadow ou=People,dc=example,dc=com
#scope group onelevel
#scope hosts sub
# Bind/connect timelimit.
#bind_timelimit 30
# Search timelimit.
#timelimit 30
# Idle timelimit. nslcd will close connections if the
# server has not been contacted for the number of seconds.
#idle_timelimit 3600
# Use StartTLS without verifying the server certificate.
#ssl start_tls
#tls_reqcert never
# CA certificates for server certificate verification
#tls_cacertdir /etc/ssl/certs
#tls_cacertfile /etc/ssl/ca.cert
# Seed the PRNG if /dev/urandom is not provided
#tls_randfile /var/run/egd-pool
# SSL cipher suite
# See man ciphers for syntax
#tls_ciphers TLSv1
# Client certificate and key
# Use these, if your server requires client authentication.
#tls_cert
#tls_key
# Mappings for Services for UNIX 3.5
#filter passwd (objectClass=User)
#map passwd uid msSFU30Name
#map passwd userPassword msSFU30Password
#map passwd homeDirectory msSFU30HomeDirectory
#map passwd homeDirectory msSFUHomeDirectory
#filter shadow (objectClass=User)
#map shadow uid msSFU30Name
#map shadow userPassword msSFU30Password
#filter group (objectClass=Group)
#map group member msSFU30PosixMember
# Mappings for Services for UNIX 2.0
#filter passwd (objectClass=User)
#map passwd uid msSFUName
#map passwd userPassword msSFUPassword
#map passwd homeDirectory msSFUHomeDirectory
#map passwd gecos msSFUName
#filter shadow (objectClass=User)
#map shadow uid msSFUName
#map shadow userPassword msSFUPassword
#map shadow shadowLastChange pwdLastSet
#filter group (objectClass=Group)
#map group member posixMember
# Mappings for Active Directory
#pagesize 1000
#referrals off
#idle_timelimit 800
#filter passwd (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
#map passwd uid sAMAccountName
#map passwd homeDirectory unixHomeDirectory
#map passwd gecos displayName
#filter shadow (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
#map shadow uid sAMAccountName
#map shadow shadowLastChange pwdLastSet
#filter group (objectClass=group)
# Alternative mappings for Active Directory
# (replace the SIDs in the objectSid mappings with the value for your domain)
#pagesize 1000
#referrals off
#idle_timelimit 800
#filter passwd (&(objectClass=user)(objectClass=person)(!(objectClass=computer)))
#map passwd uid cn
#map passwd uidNumber objectSid:S-1-5-21-3623811015-3361044348-30300820
#map passwd gidNumber objectSid:S-1-5-21-3623811015-3361044348-30300820
#map passwd homeDirectory "/home/$cn"
#map passwd gecos displayName
#map passwd loginShell "/bin/bash"
#filter group (|(objectClass=group)(objectClass=person))
#map group gidNumber objectSid:S-1-5-21-3623811015-3361044348-30300820
# Mappings for AIX SecureWay
#filter passwd (objectClass=aixAccount)
#map passwd uid userName
#map passwd userPassword passwordChar
#map passwd uidNumber uid
#map passwd gidNumber gid
#filter group (objectClass=aixAccessGroup)
#map group cn groupName
#map group gidNumber gid

View File

@ -0,0 +1,18 @@
# Name Service Switch configuration file.
# See nsswitch.conf(5) for details.
passwd: files systemd ldap
group: files [SUCCESS=merge] systemd ldap
shadow: files ldap
publickey: files
hosts: files mymachines myhostname resolve [!UNAVAIL=return] dns
networks: files
protocols: files
services: files
ethers: files
rpc: files
netgroup: files

View File

@ -0,0 +1 @@
sudoers_base ou=sudoers,dc=example,dc=org

View File

@ -0,0 +1,5 @@
#%PAM-1.0
password sufficient pam_ldap.so
#password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
#password required pam_unix.so sha512 shadow use_authtok
password required pam_unix.so sha512 shadow nullok

View File

@ -0,0 +1,13 @@
#%PAM-1.0
auth sufficient pam_rootok.so
auth sufficient pam_ldap.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth required pam_wheel.so use_uid
auth required pam_unix.so use_firt_pass
account required pam_unix.so
account sufficient pam_ldap.so
session required pam_unix.so
session sufficient pam_ldap.so
password include system-auth

View File

@ -0,0 +1,13 @@
#%PAM-1.0
auth sufficient pam_rootok.so
auth sufficient pam_ldap.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth required pam_wheel.so use_uid
auth required pam_unix.so use_firt_pass
account required pam_unix.so
account sufficient pam_ldap.so
session required pam_unix.so
session sufficient pam_ldap.so
password include system-auth

View File

@ -0,0 +1,4 @@
#%PAM-1.0
auth sufficient pam_ldap.so
auth required pam_unix.so try_first_pass
auth required pam_nologin.so

View File

@ -0,0 +1,30 @@
#%PAM-1.0
auth sufficient pam_ldap.so
auth required pam_faillock.so preauth
# Optionally use requisite above if you do not want to prompt for the password
# on locked accounts.
auth [success=2 default=ignore] pam_unix.so try_first_pass nullok
-auth [success=1 default=ignore] pam_systemd_home.so
auth [default=die] pam_faillock.so authfail
auth optional pam_permit.so
auth required pam_env.so
auth required pam_faillock.so authsucc
# If you drop the above call to pam_faillock.so the lock will be done also
# on non-consecutive authentication failures.
account sufficient pam_ldap.so
-account [success=1 default=ignore] pam_systemd_home.so
account required pam_unix.so
account optional pam_permit.so
account required pam_time.so
password sufficient pam_ldap.so
-password [success=1 default=ignore] pam_systemd_home.so
password required pam_unix.so try_first_pass nullok shadow sha512
password optional pam_permit.so
session required pam_limits.so
session required pam_unix.so
session optional pam_ldap.so
session optional pam_permit.so

View File

@ -1 +1,2 @@
root:x:0:0:root:/root:/usr/bin/zsh
admin:x:1000:1000::/home/admin:/bin/bash

View File

@ -1 +1,2 @@
root::14871::::::
admin:$6$kdak37IiHqX5Ox5U$Arf.I3zHqkYC3t/Oo8vxLXINqyajKXrELoDjyRmEd/UnQOi3mYFLiF6Abs27OxJsMzskuTVKoq2CyX.fkIdmI0:18820:0:99999:7:::

View File

@ -0,0 +1,9 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCri++HLNs7M+8NiQXPVI1W86JNrOs0rd4Kyl4mvLMvZqvucvuzI/4OmEOuBgx8mwYggquNHZ+nqOuQPhCYvIvFY6fCUI3c7XWEd2J2fe1Y1Ka9o6lNAkLvFAOLcjDboNzzLPg9i/xazfhHIDigTGijxKATcCfVRxakbfdiOLK2jEJNe7qtikGgF3+zlPktS3qRJE7wNBJVS53XcerNJe2JADSeGI7xPwLd3SwjuibirgzKbqOdPPlhfZHKZSIlVTrjtAi++q7AtWXQjMyQrc5X/a3xSB3vgHfJHZBJS5Xz2IxVjDJeF2RCTex9a6uxrVcYsDyWI7bH9lxKBB9S+HuvX9F+JvpmhYHEJ106z97Rh1iU+vxliu/W1ZKYsKd7BOaxvIAc1mM3qtKNPDLFLvbLFDtjBcLM0G3MxmoCDSl6YxBqCEHAUYvC1Ybe/NsxfCmcjkkdOfSQJIY6kzR1LBMSDhLzLWjBa2ZwhL7QNRR+a7tOEkpclcin6gCCOqh26b8= fix@radon
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnwEtCJFnhr1FHTkIquxjMYMwzSstMV/U+AktdyPg2l fix@xenon
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAT7JSDnbl5lFjszUxFN2WpjPSW6P4pJWke46MN8UCcX fix@morty
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDESsPAjfAUKrTcyPsrddMuLhK4fYaiDnNF4cydIUDtZ6ThS53P5eNJV3B9eZFo/lrAqFXkNiItqWcbee8w2jkZJnfnIFbKy2tkPqCeEGBpD7qI+x+XetYM7s13zCoruSWWWYdfnFby6KEchXUSsqDuiHDxlm4HQYxIEp7JKNcN+EGwV8r9fASc0VK/as+VgBmcjL5GDBWVf1rkM1Vpc1zSpS1lfw7Fd9cf069emFTk/+uMJuFpu/0IhYjS435h4NY7C3gOvBVmeoGfCd+zeLj+vrbfZ/EISbCY9IUQWYE6VNegXsmek3YL6cYQI+p7gktw6IQHudxPXVTNnfcibr8/ pi@raspi
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGJ11F0P/IoUwSo9HEg75Ia9gHHoWd0zVn3+Jf0fk8AP fix@argon
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFhd9fhfsxtUMFJJlST/3lfCIBcoKkhm2UD9Qn/yg9O85OdN63crhpd8YkOdh8SKqz4uIzSUZ8W0rFvORbkAE2wJlrtqsrQIKOE2RyKH9WVJnZRC26zkxGNfa/QMxeoKWj+2nWUWZ8NOWbQlbQe3YNqIhmUk6EGNnniWkIkCHsQYPjL2XtOrV+fAKQYZHqDdt0PR0hGhrcTQFknYsWHmjVRUATN8A4jxAAVVHxMArVynTJf4JwbCiZeQyFC2qOO/7ISTV5dPOP3MzQ/3SiGofWVVnRk7LzgNsScPHi32GuvImXKLkcbn9TsWsqYq9uYlJMaijoxlFBfoMVT5StJBDNrb1Ca3ebvzz9ugemqB3vW00He5yf9NVAJmy0WGZmGkdBo7gExdCKekr10wC1A44yHBkU70VIVd7fvQnPpImglLueHzjtN4S8MzmO+evuo0n5ecaF51gdglW9CoCbMkEwEM75scAIJ+bnK/PQvr69GNZ7CPl+10//7ZQKmaRg/klvpBPW1Onm13A4E07f7p9hd3et1sTdWzltITdr0CXtpLO4NDP6tTPNIgvK7ytL3K4n/0w+HOYYez8mgzl1JzHSw5huuN3kc1mrkTmArVPa+hlxs/U0RkHuAggRphtWSfZ0gzf1Lmbpbv1iBmmx0I7ebUN5JW7rqAIMFSZa7uc9HQ== f.schaal@tallence.com
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBlhfBV/3uJBcfMw3o1pnxMbZdtTHskJSVY/fBvylIKM fix@apu
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMAddUJar3mtosfNShZE4HF/7o++Ty1bBhqb9Sd9R0uC fix@beth

View File

@ -1,6 +1,3 @@
#
# SPDX-License-Identifier: GPL-3.0-or-later
#
alsa-utils
amd-ucode
archinstall
@ -76,11 +73,14 @@ ndisc6
nfs-utils
nilfs-utils
nmap
nss-pam-ldapd
ntfs-3g
nvme-cli
openconnect
openldap
openssh
openvpn
pambase
partclone
parted
partimage

View File

@ -1,10 +1,10 @@
#!/usr/bin/env bash
# shellcheck disable=SC2034
iso_name="archlinux"
iso_name="archlinux-trauma"
iso_label="ARCH_$(date +%Y%m)"
iso_publisher="Arch Linux <https://archlinux.org>"
iso_application="Arch Linux Live/Rescue CD"
iso_publisher="fix <https://catefrauma.de>"
iso_application="Arch Linux Trauma MR Edition"
iso_version="$(date +%Y.%m.%d)"
install_dir="arch"
buildmodes=('iso')
@ -15,8 +15,17 @@ airootfs_image_type="squashfs"
airootfs_image_tool_options=('-comp' 'xz' '-Xbcj' 'x86' '-b' '1M' '-Xdict-size' '1M')
file_permissions=(
["/etc/shadow"]="0:0:400"
["/etc/passwd"]="0:0:644"
["/etc/nsswitch.conf"]="0:0:644"
["/etc/nslcd.conf"]="0:0:644"
["/etc/openldap/openldap.conf"]="0:0:644"
["/etc/pamd.d"]="0:0:755"
["/etc/pamd.d/system-auth", "/etc/pamd.d/sudo", "/etc/pamd.d/passwd"]="0:0:644"
["/etc/pamd.d/su","/etc/pamd.d/su-l",]="0:0:755"
["/root"]="0:0:750"
["/root/.automated_script.sh"]="0:0:755"
["/root/.ssh"]="0:0:600"
["/root/.ssh/authorized_keys"]="0:0:700"
["/usr/local/bin/choose-mirror"]="0:0:755"
["/usr/local/bin/Installation_guide"]="0:0:755"
["/usr/local/bin/livecd-sound"]="0:0:755"

View File

@ -3,32 +3,31 @@
LABEL arch64
TEXT HELP
Boot the Arch Linux install medium on BIOS.
It allows you to install Arch Linux or perform system maintenance.
Boot Trauma Linux
ENDTEXT
MENU LABEL Arch Linux install medium (x86_64, BIOS)
MENU LABEL Trauma Linux
LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux
INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img
APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL%
# Accessibility boot option
LABEL arch64speech
TEXT HELP
Boot the Arch Linux install medium on BIOS with speakup screen reader.
It allows you to install Arch Linux or perform system maintenance with speech feedback.
ENDTEXT
MENU LABEL Arch Linux install medium (x86_64, BIOS) with ^speech
LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux
INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img
APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% accessibility=on
#LABEL arch64speech
#TEXT HELP
#Boot the Arch Linux install medium on BIOS with speakup screen reader.
#It allows you to install Arch Linux or perform system maintenance with speech feedback.
#ENDTEXT
#MENU LABEL Arch Linux install medium (x86_64, BIOS) with ^speech
#LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux
#INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img
#APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% accessibility=on
# Copy to RAM boot option
LABEL arch64ram
TEXT HELP
Boot the Arch Linux install medium on BIOS with Copy-to-RAM option
It allows you to install Arch Linux or perform system maintenance.
ENDTEXT
MENU LABEL Arch Linux install medium (x86_64, BIOS, Copy to RAM)
LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux
INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img
APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% copytoram
#LABEL arch64ram
#TEXT HELP
#Boot the Arch Linux install medium on BIOS with Copy-to-RAM option
#It allows you to install Arch Linux or perform system maintenance.
#ENDTEXT
#MENU LABEL Arch Linux install medium (x86_64, BIOS, Copy to RAM)
#LINUX /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux
#INITRD /%INSTALL_DIR%/boot/intel-ucode.img,/%INSTALL_DIR%/boot/amd-ucode.img,/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img
#APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% copytoram

Binary file not shown.

Before

Width:  |  Height:  |  Size: 44 KiB

After

Width:  |  Height:  |  Size: 41 KiB