Skip to content

Commit

Permalink
Start migration to Debian 11 (#1038)
Browse files Browse the repository at this point in the history 
- Use mktemp instead of tempfile
- Do not set IO scheduler manually anymore
- Replace pam_tally2 by pam_faillock

Signed-off-by: Volker Theile <votdev@gmx.de>
  • Loading branch information
@votdev
votdev committed May 29, 2021
1 parent 0ee563d commit 7da153d
Show file tree
Hide file tree
Showing 39 changed files with 169 additions and 117 deletions.
2 changes: 1 addition & 1 deletion deb/openmediavault-clamav/debian/control
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ Homepage: http://www.openmediavault.org

Package: openmediavault-clamav
Architecture: all
Depends: openmediavault (>= 5.3.7), clamav-daemon (>= 0.102), clamav-freshclam, clamdscan
Depends: openmediavault (>= 6.0), clamav-daemon (>= 0.102), clamav-freshclam, clamdscan
Priority: optional
Description: openmediavault ClamAV plugin
Clam AntiVirus is an anti-virus toolkit for Unix.
2 changes: 1 addition & 1 deletion deb/openmediavault-diskstats/debian/control
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ Homepage: http://www.openmediavault.org

Package: openmediavault-diskstats
Architecture: all
Depends: openmediavault (>= 5.6.0)
Depends: openmediavault (>= 6.0)
Priority: optional
Description: openmediavault disk monitoring plugin
The disk monitoring plugin collects performance statistics of hard-disks.
2 changes: 1 addition & 1 deletion deb/openmediavault-forkeddaapd/debian/control
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ Homepage: http://www.openmediavault.org

Package: openmediavault-forkeddaapd
Architecture: all
Depends: openmediavault (>= 5.5.12), forked-daapd
Depends: openmediavault (>= 6.0), forked-daapd
Priority: optional
Description: openmediavault forked-daapd (DAAP server) plugin
forked-daapd is an iTunes-compatible DAAP (Digital Audio Access Protocol)
Expand Down
2 changes: 1 addition & 1 deletion deb/openmediavault-lvm2/debian/control
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ Homepage: http://www.openmediavault.org

Package: openmediavault-lvm2
Architecture: all
Depends: openmediavault (>= 5.3.4), lvm2
Depends: openmediavault (>= 6.0), lvm2
Priority: optional
Description: openmediavault Logical Volume Manager (LVM2) plugin
LVM supports enterprise level volume management of disk and disk subsystems
Expand Down
2 changes: 1 addition & 1 deletion deb/openmediavault-nut/debian/control
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ Homepage: http://www.openmediavault.org

Package: openmediavault-nut
Architecture: all
Depends: openmediavault (>= 5.6.0), nut, udev
Depends: openmediavault (>= 6.0), nut, udev
Priority: optional
Description: openmediavault Network UPS Tools (NUT) plugin
Network UPS Tools (NUT) is a client/server monitoring system that
Expand Down
2 changes: 1 addition & 1 deletion deb/openmediavault-shairport/debian/control
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ Homepage: http://www.openmediavault.org

Package: openmediavault-shairport
Architecture: all
Depends: openmediavault (>= 5.5.12), shairport-sync (>= 2.8.6), alsa-utils
Depends: openmediavault (>= 6.0), shairport-sync (>= 2.8.6), alsa-utils
Priority: optional
Description: openmediavault shairport (AirPlay/RAOP receiver) plugin
Shairport emulates an AirPort Express for the purpose of streaming
Expand Down
2 changes: 1 addition & 1 deletion deb/openmediavault-sharerootfs/debian/control
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ Homepage: https://www.openmediavault.org

Package: openmediavault-sharerootfs
Architecture: all
Depends: openmediavault (>= 5.2.5)
Depends: openmediavault (>= 6.0)
Priority: optional
Description: openmediavault share root filesystem plugin
The plugin enables the ability to create shared folders in the
Expand Down
2 changes: 1 addition & 1 deletion deb/openmediavault-snmp/debian/control
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ Homepage: http://www.openmediavault.org

Package: openmediavault-snmp
Architecture: all
Depends: openmediavault (>= 5.3.4), snmpd
Depends: openmediavault (>= 6.0), snmpd
Priority: optional
Description: openmediavault SNMP (Simple Network Management Protocol) plugin
The Simple Network Management Protocol (SNMP) provides a framework
Expand Down
2 changes: 1 addition & 1 deletion deb/openmediavault-tftp/debian/control
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ Homepage: http://www.openmediavault.org

Package: openmediavault-tftp
Architecture: all
Depends: openmediavault (>= 5.3.4), tftpd-hpa
Depends: openmediavault (>= 6.0), tftpd-hpa
Priority: optional
Description: openmediavault TFTP-Server plugin
A TFTP server is mainly required for booting operating systems or
Expand Down
2 changes: 1 addition & 1 deletion deb/openmediavault-usbbackup/debian/control
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ Homepage: http://www.openmediavault.org

Package: openmediavault-usbbackup
Architecture: all
Depends: rsync, openmediavault (>= 5.3.4)
Depends: rsync, openmediavault (>= 6.0)
Priority: optional
Description: openmediavault USB/eSATA backup plugin
Automatically synchronise a shared folder to an USB/eSATA device and vice
Expand Down
2 changes: 2 additions & 0 deletions deb/openmediavault/debian/changelog
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@ openmediavault (6.0-6) UNRELEASED; urgency=low
anymore because they are not unique and predictable.
* Change file system handling in UI.
* Adapt 'FileSystemMgmt' RPCs to new workflow.
* Upgrade to Debian 11.
- Replace pam_tally2 by pam_faillock

-- Volker Theile <volker.theile@openmediavault.org> Mon, 14 Dec 2020 20:28:37 +0100

Expand Down
10 changes: 5 additions & 5 deletions deb/openmediavault/debian/control
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,19 +10,19 @@ Package: openmediavault
Architecture: all
Depends: php-fpm, libpam-modules, php-json,
php-cgi, php-cli, php-mbstring, php-pam, sudo, ethtool, python3-dialog,
acl, iproute2, xfsprogs, jfsutils, ntfs-3g, hdparm, wsdd (>= 0.3-2),
sdparm, mdadm, postfix, libsasl2-modules, bsd-mailx, python3-dbus,
acl, iproute2, xfsprogs, jfsutils, ntfs-3g, hdparm, wsdd (>= 0.6.2),
sdparm, mdadm, postfix, libsasl2-modules, python3-dbus,
cpufrequtils, rsyslog, logrotate, smartmontools, openssl, openssh-server,
uuid, tzdata, nfs-kernel-server, proftpd-basic, lsb-release, sshpass,
wget, util-linux, samba, samba-common-bin, rsync, apt-utils, netplan.io,
avahi-daemon, libnss-mdns, iptables, monit, beep, php-bcmath,
avahi-daemon, libnss-mdns, iptables, monit, beep, php-bcmath, sed,
gdisk, rrdtool, collectd, cron, anacron, cron-apt, quota, php-xml,
quotatool, whiptail, lvm2, watchdog, ca-certificates, proftpd-mod-vroot,
coreutils, xmlstarlet, mount, parted, bash, diffutils, lsof, isc-dhcp-client,
socat, rrdcached, locales, nginx, bash-completion, python3, f2fs-tools,
rrdcached, locales, nginx, bash-completion, python3, f2fs-tools,
python3-apt, wpasupplicant, systemd, systemd-sysv, btrfs-progs,
samba-vfs-modules, pciutils, python3-pyudev, python3-natsort, jq, chrony,
python3-netifaces, udev, python3-lxml, salt-minion (>= 3000.2),
python3-netifaces, udev, python3-lxml, salt-minion (>= 3003),
libnss-myhostname, php-yaml, python3-click, python3-cached-property,
python3-polib, ${misc:Depends}
Description: openmediavault - The open network attached storage solution
Expand Down
2 changes: 1 addition & 1 deletion deb/openmediavault/debian/openmediavault.postinst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -311,7 +311,7 @@ case "$1" in
omv_module_set_dirty hostname
fi
if dpkg --compare-versions "$2" lt-nl "6.0"; then
LANG=C.UTF-8 omv-salt deploy run --no-color --quiet nginx || :
LANG=C.UTF-8 omv-salt deploy run --no-color --quiet nginx rsyslog || :
fi

########################################################################
Expand Down
11 changes: 9 additions & 2 deletions deb/openmediavault/etc/cron.daily/openmediavault-check_locked_users
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,10 +27,17 @@ set -e
[ "$(omv_config_get "//system/email/enable")" != "1" ] && exit 0

# Check if there are locked users.
if [ $(pam_tally2 | grep -P "^\S+\s+\d+\s+.+$" | wc -l) -gt 0 ]; then
# admin:
# When Type Source Valid
# test:
# When Type Source Valid
# 2021-05-11 22:06:57 SVC openmediavault V
# 2021-05-11 22:07:00 SVC openmediavault V
# 2021-05-11 22:07:04 SVC openmediavault V
if [ $(faillock | sed -E -e '/^[^:]+:$/d' -e '/^When/d' | wc -l) -gt 0 ]; then
(
echo "The following users are locked/banned or are candidates for too many failed login attempts:\n";
pam_tally2;
faillock;
echo "\nYou can reset their counters and unlock them via the omv-firstaid command."
) | mail -E -s "Locked users overview" root
fi
2 changes: 1 addition & 1 deletion deb/openmediavault/etc/pam.d/openmediavault
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
# Standard Un*x authentication.
@include common-auth

account required pam_tally2.so
account required pam_faillock.so

# Standard Un*x authorization.
@include common-account
Expand Down
3 changes: 2 additions & 1 deletion deb/openmediavault/etc/pam.d/openmediavault-common-auth
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,5 @@
#

# Deny user access after 3 failed login attempts.
auth required pam_tally2.so onerr=fail audit deny=3 unlock_time=180
auth required pam_faillock.so preauth silent audit deny=3 unlock_time=180
auth required pam_faillock.so authfail audit deny=3 fail_interval=300 unlock_time=180
2 changes: 1 addition & 1 deletion deb/openmediavault/etc/pam.d/openmediavault-webgui
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
# Standard Un*x authentication.
@include common-auth

account required pam_tally2.so
account required pam_faillock.so

# Standard Un*x authorization.
@include common-account
Expand Down
12 changes: 12 additions & 0 deletions deb/openmediavault/etc/rsyslog.d/openmediavault-pamfaillock.conf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
# https://www.rsyslog.com/regex/
# May 11 16:30:37 omv6box omv-engined[71484]: pam_faillock(openmediavault:auth): Consecutive login failures for user admin account temporarily locked
$template pamfaillockMailSubject,"Too many failed login attempts from user '%msg:R,ERE,1,DFLT:user (.+) account--end%'"
$template pamfaillockMailBody,"User '%msg:R,ERE,1,DFLT:user (.+) account--end%' has been banned at %timereported% after consecutive failed login attempts. Access is denied for 3 minutes. After that time, the user is able to log in again with the correct password."
$template pamfaillockAuthMsg,"%timereported% %hostname% %syslogtag% User '%msg:R,ERE,1,DFLT:user (.+) account--end%' has been banned after consecutive failed login attempts.\n"
$ModLoad ommail
$ActionMailFrom root
$ActionMailTo root
$ActionMailSubject pamfaillockMailSubject
:msg, regex, "pam_faillock\(.*:auth\): Consecutive login failures for user .* account temporarily locked" :ommail:;pamfaillockMailBody
:msg, regex, "pam_faillock\(.*:auth\): Consecutive login failures for user .* account temporarily locked" /var/log/auth.log;pamfaillockAuthMsg
& stop
11 changes: 0 additions & 11 deletions deb/openmediavault/etc/rsyslog.d/openmediavault-pamtally2.conf
View file

This file was deleted.

28 changes: 0 additions & 28 deletions deb/openmediavault/etc/udev/rules.d/99-openmediavault-scheduler.rules
View file

This file was deleted.

7 changes: 5 additions & 2 deletions deb/openmediavault/srv/salt/omv/deploy/avahi/files/etc-avahi-avahi-daemon_conf.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,8 @@ use-ipv4={{ use_ipv4 }}
use-ipv6={{ use_ipv6 }}
{%- if allow_interfaces | length > 0 %}
allow-interfaces={{ allow_interfaces }}
{%- else -%}
#allow-interfaces=eth0
{%- endif %}
#deny-interfaces=eth1
#check-response-ttl=no
Expand Down Expand Up @@ -47,12 +49,13 @@ publish-workstation={{ publish_workstation }}
[reflector]
enable-reflector={{ enable_reflector }}
#reflect-ipv=no
#reflect-filters=_airplay._tcp.local,_raop._tcp.local

[rlimits]
#rlimit-as=
#rlimit-core=0
#rlimit-data=4194304
#rlimit-data=8388608
#rlimit-fsize=0
#rlimit-nofile=768
#rlimit-stack=4194304
#rlimit-stack=8388608
#rlimit-nproc={{ rlimit_nproc }}
6 changes: 3 additions & 3 deletions deb/openmediavault/srv/salt/omv/deploy/monit/services/files/php-fpm.j2
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
check process php-fpm with pidfile /run/php/php7.3-fpm.pid
start program = "/bin/systemctl start php7.3-fpm"
stop program = "/bin/systemctl stop php7.3-fpm"
check process php-fpm with pidfile /run/php/php7.4-fpm.pid
start program = "/bin/systemctl start php7.4-fpm"
stop program = "/bin/systemctl stop php7.4-fpm"
mode active
{%- if email_config.enable | to_bool and not notification_config.enable | to_bool %}
noalert {{ email_config.primaryemail }}
Expand Down
2 changes: 1 addition & 1 deletion deb/openmediavault/srv/salt/omv/deploy/nginx/files/site-webgui.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ server {
}
location ~* \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php/php7.3-fpm-openmediavault-webgui.sock;
fastcgi_pass unix:/run/php/php7.4-fpm-openmediavault-webgui.sock;
fastcgi_index index.php;
fastcgi_read_timeout {{ fastcgi_read_timeout }};
include fastcgi.conf;
Expand Down
4 changes: 2 additions & 2 deletions deb/openmediavault/srv/salt/omv/deploy/phpfpm/10webgui.sls
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,13 +19,13 @@

configure_phpfpm_webgui:
file.managed:
- name: "/etc/php/7.3/fpm/pool.d/openmediavault-webgui.conf"
- name: "/etc/php/7.4/fpm/pool.d/openmediavault-webgui.conf"
- contents: |
[openmediavault-webgui]
user = openmediavault-webgui
group = openmediavault-webgui
listen = /run/php/php7.3-fpm-openmediavault-webgui.sock
listen = /run/php/php7.4-fpm-openmediavault-webgui.sock
listen.owner = www-data
listen.group = www-data
listen.mode = 0600
Expand Down
4 changes: 2 additions & 2 deletions deb/openmediavault/srv/salt/omv/deploy/phpfpm/default.sls
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,11 +31,11 @@ include:

test_phpfpm_service_config:
cmd.run:
- name: "php-fpm7.3 --test"
- name: "php-fpm7.4 --test"

restart_phpfpm_service:
service.running:
- name: php7.3-fpm
- name: php7.4-fpm
- enable: True
- require:
- cmd: test_phpfpm_service_config
Expand Down
4 changes: 2 additions & 2 deletions deb/openmediavault/srv/salt/omv/setup/shell/30root_profile.sls
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@
modify_root_profile:
file.replace:
- name: '/root/.profile'
- pattern: '^{{ 'mesg n || true' | regex_escape }}$'
- repl: 'test -t 0 && mesg n || true'
- pattern: '^{{ 'mesg n 2> /dev/null || true' | regex_escape }}$'
- repl: 'test -t 0 && mesg n 2> /dev/null || true'
- ignore_if_missing: True
- backup: False
2 changes: 1 addition & 1 deletion deb/openmediavault/usr/sbin/omv-engined
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
#!/usr/bin/php7.3 -c/etc/openmediavault
#!/usr/bin/php7.4 -c/etc/openmediavault
<?php
/**
* This file is part of OpenMediaVault.
Expand Down
2 changes: 1 addition & 1 deletion deb/openmediavault/usr/sbin/omv-mkworkbench
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ def load_yaml_files(schema: openmediavault.datamodel.Schema,
result = []
for name in glob.iglob(os.path.join(dir_path, '*.yaml')):
with open(name, 'r') as fd:
content = strip_gettext(yaml.load(fd))
content = strip_gettext(yaml.safe_load(fd))
openmediavault.log.info('Processing manifest "%s" ...',
name, verbose=verbose)
try:
Expand Down
2 changes: 1 addition & 1 deletion deb/openmediavault/usr/sbin/omv-rpc
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
#!/usr/bin/php7.3 -c/etc/openmediavault
#!/usr/bin/php7.4 -c/etc/openmediavault
<?php
/**
* This file is part of OpenMediaVault.
Expand Down
Loading

0 comments on commit 7da153d

Please sign in to comment.