annotate Makefile @ 2:ecf6bac512ae default tip

cleanup make for c6/c7/fedora
author Carl Byington <carl@five-ten-sg.com>
date Tue, 14 Mar 2017 18:42:47 -0700
parents 0e3c9806a620
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
0
524d6c83d8ad initial version
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
1 #
524d6c83d8ad initial version
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
2 # based on http://blog.boa.nu/2012/11/two-factor-ssh-login-google-authenticator-and-selinux.html
524d6c83d8ad initial version
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
3 #
524d6c83d8ad initial version
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
4
524d6c83d8ad initial version
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
5 r := $(shell grep Wrote: mylog | grep -v debuginfo | awk '{print $$2}')
524d6c83d8ad initial version
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
6 b := $(shell basename ${r})
524d6c83d8ad initial version
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
7 m := google-authenticator.pp
2
ecf6bac512ae cleanup make for c6/c7/fedora
Carl Byington <carl@five-ten-sg.com>
parents: 1
diff changeset
8 c6 := $(shell grep -q 'CentOS .* 6' /etc/system-release && echo 1 || echo 0)
ecf6bac512ae cleanup make for c6/c7/fedora
Carl Byington <carl@five-ten-sg.com>
parents: 1
diff changeset
9 sy := $(shell which systemctl 2>/dev/null)
0
524d6c83d8ad initial version
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
10
524d6c83d8ad initial version
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
11 all:
2
ecf6bac512ae cleanup make for c6/c7/fedora
Carl Byington <carl@five-ten-sg.com>
parents: 1
diff changeset
12 yum -y install pam-devel selinux-policy-devel qrencode-devel
0
524d6c83d8ad initial version
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
13 rpmbuild --rebuild google-authenticator-1.0-0.gita096a62.fc24.6.src.rpm >mylog 2>&1
524d6c83d8ad initial version
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
14 grep Wrote: mylog
2
ecf6bac512ae cleanup make for c6/c7/fedora
Carl Byington <carl@five-ten-sg.com>
parents: 1
diff changeset
15 [ ${c6} -eq 1 ] && make -f /usr/share/selinux/devel/Makefile
0
524d6c83d8ad initial version
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
16
524d6c83d8ad initial version
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
17 install:
524d6c83d8ad initial version
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
18 [ -f ${r} ] || /bin/false
524d6c83d8ad initial version
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
19 yum -y install ${r}
2
ecf6bac512ae cleanup make for c6/c7/fedora
Carl Byington <carl@five-ten-sg.com>
parents: 1
diff changeset
20 [ ${c6} -eq 1 ] && semodule -i ${m}
0
524d6c83d8ad initial version
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
21 sed -i -e 's/PAM-1.0/PAM-1.0\nauth required pam_google_authenticator.so nullok/g' /etc/pam.d/sshd
524d6c83d8ad initial version
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
22 sed -i -e 's/^ChallengeResponseAuthentication no/ChallengeResponseAuthentication yes/g' /etc/ssh/sshd_config
2
ecf6bac512ae cleanup make for c6/c7/fedora
Carl Byington <carl@five-ten-sg.com>
parents: 1
diff changeset
23 [ -z "${sy}" ] && service sshd restart || systemctl restart sshd.service
0
524d6c83d8ad initial version
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
24
524d6c83d8ad initial version
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
25 setup:
524d6c83d8ad initial version
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
26 google-authenticator
2
ecf6bac512ae cleanup make for c6/c7/fedora
Carl Byington <carl@five-ten-sg.com>
parents: 1
diff changeset
27 # authenticator setup creates the file with the wrong label on C6
0
524d6c83d8ad initial version
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
28 restorecon ~/.google_authenticator
524d6c83d8ad initial version
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
29
524d6c83d8ad initial version
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
30
524d6c83d8ad initial version
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
31 install-remote:
524d6c83d8ad initial version
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
32 scp ${r} ${m} $$target:/tmp
524d6c83d8ad initial version
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
33 ssh $$target "cd /tmp; yum -y install ${b}"
524d6c83d8ad initial version
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
34 ssh $$target "cd /tmp; semodule -i ${m}"
524d6c83d8ad initial version
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
35 ssh $$target "sed -i -e 's/PAM-1.0/PAM-1.0\nauth required pam_google_authenticator.so nullok/g' /etc/pam.d/sshd"
524d6c83d8ad initial version
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
36 ssh $$target "sed -i -e 's/^ChallengeResponseAuthentication no/ChallengeResponseAuthentication yes/g' /etc/ssh/sshd_config"
524d6c83d8ad initial version
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
37 ssh $$target "service sshd restart"
524d6c83d8ad initial version
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
38
524d6c83d8ad initial version
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
39 # make install-remote target=host.domain.tld