summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
author Eric Hameleers <alien@slackware.com>2016-05-17 11:12:18 +0200
committer Eric Hameleers <alien@slackware.com>2016-05-17 11:12:18 +0200
commitba1b347f23818adb5ee8bb3362b4a1623dd877f2 (patch)
tree877e32d4ac5b56d0f3a429779e7f99b2d7b0e594
parentf7f4291b0101903d96c7ca5d61b3beedb29ee6dc (diff)
downloadliveslak-ba1b347f23818adb5ee8bb3362b4a1623dd877f2.tar.gz
liveslak-ba1b347f23818adb5ee8bb3362b4a1623dd877f2.tar.xz
Disable the SSH daemon by default and use a tweak to start it on demand.
The passwords for users 'live' and 'root' are easy to guess. When you use the Slackware Live Edition on a public network, you do not want people to use an exposed SSH login. If you still want to have the SSH daemon enabled on boot, use the 'tweak' boot parameter and provide a 'ssh' value as follows: "tweak=ssh" This can be combined with other tweaks of course, all comma-separated.
-rwxr-xr-xliveinit4
-rwxr-xr-xmake_slackware_live.sh3
2 files changed, 6 insertions, 1 deletions
diff --git a/liveinit b/liveinit
index 841381d..aee9f6f 100755
--- a/liveinit
+++ b/liveinit
@@ -196,6 +196,7 @@ for ARG in $(cat /proc/cmdline); do
# nga: no glamor 2d acceleration.
# tpb: trackpoint scrolling while pressing middle mouse button.
# syn: start synaptics daemon and extend X.Org capabilities.
+ # ssh: start SSH daemon (disabled by default).
TWEAKS=$(echo $ARG | cut -f2 -d=)
;;
tz=*)
@@ -967,6 +968,9 @@ Section "InputClass"
Option "VertEdgeScroll" "1"
EndSection
EOT
+ elif [ "$TWEAK" = "ssh" ]; then
+ # Enable SSH daemon (disabled by default for security reasons):
+ chmod +x /mnt/overlay/etc/rc.d/rc.sshd
fi
done # End Tweaks.
diff --git a/make_slackware_live.sh b/make_slackware_live.sh
index a7724e5..81b96ea 100755
--- a/make_slackware_live.sh
+++ b/make_slackware_live.sh
@@ -1461,11 +1461,12 @@ fi
# Configure the default runlevel:
sed -i ${LIVE_ROOTDIR}/etc/inittab -e "s/\(id:\).\(:initdefault:\)/\1${RUNLEVEL}\2/"
-# Disable unneeded services:
+# Disable unneeded/unwanted services:
[ -f ${LIVE_ROOTDIR}/etc/rc.d/rc.acpid ] && chmod -x ${LIVE_ROOTDIR}/etc/rc.d/rc.acpid
[ -f ${LIVE_ROOTDIR}/etc/rc.d/rc.pcmcia ] && chmod -x ${LIVE_ROOTDIR}/etc/rc.d/rc.pcmcia
[ -f ${LIVE_ROOTDIR}/etc/rc.d/rc.pulseaudio ] && chmod -x ${LIVE_ROOTDIR}/etc/rc.d/rc.pulseaudio
[ -f ${LIVE_ROOTDIR}/etc/rc.d/rc.yp ] && chmod -x ${LIVE_ROOTDIR}/etc/rc.d/rc.yp
+[ -f ${LIVE_ROOTDIR}/etc/rc.d/rc.sshd ] && chmod -x ${LIVE_ROOTDIR}/etc/rc.d/rc.sshd
# But enable NFS client support:
[ -f ${LIVE_ROOTDIR}/etc/rc.d/rc.rpc ] && chmod +x ${LIVE_ROOTDIR}/etc/rc.d/rc.rpc