From b00783264a01cc52ca38d64a458e07e110512de5 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Rapha=C3=ABl=20Gertz?= Date: Sun, 19 Jun 2016 00:12:02 +0200 Subject: [PATCH 1/1] Add debug-sshd --- SOURCES/ihttpd.module-setup | 80 +++++++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) diff --git a/SOURCES/ihttpd.module-setup b/SOURCES/ihttpd.module-setup index c5ba6d2..947d0c1 100644 --- a/SOURCES/ihttpd.module-setup +++ b/SOURCES/ihttpd.module-setup @@ -91,6 +91,86 @@ install() { '/usr/bin/reboot' \ /usr/sbin/ihttpd + # Install sshd dirs + inst_dir \ + /etc/pam.d \ + /etc/profile.d \ + /etc/security \ + /etc/ssh \ + /etc/sysconfig \ + $systemdsystemunitdir/basic.target.wants \ + $systemdsystemunitdir/emergency.target.wants \ + $systemdsystemunitdir/rescue.target.wants \ + $systemdsystemunitdir/sysinit.target.wants \ + /usr/lib64/security \ + /usr/share/terminfo/x \ + /var/empty + + # Install sshd files + inst_multiple \ + /etc/bashrc \ + /etc/environment \ + /etc/gshadow \ + /etc/pam.d/sshd \ + /etc/pam.d/system-auth \ + /etc/profile.d/*.sh \ + /etc/security/limits.conf \ + /etc/security/pam_env.conf \ + /etc/shadow \ + /etc/ssh/denyusers \ + /etc/ssh/moduli \ + /etc/ssh/ssh_config \ + /etc/ssh/sshd_config \ + /etc/ssh/ssh_host_* \ + /root/.bash_profile \ + /root/.bashrc \ + /usr/bin/cat \ + /usr/bin/id \ + '/usr/bin/kill' \ + /usr/bin/ps \ + /usr/lib64/security/pam_cracklib.so \ + /usr/lib64/security/pam_deny.so \ + /usr/lib64/security/pam_env.so \ + /usr/lib64/security/pam_keyinit.so \ + /usr/lib64/security/pam_limits.so \ + /usr/lib64/security/pam_listfile.so \ + /usr/lib64/security/pam_nologin.so \ + /usr/lib64/security/pam_succeed_if.so \ + /usr/lib64/security/pam_systemd.so \ + /usr/lib64/security/pam_tcb.so \ + /usr/sbin/sshd \ + /usr/share/terminfo/x/* + + # Disable pam + #perl -pne 's%^UsePAM yes$%UsePAM no%;s%^PermitRootLogin .*$%PermitRootLogin yes%' -i "$initdir/etc/ssh/sshd_config" + perl -pne 's%^PermitRootLogin .*$%PermitRootLogin yes%' -i "$initdir/etc/ssh/sshd_config" + + # Sshd shell service + #XXX: KillMode=none is required to avoid sshd process getting killed in control group after parent fork + cat << EOF > $initdir$systemdsystemunitdir/debug-sshd.service +# Based on /usr/lib/systemd/system/debug-shell.service +[Unit] +Description=Early sshd shell FOR DEBUGGING ONLY +DefaultDependencies=no +AllowIsolate=no +IgnoreOnIsolate=yes + +[Service] +Type=simple +KillMode=none +ExecStart=@/usr/sbin/sshd /usr/sbin/sshd -e + +[Install] +WantedBy=sysinit.target +EOF + + # Install in sysinit.target.wants + ln -fs ../debug-sshd.service $initdir$systemdsystemunitdir/sysinit.target.wants/ + + # Install sshd user and group + `grep -Eq '^sshd:' $initdir/etc/passwd` || grep -E '^sshd:' /etc/passwd >> "$initdir/etc/passwd" + `grep -Eq '^sshd:' $initdir/etc/group` || grep -E '^sshd:' /etc/group >> "$initdir/etc/group" + # Install ihttpd.path ln -fs ../ihttpd.path $initdir$systemdsystemunitdir/sysinit.target.wants/ -- 2.41.1