diff options
| -rw-r--r-- | scripts/mk-images.s390 | 48 | ||||
| -rwxr-xr-x | scripts/upd-instroot | 21 |
2 files changed, 45 insertions, 24 deletions
diff --git a/scripts/mk-images.s390 b/scripts/mk-images.s390 index 5a3dc0187..6c8ad2338 100644 --- a/scripts/mk-images.s390 +++ b/scripts/mk-images.s390 @@ -127,14 +127,36 @@ EOF $MBD_DIR/etc/security $MBD_DIR/$LIBDIR/security chmod 111 $MBD_DIR/var/empty/sshd for i in pam_stack.so pam_nologin.so pam_limits.so pam_console.so \ - pam_securetty.so pam_env.so pam_unix.so pam_deny.so pam_cracklib.so \ + pam_env.so pam_unix.so pam_deny.so \ pam_limits.so; do cp -f $IMGPATH/$LIBDIR/security/$i $MBD_DIR/$LIBDIR/security done cp -f $IMGPATH/$LIBDIR/libpam_misc.so* $IMGPATH/$LIBDIR/libpam.so* $MBD_DIR/$LIBDIR - for i in sshd login system-auth other; do + for i in sshd other; do cp -f $IMGPATH/etc/pam.d/$i $MBD_DIR/etc/pam.d done + cat > $MBD_DIR/etc/pam.d/login << EOF +#%PAM-1.0 +auth required pam_stack.so service=system-auth +auth required pam_nologin.so +account required pam_stack.so service=system-auth +password required pam_stack.so service=system-auth +session required pam_stack.so service=system-auth +session optional pam_console.so +EOF + cat > $MBD_DIR/etc/pam.d/system-auth << EOF +#%PAM-1.0 +# This file is auto-generated. +# User changes will be destroyed the next time authconfig is run. +auth required /lib/security/$ISA/pam_env.so +auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok +auth required /lib/security/$ISA/pam_deny.so +account required /lib/security/$ISA/pam_unix.so +password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow +password required /lib/security/$ISA/pam_deny.so +session required /lib/security/$ISA/pam_limits.so +session required /lib/security/$ISA/pam_unix.so +EOF cp -f $IMGPATH/etc/security/{limits.conf,pam_env.conf} $MBD_DIR/etc/security/ cp -f $IMGPATH/usr/bin/login $MBD_DIR/sbin/login cp -f $IMGPATH/usr/sbin/sshd $MBD_DIR/sbin/sshd @@ -178,11 +200,10 @@ EOF cp -f $IMGPATH/usr/bin/gawk $MBD_DIR/sbin/awk cp -f $IMGPATH/usr/bin/sort_save $MBD_DIR/sbin/sort cp -f $IMGPATH/usr/sbin/chroot $MBD_DIR/sbin/chroot - cp -f $IMGPATH/usr/sbin/consoletype $MBD_DIR/sbin/consoletype cp -f $IMGPATH/usr/sbin/mke2fs $MBD_DIR/sbin/mke2fs cp -f $IMGPATH/usr/bin/busybox $MBD_DIR/sbin/busybox for i in cp uname tee rm ps mv more mkdir ls ln hostname head \ - gzip grep dd chmod cat; do + lsmod gzip grep dd chmod cat; do ln -sf busybox $MBD_DIR/sbin/$i done cp -f $IMGPATH/usr/X11R6/bin/xauth $MBD_DIR/sbin/xauth @@ -203,6 +224,21 @@ EOF cp -f $IMGPATH/usr/sbin/ifconfig $MBD_DIR/sbin/ifconfig cp -f $IMGPATH/usr/sbin/xinetd $MBD_DIR/sbin/xinetd cp -f $IMGPATH/usr/sbin/in.telnetd $MBD_DIR/sbin/in.telnetd + cat > $MBD_DIR/etc/xinetd.d/telnet <<EOF +# default: on +# description: The telnet server serves telnet sessions; it uses \ +# unencrypted username/password pairs for authentication. +service telnet +{ + flags = REUSE + socket_type = stream + wait = no + user = root + server = /sbin/in.telnetd + log_on_failure += USERID + disable = no +} +EOF cp -f $IMGPATH/usr/sbin/route $MBD_DIR/sbin/route cp -f $IMGPATH/usr/sbin/portmap $MBD_DIR/sbin/portmap cp -f $IMGPATH/etc/xinetd.conf $MBD_DIR/etc/xinetd.conf @@ -249,7 +285,8 @@ EOF for file in ISO8859-15.so EUC-JP.so libJIS.so gconv-modules; do cp -f $IMGPATH/usr/$LIBDIR/gconv/$file $MBD_DIR/usr/$LIBDIR/gconv/$file done - cp -f $IMGPATH/etc/services $MBD_DIR/etc/ + echo "telnet 23/tcp" > $MBD_DIR/etc/services + echo "tcp 6 TCP" > $MBD_DIR/etc/protocols cp -df $IMGPATH/$LIBDIR/libpam.so* $MBD_DIR/$LIBDIR cp -df $IMGPATH/$LIBDIR/libdl.so* $MBD_DIR/$LIBDIR cp -df $IMGPATH/$LIBDIR/libdl-*.so* $MBD_DIR/$LIBDIR @@ -280,7 +317,6 @@ EOF cp -df $IMGPATH/$LIBDIR/libssl* $MBD_DIR/$LIBDIR cp -df $IMGPATH/$LIBDIR/libext2* $MBD_DIR/$LIBDIR cp -df $IMGPATH/$LIBDIR/libcom_err* $MBD_DIR/$LIBDIR - cp -df $IMGPATH/$LIBDIR/libcrack* $MBD_DIR/$LIBDIR cp -df $IMGPATH/usr/kerberos/$LIBDIR/libgssapi_krb5* $MBD_DIR/usr/kerberos/$LIBDIR cp -df $IMGPATH/usr/kerberos/$LIBDIR/libkrb5.so* $MBD_DIR/usr/kerberos/$LIBDIR cp -df $IMGPATH/usr/kerberos/$LIBDIR/libk5crypto.so* $MBD_DIR/usr/kerberos/$LIBDIR diff --git a/scripts/upd-instroot b/scripts/upd-instroot index 4d931e1eb..6f48af1ca 100755 --- a/scripts/upd-instroot +++ b/scripts/upd-instroot @@ -118,8 +118,8 @@ if [ $ARCH = s390 -o $ARCH = s390x ]; then PACKAGES="$PACKAGES s390utils binutils libgcc tcp_wrappers sed net-tools xinetd openssl openssh openssh-server coreutils login initscripts XFree86-xauth bash portmap pam - libcrack telnet-server login mount grep modutils gawk - XFree86-libs" + telnet-server login mount grep modutils gawk + XFree86-libs strace" fi if [ $ARCH = ppc -o $ARCH = ppc64 ]; then @@ -371,6 +371,7 @@ if [ $ARCH = s390 -o $ARCH = s390x ]; then cat >> $KEEPFILE <<EOF usr/share/terminfo/a/ansi usr/share/terminfo/d/dumb +usr/share/terminfo/k/kterm usr/share/terminfo/s/screen usr/share/terminfo/v/vt100 usr/share/terminfo/v/vt100-nav @@ -379,22 +380,12 @@ usr/share/terminfo/x/xterm usr/share/terminfo/x/xterm-color usr/bin/strace usr/bin/ldd -usr/bin/wget -usr/bin/printf -usr/bin/dasdformat -usr/bin/formatmnt -usr/bin/mountpoint -usr/bin/netsetup -usr/bin/pkgselect -usr/bin/pkgsrc usr/sbin/chroot usr/sbin/sshd usr/sbin/glibc_post_upgrade usr/sbin/in.telnetd usr/sbin/xinetd sbin/busybox.anaconda -sbin/consoletype -sbin/rhsetup sbin/ifconfig sbin/route sbin/portmap @@ -403,7 +394,6 @@ sbin/dasdfmt sbin/swapon sbin/swapoff sbin/mkswap -sbin/tune2fs bin/bash bin/dd bin/gawk @@ -414,7 +404,6 @@ bin/login bin/cat bin/chmod bin/sort -bin/rpm $LIBDIR/libpam.so* $LIBDIR/libdl.so* $LIBDIR/libdl-*.so* @@ -434,16 +423,12 @@ $LIBDIR/libresolv-*.so* $LIBDIR/libvtoc*.so* lib/modules/ibm/* etc/xinetd.conf -etc/xinetd.d/telnet etc/pam.d/sshd -etc/pam.d/login -etc/pam.d/system-auth etc/pam.d/other etc/security/limits.conf etc/security/pam_env.conf lib/security $LIBDIR/security/pam_* -usr/$LIBDIR/libcrack.so* usr/$LIBDIR/libwrap.so* usr/X11R6/$LIBDIR/libXmuu.so* usr/X11R6/$LIBDIR/libX11.so* |