ArchOS: Konfiguration #32

New issue

Open

opened 2023-08-27 16:21:04 +00:00 by eichehome · 0 comments

eichehome commented 2023-08-27 16:21:04 +00:00

Owner

Copy link

BASH

.bashrc

alias ll="ls -lAh"

PolicyKit

/etc/polkit-1/localauthority.conf

---

/usr/share/polkit-1/action/gparted.policy

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
<policyconfig>
	<action id="org.freedesktop.policykit.pkexec.run-gparted">
    	<decription>Run GParted</decription>
        <message>Authentification is required to run GParted</message>
        <defaults>
        	<allow_any>no</allow_any>
            <allow_inactive>no</allow_inactive>
            <allow_active>auth_admin_keep</allow_active>
        </defaults>
        <annotate key="org.freedesktop.policykit.exec.path">
        	/usr/sbin/gparted
        </annotate>
        <annotate key="org.freedesktop.policykit.exec.allow_gui">
        	TRUE
        </annotate>
    </action>
</policyconfig>

---

/var/lib/polkit-1/*

Fail2Ban

/etc/fail2ban/jail.local

[sshd]
port = ssh
logpath = %(ssh_log)
enabled = true

SSH

/etc/ssh/sshd_config

PermitRootLogin no|without-password
PasswordAuthentication no
UsePAM no

PAM

/etc/pam.d/password-auth

auth		required	pam_env.so
auth		sufficient	pam_unix.so nullok try_first_pass
auth		requisite	pam_succeed_if.so uid >= 1000 quiet_success
auth		required	pam_deny.so

account		required	pam_unix.so
account		sufficient	pam_localuser.so
account		sufficient	pam_succeed_if.so uid < 1000 quiet
account		required	pam_permit.so

password	requisite	pam_pwquality.so try_first_pass local_users_only retry=3 authok_type=
password	sufficient	pam_unix.so sha512 shadow nullok try_first_pass use_authok
password	required	pam_deny.so

session		optional	pam_keyinit.so revoke
session 	required	pam_limits.so
-session	optional	pam_systemd.so
session		[success=1 default=ignore]	pam_succeed_if.so service in crond quiet use_uid
session		required	pam_unix.so

NSS

/etc/nsswitch.conf

passwd:		files (sss)
group:		files (sss)
shadow:		files
hosts:		files mdns4_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] dns
networks:	files
protocols:	db files

# BASH ``` .bashrc ``` ```bash alias ll="ls -lAh" ``` # PolicyKit ``` /etc/polkit-1/localauthority.conf ``` ``` ``` ---- ``` /usr/share/polkit-1/action/gparted.policy ``` ```xml <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd"> <policyconfig> <action id="org.freedesktop.policykit.pkexec.run-gparted"> <decription>Run GParted</decription> <message>Authentification is required to run GParted</message> <defaults> <allow_any>no</allow_any> <allow_inactive>no</allow_inactive> <allow_active>auth_admin_keep</allow_active> </defaults> <annotate key="org.freedesktop.policykit.exec.path"> /usr/sbin/gparted </annotate> <annotate key="org.freedesktop.policykit.exec.allow_gui"> TRUE </annotate> </action> </policyconfig> ``` ---- ``` /var/lib/polkit-1/* ``` ``` ``` # Fail2Ban ``` /etc/fail2ban/jail.local ``` ``` [sshd] port = ssh logpath = %(ssh_log) enabled = true ``` # SSH ``` /etc/ssh/sshd_config ``` ``` PermitRootLogin no|without-password PasswordAuthentication no UsePAM no ``` # PAM ``` /etc/pam.d/password-auth ``` ``` auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 1000 quiet_success auth required pam_deny.so account required pam_unix.so account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 1000 quiet account required pam_permit.so password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authok_type= password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so -session optional pam_systemd.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so ``` # NSS ``` /etc/nsswitch.conf ``` ``` passwd: files (sss) group: files (sss) shadow: files hosts: files mdns4_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] dns networks: files protocols: db files ```

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

No results found.

Labels

Clear labels   

bug

Something is not working

  

duplicate

This issue or pull request already exists

  

enhancement

New feature

  

help wanted

Need some help

  

invalid

Something is wrong

  

Note

Informationen, die kein Problem oder Feature sind

  

question

More information is needed

  

wontfix

This won't be fixed

No labels

bug

duplicate

enhancement

help wanted

invalid

Note

question

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: eichehome/archinstall#32

No description provided.