diff options
| author | Lukasz Kasprzak <lukasz.kasprzak@pm.me> | 2026-04-14 22:32:43 +0200 |
|---|---|---|
| committer | Lukasz Kasprzak <lukasz.kasprzak@pm.me> | 2026-04-14 22:32:43 +0200 |
| commit | 83f7fe4b8402bab171d110703a1b1115efbc9b28 (patch) | |
| tree | 19110702c7d740f6bd8ee4f5d2ebcb97442be237 /straper/db/public/users | |
| parent | 51d43498b07dc97d795947964534f0903cd05db5 (diff) | |
| download | bin-83f7fe4b8402bab171d110703a1b1115efbc9b28.tar.gz bin-83f7fe4b8402bab171d110703a1b1115efbc9b28.zip | |
cleaned up many scrits and deleted some that were of no use; renamed a lot
Diffstat (limited to 'straper/db/public/users')
| -rw-r--r-- | straper/db/public/users/groups-sanitized.txt | 80 | ||||
| -rw-r--r-- | straper/db/public/users/login-users.txt | 3 | ||||
| -rw-r--r-- | straper/db/public/users/login.defs | 192 | ||||
| -rw-r--r-- | straper/db/public/users/passwd-sanitized.txt | 50 | ||||
| -rw-r--r-- | straper/db/public/users/shells | 11 | ||||
| -rw-r--r-- | straper/db/public/users/sshd_config | 133 |
6 files changed, 0 insertions, 469 deletions
diff --git a/straper/db/public/users/groups-sanitized.txt b/straper/db/public/users/groups-sanitized.txt deleted file mode 100644 index 55c01eb..0000000 --- a/straper/db/public/users/groups-sanitized.txt +++ /dev/null @@ -1,80 +0,0 @@ -root:0 -daemon:1 -bin:2 -sys:3 -adm:4 -tty:5 -disk:6 -lp:7 -mail:8 -news:9 -uucp:10 -man:12 -proxy:13 -kmem:15 -dialout:20 -fax:21 -voice:22 -cdrom:24 -floppy:25 -tape:26 -sudo:27 -audio:29 -dip:30 -www-data:33 -backup:34 -operator:37 -list:38 -irc:39 -src:40 -shadow:42 -utmp:43 -video:44 -sasl:45 -plugdev:46 -staff:50 -games:60 -users:100 -nogroup:65534 -systemd-journal:999 -systemd-network:998 -crontab:997 -input:996 -sgx:995 -clock:994 -kvm:993 -render:992 -netdev:101 -messagebus:991 -systemd-timesync:990 -_ssh:102 -bluetooth:103 -lukasz:1000 -systemd-resolve:988 -polkitd:986 -borg:1001 -borgbrowse:1002 -docker:989 -tcpdump:104 -mysql:105 -plocate:106 -ssl-cert:107 -prosody:108 -uuidd:109 -prometheus:111 -grafana:112 -msmtp:110 -postfix:113 -postdrop:114 -vlock:115 -tss:116 -fwupd-refresh:985 -lufi:987 -ice:117 -mumble-server:118 -avahi:119 -unbound:120 -alloy:984 -debian-tor:121 -i2pd:122 -gopher:123 diff --git a/straper/db/public/users/login-users.txt b/straper/db/public/users/login-users.txt deleted file mode 100644 index 3636d59..0000000 --- a/straper/db/public/users/login-users.txt +++ /dev/null @@ -1,3 +0,0 @@ -root home=/root shell=/bin/bash -lukasz home=/home/lukasz shell=/usr/bin/zsh -borg home=/home/borg shell=/bin/bash diff --git a/straper/db/public/users/login.defs b/straper/db/public/users/login.defs deleted file mode 100644 index 91d3ec4..0000000 --- a/straper/db/public/users/login.defs +++ /dev/null @@ -1,192 +0,0 @@ -# -# /etc/login.defs - Configuration control definitions for the shadow package. -# - -# REQUIRED for useradd/userdel/usermod -# Directory where mailboxes reside, _or_ name of file, relative to the -# home directory. If you _do_ define MAIL_DIR and MAIL_FILE, -# MAIL_DIR takes precedence. -# -# Essentially: -# - MAIL_DIR defines the location of users mail spool files -# (for mbox use) by appending the username to MAIL_DIR as defined -# below. -# - MAIL_FILE defines the location of the users mail spool files as the -# fully-qualified filename obtained by prepending the user home -# directory before $MAIL_FILE -# -# NOTE: This is no more used for setting up users MAIL environment variable -# which is, starting from shadow 4.0.12-1 in Debian, entirely the -# job of the pam_mail PAM modules -# See default PAM configuration files provided for -# login, su, etc. -# -# This is a temporary situation: setting these variables will soon -# move to /etc/default/useradd and the variables will then be -# no more supported -MAIL_DIR /var/mail -#MAIL_FILE .mail - -# -# Enable display of unknown usernames when login(1) failures are recorded. -# -# WARNING: Unknown usernames may become world readable. -# See #290803 and #298773 for details about how this could become a security -# concern -LOG_UNKFAIL_ENAB no - -# -# Enable logging of successful logins -# -LOG_OK_LOGINS no - -# -# If defined, file which maps tty line to TERM environment parameter. -# Each line of the file is in a format similar to "vt100 tty01". -# -#TTYTYPE_FILE /etc/ttytype - -# -# If defined, file which inhibits all the usual chatter during the login -# sequence. If a full pathname, then hushed mode will be enabled if the -# user's name or shell are found in the file. If not a full pathname, then -# hushed mode will be enabled if the file exists in the user's home directory. -# -HUSHLOGIN_FILE .hushlogin -#HUSHLOGIN_FILE /etc/hushlogins - -# -# *REQUIRED* The default PATH settings, for superuser and normal users. -# -# (they are minimal, add the rest in the shell startup files) -ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin -ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games - -# -# Terminal permissions for terminals after login(1). -# These settings are ignored for remote and other logins. -# -# TTYGROUP Login tty will be assigned this group ownership. -# TTYPERM Login tty will be set to this permission. -# -#TTYGROUP tty -TTYPERM 0600 - -# -# Login configuration initializations: -# -# ERASECHAR Terminal ERASE character ('\010' = backspace). -# KILLCHAR Terminal KILL character ('\025' = CTRL/U). -# -# The ERASECHAR and KILLCHAR are used only on System V machines. -# -ERASECHAR 0177 -KILLCHAR 025 - -# HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new -# home directories. -HOME_MODE 0700 - -# -# Password aging controls: -# -# PASS_MAX_DAYS Maximum number of days a password may be used. -# PASS_MIN_DAYS Minimum number of days allowed between password changes. -# PASS_WARN_AGE Number of days warning given before a password expires. -# -PASS_MAX_DAYS 99999 -PASS_MIN_DAYS 0 -PASS_WARN_AGE 7 - -# -# Min/max values for automatic uid selection in useradd(8) -# -UID_MIN 1000 -UID_MAX 60000 -# System accounts -#SYS_UID_MIN 101 -#SYS_UID_MAX 999 -# Extra per user uids -SUB_UID_MIN 100000 -SUB_UID_MAX 600100000 -SUB_UID_COUNT 65536 - -# -# Min/max values for automatic gid selection in groupadd(8) -# -GID_MIN 1000 -GID_MAX 60000 -# System accounts -#SYS_GID_MIN 101 -#SYS_GID_MAX 999 -# Extra per user group ids -SUB_GID_MIN 100000 -SUB_GID_MAX 600100000 -SUB_GID_COUNT 65536 - -# -# Max number of login(1) retries if password is bad -# This will most likely be overriden by PAM, since the default pam_unix module -# has it's own built in of 3 retries. However, this is a safe fallback in case -# you are using an authentication module that does not enforce PAM_MAXTRIES. -# -LOGIN_RETRIES 5 - -# -# Max time in seconds for login(1) -# -LOGIN_TIMEOUT 60 - -# -# Which fields may be changed by regular users using chfn(1) - use -# any combination of letters "frwh" (full name, room number, work -# phone, home phone). If not defined, no changes are allowed. -# For backward compatibility, "yes" = "rwh" and "no" = "frwh". -# -CHFN_RESTRICT rwh - -# -# If set to MD5, MD5-based algorithm will be used for encrypting password -# If set to SHA256, SHA256-based algorithm will be used for encrypting password -# If set to SHA512, SHA512-based algorithm will be used for encrypting password -# If set to BCRYPT, BCRYPT-based algorithm will be used for encrypting password -# If set to YESCRYPT, YESCRYPT-based algorithm will be used for encrypting password -# If set to DES, DES-based algorithm will be used for encrypting password (default) -# MD5 and DES should not be used for new hashes, see crypt(5) for recommendations. -# Overrides the MD5_CRYPT_ENAB option -# -# Note: It is recommended to use a value consistent with -# the PAM modules configuration. -# -ENCRYPT_METHOD YESCRYPT - -# -# Should login be allowed if we can't cd to the home directory? -# Default is no. -# -DEFAULT_HOME yes - -# -# The pwck(8) utility emits a warning for any system account with a home -# directory that does not exist. Some system accounts intentionally do -# not have a home directory. Such accounts may have this string as -# their home directory in /etc/passwd to avoid a spurious warning. -# -NONEXISTENT /nonexistent - -# -# If defined, this command is run when removing a user. -# It should remove any at/cron/print jobs etc. owned by -# the user to be removed (passed as the first argument). -# -#USERDEL_CMD /usr/sbin/userdel_local - -# -# If set to yes, userdel(8) will remove the user's group if it contains no more -# members, and useradd(8) will create by default a group with the name of the -# user. -# -# Other former uses of this variable are not used in PAM environments, such as -# Debian. -# -USERGROUPS_ENAB yes diff --git a/straper/db/public/users/passwd-sanitized.txt b/straper/db/public/users/passwd-sanitized.txt deleted file mode 100644 index 79fc10b..0000000 --- a/straper/db/public/users/passwd-sanitized.txt +++ /dev/null @@ -1,50 +0,0 @@ -root:0:0:root:/root:/bin/bash -daemon:1:1:daemon:/usr/sbin:/usr/sbin/nologin -bin:2:2:bin:/bin:/usr/sbin/nologin -sys:3:3:sys:/dev:/usr/sbin/nologin -sync:4:65534:sync:/bin:/bin/sync -games:5:60:games:/usr/games:/usr/sbin/nologin -man:6:12:man:/var/cache/man:/usr/sbin/nologin -lp:7:7:lp:/var/spool/lpd:/usr/sbin/nologin -mail:8:8:mail:/var/mail:/usr/sbin/nologin -news:9:9:news:/var/spool/news:/usr/sbin/nologin -uucp:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin -proxy:13:13:proxy:/bin:/usr/sbin/nologin -www-data:33:33:www-data:/var/www:/usr/sbin/nologin -backup:34:34:backup:/var/backups:/usr/sbin/nologin -list:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin -irc:39:39:ircd:/run/ircd:/usr/sbin/nologin -_apt:42:65534::/nonexistent:/usr/sbin/nologin -nobody:65534:65534:nobody:/nonexistent:/usr/sbin/nologin -systemd-network:998:998:systemd Network Management:/:/usr/sbin/nologin -dhcpcd:100:65534:DHCP Client Daemon:/usr/lib/dhcpcd:/bin/false -messagebus:991:991:System Message Bus:/nonexistent:/usr/sbin/nologin -systemd-timesync:990:990:systemd Time Synchronization:/:/usr/sbin/nologin -sshd:989:65534:sshd user:/run/sshd:/usr/sbin/nologin -lukasz:1000:1000:lukasz,,,:/home/lukasz:/usr/bin/zsh -systemd-resolve:988:988:systemd Resolver:/:/usr/sbin/nologin -dnsmasq:987:65534:dnsmasq:/var/lib/misc:/usr/sbin/nologin -polkitd:986:986:User for polkitd:/:/usr/sbin/nologin -borg:1001:1001::/home/borg:/bin/bash -tcpdump:101:104::/nonexistent:/usr/sbin/nologin -mysql:102:105:MariaDB Server:/nonexistent:/bin/false -prosody:103:108:Prosody XMPP Server:/var/lib/prosody:/usr/sbin/nologin -uuidd:104:109::/run/uuidd:/usr/sbin/nologin -usbmux:105:46:usbmux daemon:/var/lib/usbmux:/usr/sbin/nologin -prometheus:107:111:Prometheus daemon:/var/lib/prometheus:/usr/sbin/nologin -grafana:108:112::/usr/share/grafana:/bin/false -msmtp:106:110::/var/lib/msmtp:/usr/sbin/nologin -postfix:109:113:Postfix MTA:/var/spool/postfix:/usr/sbin/nologin -tss:110:116:TPM software stack:/var/lib/tpm:/bin/false -fwupd-refresh:985:985:Firmware update daemon:/var/lib/fwupd:/usr/sbin/nologin -lufi:999:987::/srv/lufi:/usr/sbin/nologin -ice:111:117:Ice Service account:/var/lib/ice:/usr/sbin/nologin -mumble-server:112:118::/var/lib/mumble-server:/usr/sbin/nologin -avahi:113:119:Avahi mDNS daemon:/run/avahi-daemon:/usr/sbin/nologin -unbound:114:120::/var/lib/unbound:/usr/sbin/nologin -loki:115:65534::/nonexistent:/bin/false -promtail:116:65534::/nonexistent:/bin/false -alloy:997:984:alloy user:/var/lib/alloy:/sbin/nologin -debian-tor:117:121::/var/lib/tor:/bin/false -i2pd:118:122::/var/lib/i2pd:/usr/sbin/nologin -gopher:119:123::/var/gopher:/usr/sbin/nologin diff --git a/straper/db/public/users/shells b/straper/db/public/users/shells deleted file mode 100644 index ee9995a..0000000 --- a/straper/db/public/users/shells +++ /dev/null @@ -1,11 +0,0 @@ -# /etc/shells: valid login shells -/bin/sh -/usr/bin/sh -/bin/bash -/usr/bin/bash -/bin/rbash -/usr/bin/rbash -/usr/bin/dash -/usr/bin/tmux -/bin/zsh -/usr/bin/zsh diff --git a/straper/db/public/users/sshd_config b/straper/db/public/users/sshd_config deleted file mode 100644 index e7bec65..0000000 --- a/straper/db/public/users/sshd_config +++ /dev/null @@ -1,133 +0,0 @@ - -# This is the sshd server system-wide configuration file. See -# sshd_config(5) for more information. - -# This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/bin:/usr/games - -# The strategy used for options in the default sshd_config shipped with -# OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options override the -# default value. - -Include /etc/ssh/sshd_config.d/*.conf - -#Port 22 -#AddressFamily any -#ListenAddress 0.0.0.0 -#ListenAddress :: - -#HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_ecdsa_key -#HostKey /etc/ssh/ssh_host_ed25519_key - -# Ciphers and keying -#RekeyLimit default none - -# Logging -#SyslogFacility AUTH -#LogLevel INFO - -# Authentication: - -#LoginGraceTime 2m -#PermitRootLogin prohibit-password -#StrictModes yes -#MaxAuthTries 6 -#MaxSessions 10 - -#PubkeyAuthentication yes - -# Expect .ssh/authorized_keys2 to be disregarded by default in future. -#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 - -#AuthorizedPrincipalsFile none - -#AuthorizedKeysCommand none -#AuthorizedKeysCommandUser nobody - -# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#HostbasedAuthentication no -# Change to yes if you don't trust ~/.ssh/known_hosts for -# HostbasedAuthentication -#IgnoreUserKnownHosts no -# Don't read the user's ~/.rhosts and ~/.shosts files -#IgnoreRhosts yes - -# To disable tunneled clear text passwords, change to "no" here! -#PasswordAuthentication yes -#PermitEmptyPasswords no - -# Change to "yes" to enable keyboard-interactive authentication. Depending on -# the system's configuration, this may involve passwords, challenge-response, -# one-time passwords or some combination of these and other methods. -# Beware issues with some PAM modules and threads. -KbdInteractiveAuthentication no - -# Kerberos options -#KerberosAuthentication no -#KerberosOrLocalPasswd yes -#KerberosTicketCleanup yes -#KerberosGetAFSToken no - -# GSSAPI options -#GSSAPIAuthentication no -#GSSAPICleanupCredentials yes -#GSSAPIStrictAcceptorCheck yes -#GSSAPIKeyExchange no - -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will -# be allowed through the KbdInteractiveAuthentication and -# PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via KbdInteractiveAuthentication may bypass -# the setting of "PermitRootLogin prohibit-password". -# If you just want the PAM account and session checks to run without -# PAM authentication, then enable this but set PasswordAuthentication -# and KbdInteractiveAuthentication to 'no'. -UsePAM yes - -#AllowAgentForwarding yes -#AllowTcpForwarding yes -#GatewayPorts no -X11Forwarding no -#X11DisplayOffset 10 -#X11UseLocalhost yes -#PermitTTY yes -PrintMotd no -#PrintLastLog yes -#TCPKeepAlive yes -#PermitUserEnvironment no -#Compression delayed -#ClientAliveInterval 0 -#ClientAliveCountMax 3 -#UseDNS no -#PidFile /run/sshd.pid -#MaxStartups 10:30:100 -#PermitTunnel no -#ChrootDirectory none -#VersionAddendum none - -# no default banner path -#Banner none - -# Allow client to pass locale and color environment variables -AcceptEnv LANG LC_* COLORTERM NO_COLOR - -# override default of no subsystems -Subsystem sftp /usr/lib/openssh/sftp-server - -# Example of overriding settings on a per-user basis -#Match User anoncvs -# X11Forwarding no -# AllowTcpForwarding no -# PermitTTY no -# ForceCommand cvs server -# === custom hardening === -Port 57385 -PermitRootLogin no -PasswordAuthentication no -PubkeyAuthentication yes -MaxAuthTries 3 -LoginGraceTime 30 -AllowUsers lukasz borg - |
