ArchOS: Konfiguration #32

Open
opened 2023-08-27 16:21:04 +00:00 by eichehome · 0 comments
Owner

BASH

.bashrc
alias ll="ls -lAh"

PolicyKit

/etc/polkit-1/localauthority.conf


/usr/share/polkit-1/action/gparted.policy
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
<policyconfig>
	<action id="org.freedesktop.policykit.pkexec.run-gparted">
    	<decription>Run GParted</decription>
        <message>Authentification is required to run GParted</message>
        <defaults>
        	<allow_any>no</allow_any>
            <allow_inactive>no</allow_inactive>
            <allow_active>auth_admin_keep</allow_active>
        </defaults>
        <annotate key="org.freedesktop.policykit.exec.path">
        	/usr/sbin/gparted
        </annotate>
        <annotate key="org.freedesktop.policykit.exec.allow_gui">
        	TRUE
        </annotate>
    </action>
</policyconfig>

/var/lib/polkit-1/*

Fail2Ban

/etc/fail2ban/jail.local
[sshd]
port = ssh
logpath = %(ssh_log)
enabled = true

SSH

/etc/ssh/sshd_config
PermitRootLogin no|without-password
PasswordAuthentication no
UsePAM no

PAM

/etc/pam.d/password-auth
auth		required	pam_env.so
auth		sufficient	pam_unix.so nullok try_first_pass
auth		requisite	pam_succeed_if.so uid >= 1000 quiet_success
auth		required	pam_deny.so

account		required	pam_unix.so
account		sufficient	pam_localuser.so
account		sufficient	pam_succeed_if.so uid < 1000 quiet
account		required	pam_permit.so

password	requisite	pam_pwquality.so try_first_pass local_users_only retry=3 authok_type=
password	sufficient	pam_unix.so sha512 shadow nullok try_first_pass use_authok
password	required	pam_deny.so

session		optional	pam_keyinit.so revoke
session 	required	pam_limits.so
-session	optional	pam_systemd.so
session		[success=1 default=ignore]	pam_succeed_if.so service in crond quiet use_uid
session		required	pam_unix.so

NSS

/etc/nsswitch.conf
passwd:		files (sss)
group:		files (sss)
shadow:		files
hosts:		files mdns4_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] dns
networks:	files
protocols:	db files
# BASH ``` .bashrc ``` ```bash alias ll="ls -lAh" ``` # PolicyKit ``` /etc/polkit-1/localauthority.conf ``` ``` ``` ---- ``` /usr/share/polkit-1/action/gparted.policy ``` ```xml <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd"> <policyconfig> <action id="org.freedesktop.policykit.pkexec.run-gparted"> <decription>Run GParted</decription> <message>Authentification is required to run GParted</message> <defaults> <allow_any>no</allow_any> <allow_inactive>no</allow_inactive> <allow_active>auth_admin_keep</allow_active> </defaults> <annotate key="org.freedesktop.policykit.exec.path"> /usr/sbin/gparted </annotate> <annotate key="org.freedesktop.policykit.exec.allow_gui"> TRUE </annotate> </action> </policyconfig> ``` ---- ``` /var/lib/polkit-1/* ``` ``` ``` # Fail2Ban ``` /etc/fail2ban/jail.local ``` ``` [sshd] port = ssh logpath = %(ssh_log) enabled = true ``` # SSH ``` /etc/ssh/sshd_config ``` ``` PermitRootLogin no|without-password PasswordAuthentication no UsePAM no ``` # PAM ``` /etc/pam.d/password-auth ``` ``` auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 1000 quiet_success auth required pam_deny.so account required pam_unix.so account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 1000 quiet account required pam_permit.so password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authok_type= password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so -session optional pam_systemd.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so ``` # NSS ``` /etc/nsswitch.conf ``` ``` passwd: files (sss) group: files (sss) shadow: files hosts: files mdns4_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] dns networks: files protocols: db files ```
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: eichehome/archinstall#32
No description provided.