diff options
Diffstat (limited to 'server')
| -rw-r--r-- | server/blacklists/desktop-sessions/filter | 1 | ||||
| -rw-r--r-- | server/blacklists/essential/linux-base | 6 | ||||
| -rw-r--r-- | server/modules/pam-freiburg/etc/pam.d/common-session | 16 |
3 files changed, 15 insertions, 8 deletions
diff --git a/server/blacklists/desktop-sessions/filter b/server/blacklists/desktop-sessions/filter index 66d3589a..aafd1156 100644 --- a/server/blacklists/desktop-sessions/filter +++ b/server/blacklists/desktop-sessions/filter @@ -2,3 +2,4 @@ + /usr/share/xsessions/gnome.desktop + /usr/share/xsessions/kde-plasma.desktop + /usr/share/xsessions/ubuntu.desktop ++ /usr/share/xsessions/xfce.desktop diff --git a/server/blacklists/essential/linux-base b/server/blacklists/essential/linux-base index 4f58b6c9..f83ef1ac 100644 --- a/server/blacklists/essential/linux-base +++ b/server/blacklists/essential/linux-base @@ -32,5 +32,11 @@ - /initrd.img.old - /vmlinuz - /vmlinuz.old +# Interfering binaries/links +- /sbin/shutdown +- /sbin/reboot +- /sbin/poweroff +- /sbin/halt +- /bin/sh # This is where the bind-mount of mltk resides... - /export/build diff --git a/server/modules/pam-freiburg/etc/pam.d/common-session b/server/modules/pam-freiburg/etc/pam.d/common-session index 9a8b73e1..26ff89a3 100644 --- a/server/modules/pam-freiburg/etc/pam.d/common-session +++ b/server/modules/pam-freiburg/etc/pam.d/common-session @@ -13,26 +13,26 @@ # pam-auth-update(8) for details. # here are the per-package modules (the "Primary" block) -session [default=1] pam_permit.so +session [default=1] pam_permit.so # here's the fallback if no module succeeds -session requisite pam_deny.so +session requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around -session required pam_permit.so +session required pam_permit.so # The pam_umask module will set the umask according to the system default in # /etc/login.defs and user settings, solving the problem of different # umask settings with different shells, display managers, remote sessions etc. # See "man pam_umask". session optional pam_umask.so # and here are more per-package modules (the "Additional" block) -session required pam_systemd.so -session optional pam_ck_connector.so +session required pam_systemd.so +session optional pam_ck_connector.so nox11 session optional pam_env.so readenv=1 session optional pam_env.so readenv=1 envfile=/etc/default/locale -session optional pam_krb5.so minimum_uid=1000 -session [success=1] pam_unix.so +session optional pam_krb5.so minimum_uid=1000 +session [success=1] pam_unix.so session [success=ok] pam_ldap.so -session sufficient pam_script.so +session sufficient pam_script.so session optional pam_mkhomedir.so skel=/etc/skel umask=0022 # end of pam-auth-update config |