Compare commits

..

No commits in common. "65dda1f790c03517b7ab95c67f577b9759951e1d" and "91c4c7e3248a877cbac7a38fb89b6618894b0fef" have entirely different histories.

8 changed files with 3 additions and 27 deletions

View File

@ -1,2 +0,0 @@
dbpath = /data/mail/config/vmail.db
query = SELECT action FROM access WHERE address = '%s'

View File

@ -38,5 +38,3 @@ smtpd_sender_login_maps = sqlite:/etc/postfix/login.cf, $virtual_alias_maps
smtpd_milters = unix:private/opendkim smtpd_milters = unix:private/opendkim
non_smtpd_milters = $smtpd_milters non_smtpd_milters = $smtpd_milters
smtpd_recipient_restrictions = check_recipient_access sqlite:/etc/postfix/access.cf

View File

@ -4,4 +4,3 @@ create table mailbox (username varchar(255) not null primary key, password varch
create table dkim (match varchar(255) not null primary key, key varchar(255) not null); create table dkim (match varchar(255) not null primary key, key varchar(255) not null);
create table dkim_key (key varchar(255) not null primary key, domain varchar(255) not null, selector varchar(255) not null, private_key varchar(65535) not null); create table dkim_key (key varchar(255) not null primary key, domain varchar(255) not null, selector varchar(255) not null, private_key varchar(65535) not null);
create table access (address varchar(255) not null primary key, action varchar(255) not null);

View File

@ -18,9 +18,8 @@ sudo cp 99-no-wifi-on-ethernet /etc/NetworkManager/dispatcher.d
sudo sed -i '$ a EXTRA_OPTS=-L 4' /etc/default/cron sudo sed -i '$ a EXTRA_OPTS=-L 4' /etc/default/cron
``` ```
## Do not log sessions ## Do not log cron sessions
```sh ```sh
sudo cp unix-no-session-log /usr/share/pam-configs sudo sed -i '/pam_unix.so/ i session [success=1 default=ignore] pam_succeed_if.so service in cron quiet' /etc/pam.d/common-session-noninteractive
sudo pam-auth-update # Select OK to update
``` ```

View File

@ -1,6 +0,0 @@
Name: Unix authentication - no session logging
Default: yes
Priority: 257
Session-Type: Additional
Session:
[success=1 default=ignore] pam_succeed_if.so service in cron:sudo quiet

View File

@ -5,9 +5,7 @@ Switch to your main user with `su - adminuser` afterwards.
```sh ```sh
sudo sed -i '$ a sshlogin:*:1001:65534::/home/sshlogin:/bin/sh' /etc/passwd sudo sed -i '$ a sshlogin:*:1001:65534::/home/sshlogin:/bin/sh' /etc/passwd
sudo sed -i '$ a Match User *' /etc/ssh/sshd_config sudo cp *.conf /etc/ssh/sshd_config.d
sudo sed -i '$ a Include /etc/ssh/sshd_config.d/*.user' /etc/ssh/sshd_config
sudo cp *.conf *.user /etc/ssh/sshd_config.d
sudo mkdir -p /home/sshlogin/.ssh sudo mkdir -p /home/sshlogin/.ssh
sudo chown sshlogin:root /home/sshlogin/.ssh sudo chown sshlogin:root /home/sshlogin/.ssh
@ -15,13 +13,3 @@ sudo chown sshlogin:root /home/sshlogin/.ssh
* Either create a password with `sudo passwd sshlogin` or * Either create a password with `sudo passwd sshlogin` or
* Add a key `sudo -u sshlogin editor /home/sshlogin/.ssh/authorized_keys` * Add a key `sudo -u sshlogin editor /home/sshlogin/.ssh/authorized_keys`
* Test config for user with `sudo sshd -T -C user=sshlogin`
## Notes
> Included files do not affect the match context of the file including them.
https://bugzilla.mindrot.org/show_bug.cgi?id=2468#c26
According to the tests, the above is possible:
https://github.com/openssh/openssh-portable/blob/master/regress/servcfginclude.sh