From 0cbdf5c29c9a5828b92ab1e768292b2611411552 Mon Sep 17 00:00:00 2001 From: m8in Date: Mon, 30 Mar 2026 21:25:53 +0200 Subject: [PATCH] Added file '/etc/adduser.conf' to core definition. --- core/default/etc/adduser.conf | 109 +++++++++++++++++++++++++++++++ core/ensureUsageOfDefinitions.sh | 7 +- setupCoreOntoThisHost.sh | 17 +++-- 3 files changed, 126 insertions(+), 7 deletions(-) create mode 100644 core/default/etc/adduser.conf diff --git a/core/default/etc/adduser.conf b/core/default/etc/adduser.conf new file mode 100644 index 0000000..44f5404 --- /dev/null +++ b/core/default/etc/adduser.conf @@ -0,0 +1,109 @@ +# /etc/adduser.conf: `adduser' configuration. +# See adduser(8) and adduser.conf(5) for full documentation. + +# A commented out setting indicates that this is the default in the +# code. If you need to change those settings, remove the comment and +# make your intended change. + +# STDERRMSGLEVEL, STDOUTMSGLEVEL, and LOGMSGLEVEL set the minimum +# priority for messages logged to syslog/journal and the console, +# respectively. +# Values are trace, debug, info, warn, err, and fatal. +# Messages with the set priority or higher get logged to the +# respective medium. +#STDERRMSGLEVEL=warn +#STDOUTMSGLEVEL=info +#SYSLOGLEVEL=info + +# The login shell to be used for all new users. +# Default: DSHELL=/bin/bash +#DSHELL=/bin/bash + +# The directory in which new home directories should be created. +# Default: DHOME=/home +# DHOME=/home + +# The directory from which skeletal user configuration files +# will be copied. +# Default: SKEL=/etc/skel +#SKEL=/etc/skel + +# Specify inclusive ranges of UIDs and GIDs from which UIDs and GIDs +# for system users, system groups, non-system users and non-system groups +# can be dynamically allocated. +# Default: FIRST_SYSTEM_UID=100, LAST_SYSTEM_UID=999 +#FIRST_SYSTEM_UID=100 +#LAST_SYSTEM_UID=999 + +# Default: FIRST_SYSTEM_GID=100, LAST_SYSTEM_GID=999 +#FIRST_SYSTEM_GID=100 +#LAST_SYSTEM_GID=999 + +# Default: FIRST_UID=1000, LAST_UID=59999 +#FIRST_UID=1000 +#LAST_UID=59999 + +# Default: FIRST_GID=1000, LAST_GID=59999 +#FIRST_GID=1000 +#LAST_GID=59999 + +# Specify a file or a directory containing UID and GID pool. +#UID_POOL=/etc/adduser-pool.conf +#UID_POOL=/etc/adduser-pool.d/ +#GID_POOL=/etc/adduser-pool.conf +#GID_POOL=/etc/adduser-pool.d/ + +# Specify whether each created non-system user will be +# given their own group to use. +# Default: USERGROUPS=yes +#USERGROUPS=yes + +# Defines the groupname or GID of the group all newly-created +# non-system users are placed into. +# It is a configuration error to define both variables +# even if the values are consistent. +# Default: USERS_GID=undefined, USERS_GROUP=users +#USERS_GID=100 +#USERS_GROUP=users + +# The permissions mode for home directories of non-system users. +# Default: DIR_MODE=0750 +#DIR_MODE=0750 + +# The permissions mode for home directories of system users. +# Default: SYS_DIR_MODE=0750 +#SYS_DIR_MODE=0750 + +# If set to a nonempty value, new users will have quotas copied +# from that user with `edquota -p QUOTAUSER newuser' +# Default: QUOTAUSER="" +#QUOTAUSER="" + +# Non-system user- and groupnames are checked against this regular +# expression. +# Default: NAME_REGEX="^[a-z][-a-z0-9_]*\$?$" +#NAME_REGEX="^[a-z][-a-z0-9_]*\$?$" + +# System user- and groupnames are checked against this regular +# expression. +# Default: SYS_NAME_REGEX="^[A-Za-z_][-A-Za-z0-9_]*\$?$" +#SYS_NAME_REGEX="^[A-Za-z_][-A-Za-z0-9_]*\$?$" + +# When populating the newly created home directory of a non-system user, +# files in SKEL matching this regex are not copied. +# Default: SKEL_IGNORE_REGEX="\.(dpkg|ucf)-(old|new|dist|save)$" +#SKEL_IGNORE_REGEX="\.(dpkg|ucf)-(old|new|dist|save)$" + +# list of groups that new non-system users will be added to +# if ADD_EXTRA_GROUPS is non-zero or set on the command line. +# Default: EXTRA_GROUPS="users" +#EXTRA_GROUPS="users" + +# Setting this to something other than 0 will cause adduser to add +# newly created non-system users to the list of groups defined by +# EXTRA_GROUPS. +# Default: ADD_EXTRA_GROUPS=0 +#ADD_EXTRA_GROUPS=0 + +# use extrausers by default +#USE_EXTRAUSERS=1 diff --git a/core/ensureUsageOfDefinitions.sh b/core/ensureUsageOfDefinitions.sh index f094296..cd12b24 100755 --- a/core/ensureUsageOfDefinitions.sh +++ b/core/ensureUsageOfDefinitions.sh @@ -12,16 +12,19 @@ function printIfEqual() { } function isCoreDefinition() { - echo "${1:?"Missing first parameter FILE"}" | grep -F '/root/.ssh/authorized_keys' &> /dev/null \ + echo "${1:?"Missing first parameter FILE"}" | grep -F '/etc/adduser.conf' &> /dev/null \ && return 0 echo "${1:?"Missing first parameter FILE"}" | grep -F '/etc/ssh/sshd_config.d/AccessRestriction.conf' &> /dev/null \ && return 0 + echo "${1:?"Missing first parameter FILE"}" | grep -F '/etc/sudoers.d/allow-jenkins-updateRepositories' &> /dev/null \ + && return 0 + echo "${1:?"Missing first parameter FILE"}" | grep -F '/home/jenkins/.ssh/authorized_keys' &> /dev/null \ && return 0 - echo "${1:?"Missing first parameter FILE"}" | grep -F '/etc/sudoers.d/allow-jenkins-updateRepositories' &> /dev/null \ + echo "${1:?"Missing first parameter FILE"}" | grep -F '/root/.ssh/authorized_keys' &> /dev/null \ && return 0 return 1 diff --git a/setupCoreOntoThisHost.sh b/setupCoreOntoThisHost.sh index c7e5d82..8244691 100755 --- a/setupCoreOntoThisHost.sh +++ b/setupCoreOntoThisHost.sh @@ -125,13 +125,17 @@ function addDefinition(){ readonly _DEFINITIONS _REPOSITORY [ "$(id -u)" == "0" ] \ + && echo \ && echo "Running setup as 'root' trying to add definition repository:" \ + && echo \ && "${_CORE_SCRIPTS:?"Missing CORE_SCRIPTS"}addAndCheckGitRepository.sh" "${_DEFINITIONS}" readonly "${_REPOSITORY}" \ && echo " - definitions are usable for this host." \ && return 0 [ "$(id -u)" != "0" ] \ + && echo \ && echo "Running setup as 'user' trying to add definition repository:" \ + && echo \ && "${_CORE_SCRIPTS:?"Missing CORE_SCRIPTS"}addAndCheckGitRepository.sh" "${_DEFINITIONS}" writable "${_REPOSITORY}" \ && echo " - definitions are usable, as working copy." \ && return 0 @@ -146,6 +150,7 @@ function addState() { readonly _STATES _REPOSITORY [ "$(id -u)" == "0" ] \ + && echo \ && echo "Running setup as 'root' trying to add state repository:" \ && echo \ && "${_CORE_SCRIPTS:?"Missing CORE_SCRIPTS"}addAndCheckGitRepository.sh" "${_STATES}" writable "${_REPOSITORY}" \ @@ -153,6 +158,7 @@ function addState() { && return 0 [ "$(id -u)" != "0" ] \ + && echo \ && echo "Running setup as 'user' trying to add state repository:" \ && echo \ && "${_CORE_SCRIPTS:?"Missing CORE_SCRIPTS"}addAndCheckGitRepository.sh" "${_STATES}" writable "${_REPOSITORY}" \ @@ -169,13 +175,18 @@ function setupCoreFunctionality() { readonly _DEFINITIONS _MINUTE_FROM_OWN_IP [ "$(id -u)" != "0" ] \ + && echo \ && echo "Configuration of host skipped because of insufficient rights." \ && return 1 [ "$(id -u)" == "0" ] \ + && echo \ + && echo "Using definitions: '${_DEFINITIONS:?"Missing DEFINITIONS"}' ..." \ && echo \ && "${_CORE_SCRIPTS:?"Missing CORE_SCRIPTS"}defineAuthorizedKeysOfUser.sh" "${_DEFINITIONS}" root \ && echo \ + && "${_CORE_SCRIPTS:?"Missing CORE_SCRIPTS"}ensureUsageOfDefinitions.sh" "${_DEFINITIONS}" /etc/adduser.conf \ + && echo \ && "${_CORE_SCRIPTS:?"Missing CORE_SCRIPTS"}addNormalUser.sh" jenkins \ && echo \ && "${_CORE_SCRIPTS:?"Missing CORE_SCRIPTS"}defineAuthorizedKeysOfUser.sh" "${_DEFINITIONS}" jenkins \ @@ -199,12 +210,8 @@ function setup() { _STATES="${_CIS_ROOT:?"Missing CIS_ROOT"}states/${_DOMAIN:?"Missing DOMAIN"}" readonly _DEFINITIONS _DOMAIN _STATES - echo \ - && addDefinition "${_DEFINITIONS:?"Missing DEFINITIONS"}" "${_DOMAIN:?"Missing DOMAIN"}" \ - && echo \ + addDefinition "${_DEFINITIONS:?"Missing DEFINITIONS"}" "${_DOMAIN:?"Missing DOMAIN"}" \ && addState "${_STATES:?"Missing STATES"}" "${_DOMAIN:?"Missing DOMAIN"}" \ - && echo \ - && echo "Using definitions: '${_DEFINITIONS:?"Missing DEFINITIONS"}' ..." \ && setupCoreFunctionality "${_DEFINITIONS:?"Missing DEFINITIONS"}" \ && return 0