mirror of
https://github.com/apache/cloudstack.git
synced 2025-11-02 20:02:29 +01:00
45e4d4fc3b
Detail: Previously the cloud user has full password-less sudo access. This commit changes that to only allow access to a specific list of commands. Been tested in production on ACS 4.0 and 4.2 mangement servers. BUG-ID: CLOUDSTACK-967 Bugfix-for: Reviewed-by: Reported-by: Signed-off-by: John Kinsella <jlk@stratosec.co> 1382560936 -0700
26 lines
772 B
Bash
26 lines
772 B
Bash
# Update the box
|
|
apt-get -y update
|
|
#apt-get -y install linux-headers-$(uname -r) build-essential
|
|
#apt-get -y install zlib1g-dev libssl-dev libreadline-gplv2-dev
|
|
apt-get -y install curl unzip
|
|
|
|
# Set up sudo
|
|
echo 'vagrant ALL=NOPASSWD:/bin/chmod, /bin/cp, /bin/mkdir, /bin/mount, /bin/umount' > /etc/sudoers.d/vagrant
|
|
|
|
# Tweak sshd to prevent DNS resolution (speed up logins)
|
|
echo 'UseDNS no' >> /etc/ssh/sshd_config
|
|
|
|
# Remove 5s grub timeout to speed up booting
|
|
cat <<EOF > /etc/default/grub
|
|
# If you change this file, run 'update-grub' afterwards to update
|
|
# /boot/grub/grub.cfg.
|
|
|
|
GRUB_DEFAULT=0
|
|
GRUB_TIMEOUT=0
|
|
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
|
|
GRUB_CMDLINE_LINUX_DEFAULT="quiet"
|
|
GRUB_CMDLINE_LINUX="debian-installer=en_US"
|
|
EOF
|
|
|
|
update-grub
|