On Thu, Oct 04, 2012 at 11:16:59AM +0200, Tru Huynh wrote:
I would disable ssh password login completely too.
%packages @base lftp sudo screen wget nfs-utils epel-release cloud-init # disable kdump -kexec-tools ntp nano acpid openssh-clients # firmware-- # ...
%end
%post # sudoers ** don't forget to have sudo in the package list echo 'ec2-user ALL = NOPASSWD: ALL' >> /etc/sudoers # sshd sed -i -e 's/^#PermitRootLogin yes.*/PermitRootLogin no/g' /etc/ssh/sshd_config sed -i -e 's/^PasswordAuthentication yes.*/PasswordAuthentication no/g' /etc/ssh/sshd_config # # ec2-users configuration useradd -G wheel ec2-user
# fix network cat <<ETH0 > /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 BOOTPROTO=dhcp ONBOOT=yes TYPE=Ethernet USERCTL=yes PEERDNS=yes IPV6INIT=no ETH0
/bin/rm -f "/etc/udev/rules.d/*persistent*"
# fix selinux permissions /sbin/restorecon -rv /home /etc /boot
# turn off fsck *** FIX the device *** tune2fs -c 0 -i 0 /dev/sda1
# cleanup # you will get error messages from anaconda trying to chmod the missing files # if you are reading the console output, these messages are harmless, afaik! /bin/rm -f \ /tmp/ks* \ /tmp/yum* \ /var/log/anaconda* \ /var/log/dracut.log \ /root/install* \ /root/anaconda*
%end