From cbbc2dfb89ccdca5b3b3e6861adc5d4b879972b9 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Fri, 23 Jun 2017 10:37:25 +0200 Subject: [PATCH] Forbid login on tty1, disable tty2-6 --- basic.sh | 6 ++- basic/lib/systemd/system/getty@.service | 53 +++++++++++++++++++++++++ 2 files changed, 58 insertions(+), 1 deletion(-) create mode 100644 basic/lib/systemd/system/getty@.service diff --git a/basic.sh b/basic.sh index 97cc0c4..6312ef9 100644 --- a/basic.sh +++ b/basic.sh @@ -17,4 +17,8 @@ update-grub # Set legal banner with URL + latin2 character set cp basic/etc/default/console-setup /etc/default/console-setup -cp basic/etc/issue /etc/issue \ No newline at end of file +cp basic/etc/issue /etc/issue + +# Forbid login on tty1, disable tty2-6 +cp basic/lib/systemd/system/getty@.service /lib/systemd/system/getty@.service +systemctl mask getty-static diff --git a/basic/lib/systemd/system/getty@.service b/basic/lib/systemd/system/getty@.service new file mode 100644 index 0000000..2747d22 --- /dev/null +++ b/basic/lib/systemd/system/getty@.service @@ -0,0 +1,53 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Getty on %I +Documentation=man:agetty(8) man:systemd-getty-generator(8) +Documentation=http://0pointer.de/blog/projects/serial-console.html +After=systemd-user-sessions.service plymouth-quit-wait.service +After=rc-local.service + +# If additional gettys are spawned during boot then we should make +# sure that this is synchronized before getty.target, even though +# getty.target didn't actually pull it in. +Before=getty.target +IgnoreOnIsolate=yes + +# IgnoreOnIsolate causes issues with sulogin, if someone isolates +# rescue.target or starts rescue.service from multi-user.target or +# graphical.target. +Conflicts=rescue.service +Before=rescue.service + +# On systems without virtual consoles, don't start any getty. Note +# that serial gettys are covered by serial-getty@.service, not this +# unit. +ConditionPathExists=/dev/tty0 + +[Service] +# the VT is cleared by TTYVTDisallocate +ExecStart=-/sbin/agetty -l /usr/sbin/nologin %I $TERM +Type=idle +Restart=always +RestartSec=0 +UtmpIdentifier=%I +TTYPath=/dev/%I +TTYReset=yes +TTYVHangup=yes +TTYVTDisallocate=yes +KillMode=process +IgnoreSIGPIPE=no +SendSIGHUP=yes + +# Unset locale for the console getty since the console has problems +# displaying some internationalized messages. +Environment=LANG= LANGUAGE= LC_CTYPE= LC_NUMERIC= LC_TIME= LC_COLLATE= LC_MONETARY= LC_MESSAGES= LC_PAPER= LC_NAME= LC_ADDRESS= LC_TELEPHONE= LC_MEASUREMENT= LC_IDENTIFICATION= + +[Install] +WantedBy=getty.target +DefaultInstance=tty1