10 Star 0 Fork 24

src-openEuler/security-tool

加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
该仓库未声明开源许可证文件(LICENSE),使用请关注具体项目描述及其代码上游依赖。
克隆/下载
security-tool.spec 7.28 KB
一键复制 编辑 原始数据 按行查看 历史
yueyuankun 提交于 2023-06-09 17:28 . add grub2 password for legacy
%global vendor %{?_vendor:%{_vendor}}%{!?_vendor:openEuler}
Summary: openEuler Security Tool
Name : security-tool
Version: 2.0
Release: 1.88
Source0: https://gitee.com/openeuler/security-tool/repository/archive/v2.0.tar.gz
License: MulanPSL-2.0
URL: https://gitee.com/openeuler/security-tool
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: bash setup pam util-linux sudo crontabs cronie
Requires: shadow initscripts ca-certificates openssh rsyslog dbus-daemon
Requires(post): systemd-units
Requires(preun): systemd-units
Requires(postun): systemd-units
BuildRequires: xauth
Patch0: Use-secure-MACs-and-KexAlgorithms.patch
Patch1: do-not-create-allow-file-while-the-command-does-not-.patch
Patch2: remove-sha1-in-sshd-config.patch
Patch3: fix-function-allow-rpm-q.patch
Patch4: add-secure-hostKey-algorithms.patch
Patch5: Do-not-hard-code-vendor-name-in-source-code.patch
Patch6: sshd-delete-deprecated-option-RSAAuthentication-and-Rhost.patch
Patch7: security-tool-add-grub2-password-for-legacy.patch
%description
%{vendor} Security Tool
%global debug_package %{nil}
%prep
%autosetup -n security-tool-v%{version} -p1
sed -i 's|@VENDOR@|%{vendor}|g' custom-security.service
%build
%check
%install
rm -rf $RPM_BUILD_ROOT
install -d -m0700 $RPM_BUILD_ROOT%{_sysconfdir}/%{vendor}_security
install -m0600 security $RPM_BUILD_ROOT%{_sysconfdir}/%{vendor}_security/security
install -m0400 security.conf $RPM_BUILD_ROOT%{_sysconfdir}/%{vendor}_security/security.conf
install -m0600 usr-security.conf $RPM_BUILD_ROOT%{_sysconfdir}/%{vendor}_security/usr-security.conf
install -d -m0755 $RPM_BUILD_ROOT/%{_unitdir}
install -m0644 custom-security.service $RPM_BUILD_ROOT/%{_unitdir}/%{vendor}-security.service
install -d -m0755 $RPM_BUILD_ROOT/%{_sbindir}
install -m0500 security-tool.sh $RPM_BUILD_ROOT/%{_sbindir}/security-tool.sh
install -m0644 security-tool-%{version}/csh.precmd $RPM_BUILD_ROOT%{_sysconfdir}/csh.precmd
install -d -m0755 $RPM_BUILD_ROOT/%{_sysconfdir}/profile.d
install -d -m0755 $RPM_BUILD_ROOT/%{_sysconfdir}/pam.d
install -m0644 security-tool-%{version}/password-auth-crond $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/password-auth-crond
install -m0644 security-tool-%{version}/su-local $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/su-local
%clean
rm -rf $RPM_BUILD_ROOT
%pre
%post
sed -i 's/system-auth$/password-auth-crond/g' /etc/pam.d/crond
if [ $1 -ge 2 ]
then
sed -i 's/readonly HISTSIZE$//g' /etc/profile
sed -i 's/readonly TMOUT$//g' /etc/profile
fi
if [ -h /etc/pam.d/su ]
then
rm -f /etc/pam.d/su
else
mv -f /etc/pam.d/su /etc/pam.d/su-bak
fi
ln -s /etc/pam.d/su-local /etc/pam.d/su
%systemd_post %{vendor}-security.service
systemctl enable %{vendor}-security.service
%preun
%systemd_preun %{vendor}-security.service
if [ $1 -eq 0 ]
then
sed -i 's/password-auth-crond$/system-auth/g' /etc/pam.d/crond
fi
%postun
%systemd_postun_with_restart %{vendor}-security.service
if [ $1 -eq 0 ]
then
if [ -f /etc/pam.d/su-bak ]
then
mv -f /etc/pam.d/su-bak /etc/pam.d/su
fi
if [ -f /etc/pam.d/password-auth-ac ]
then
rm -f /etc/pam.d/password-auth
ln -s /etc/pam.d/password-auth-ac /etc/pam.d/password-auth
elif [ -f /etc/pam.d/password-auth-bak ]
then
mv -f /etc/pam.d/password-auth-bak /etc/pam.d/password-auth
fi
if [ -f /etc/pam.d/system-auth-ac ]
then
rm -f /etc/pam.d/system-auth
ln -s /etc/pam.d/system-auth-ac /etc/pam.d/system-auth
elif [ -f /etc/pam.d/system-auth-bak ]
then
mv -f /etc/pam.d/system-auth-bak /etc/pam.d/system-auth
fi
fi
%files
%defattr(-,root,root)
%attr(0700,root,root) %dir %{_sysconfdir}/%{vendor}_security
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/%{vendor}_security/security
%attr(0400,root,root) %config %{_sysconfdir}/%{vendor}_security/security.conf
%attr(0600,root,root) %config %{_sysconfdir}/%{vendor}_security/usr-security.conf
%attr(0644,root,root) %{_sysconfdir}/csh.precmd
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/password-auth-crond
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/su-local
%attr(0644,root,root) %{_unitdir}/%{vendor}-security.service
%attr(0500,root,root) %{_sbindir}/security-tool.sh
%changelog
* Fri Jun 09 2023 yueyuankun <yueyuankun@kylinos.cn> - 2.0-1.88
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:security-tool-add-grub2-password-for-legacy.patch
* Tue Jan 10 2023 renmingshuai <renmingshuai@huawei.com> - 2.0-1.87
- delete deprecated option RSAAuthentication and RhostsRSAAuthentication
* Fri Jan 6 2023 Chenxi Mao <chenxi.mao@suse.com> - 2.0-1.86
- Do not hard code vendor name in source code
* Sat Nov 26 2022 zhengxiaoxiao <zhengxiaoxiao2@huawei.com> - 2.0-1.85
- replace openEuler to vendor
* Thu Nov 17 2022 zhengxiaoxiao <zhengxiaoxiao2@huawei.com> - 2.0-1.84
- replace tar.gz
* Sun Oct 09 2022 fushanqing <fushanqing@kylinos.cn> - 2.0-1.83
- Unified license name specification
* Mon Aug 29 2022 zhengxiaoxiao <zhengxiaoxiao2@huawei.com> - 2.0-1.82
- fix sed keyword error in /etc/pam.d/crond
* Mon Aug 15 2022 zhengxiaoxiao <zhengxiaoxiao2@huawei.com> - 2.0-1.81
- add secure hostKey algorithms
* Thu Jun 30 2022 zhengxiaoxiao <zhengxiaoxiao2@huawei.com> - 2.0-1.80
- disabling the dependency on binutils
* Mon Jun 27 2022 zhengxiaoxiao <zhengxiaoxiao2@huawei.com> - 2.0-1.79
- fix function allow rpm-q
* Wed Apr 27 2022 zhengxiaoxiao <zhengxiaoxiao2@huawei.com> - 2.0-1.78
- update release
* Mon Feb 7 2022 renmingshuai <renmingshuai@huawei.com> - 2.0-1.52
- remove sha1 in sshd_config
* Thu Mar 18 2021 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.51
- do not create allow file while the command does not exist
* Fri Oct 9 2020 gaoyusong <gaoyusong1@huawei.com> - 2.0-1.50
- Use secure MACs and KexAlgorithms
* Thu Sep 17 2020 gaoyusong <gaoyusong1@huawei.com> - 2.0-1.49
- Upgrade to v2.0
* Fri Jul 3 2020 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.48
- rm zzz_openEuler_history.sh
* Fri May 29 2020 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.47
- Move -- befora path
* Fri May 29 2020 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.46
- Do not set umask to 077 any more
* Thu May 7 2020 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.45
- Update LICENSE of files
* Wed Apr 29 2020 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.44
- Update LICENSE to Mulan PSL v2.0
* Fri Feb 21 2020 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.43
- Allow wheel group to use sudo by default
* Wed Jan 22 2020 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.42
- Fix problems of script caused by "*" and multiple spaces
* Wed Jan 22 2020 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.41
- Fix the problem of dbus-daemon-launch-helper's group
* Sun Jan 12 2020 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.40
- Delete password-auth-local and system-auth-local
* Sun Dec 29 2019 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.39
- Add copyright for su-local
* Thu Dec 19 2019 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.38
- Delete unused infomation
* Mon Nov 11 2019 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.37
- Modify License
* Mon Sep 25 2019 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.36
- Add requires
* Mon Sep 16 2019 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.35
- Package init for openEuler
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
1
https://gitee.com/src-openeuler/security-tool.git
git@gitee.com:src-openeuler/security-tool.git
src-openeuler
security-tool
security-tool
master

搜索帮助