Skip to content

Commit a712644

Browse files
sriramandevsriramandev
committed
fix: 🐛 Make sure all references to builder user is deleted - OVA
There is residue entry in /etc/sudoers.d/90-cloud-init-users for builder builer user. This can be flagged by security audits since this is not required and by default give passwordless sudo access to a user if a new user with username builder is created.
1 parent 0279249 commit a712644

File tree

1 file changed

+4
-4
lines changed

1 file changed

+4
-4
lines changed

images/capi/packer/ova/packer-node.json

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@
1616
"remote_password": "{{user `remote_password`}}",
1717
"remote_type": "{{user `remote_type`}}",
1818
"remote_username": "{{user `remote_username`}}",
19-
"shutdown_command": "echo '{{user `ssh_password`}}' | sudo -S -E sh -c 'userdel -f -r {{user `ssh_username`}} && rm -f /etc/sudoers.d/{{user `ssh_username` }} && {{user `shutdown_command`}}'",
19+
"shutdown_command": "echo '{{user `ssh_password`}}' | sudo -S -E sh -c 'userdel -f -r {{user `ssh_username`}} && rm -f /etc/sudoers.d/{{user `ssh_username` }} && rm -f /etc/sudoers.d/90-cloud-init-users && {{user `shutdown_command`}}'",
2020
"skip_compaction": "{{user `skip_compaction`}}",
2121
"source_path": "{{ user `source_path`}}",
2222
"ssh_password": "{{user `ssh_password`}}",
@@ -114,7 +114,7 @@
114114
"remote_password": "{{user `remote_password`}}",
115115
"remote_type": "{{user `remote_type`}}",
116116
"remote_username": "{{user `remote_username`}}",
117-
"shutdown_command": "echo '{{user `ssh_password`}}' | sudo -S -E sh -c 'userdel -f -r {{user `ssh_username`}} && rm -f /etc/sudoers.d/{{user `ssh_username` }} && {{user `shutdown_command`}}'",
117+
"shutdown_command": "echo '{{user `ssh_password`}}' | sudo -S -E sh -c 'userdel -f -r {{user `ssh_username`}} && rm -f /etc/sudoers.d/{{user `ssh_username` }} && rm -f /etc/sudoers.d/90-cloud-init-users && {{user `shutdown_command`}}'",
118118
"skip_compaction": "{{user `skip_compaction`}}",
119119
"ssh_password": "{{user `ssh_password`}}",
120120
"ssh_timeout": "4h",
@@ -244,7 +244,7 @@
244244
"remote_cache_cleanup": "true",
245245
"remove_cdrom": "true",
246246
"resource_pool": "{{user `resource_pool`}}",
247-
"shutdown_command": "echo '{{user `ssh_password`}}' | sudo -S -E sh -c 'userdel -f -r {{user `ssh_username`}} && rm -f /etc/sudoers.d/{{user `ssh_username` }} && {{user `shutdown_command`}}'",
247+
"shutdown_command": "echo '{{user `ssh_password`}}' | sudo -S -E sh -c 'userdel -f -r {{user `ssh_username`}} && rm -f /etc/sudoers.d/{{user `ssh_username` }} && rm -f /etc/sudoers.d/90-cloud-init-users && {{user `shutdown_command`}}'",
248248
"ssh_password": "{{user `ssh_password`}}",
249249
"ssh_proxy_host": "{{user `ssh_proxy_host`}}",
250250
"ssh_proxy_port": "{{user `ssh_proxy_port`}}",
@@ -287,7 +287,7 @@
287287
"network": "{{user `network`}}",
288288
"password": "{{user `password`}}",
289289
"resource_pool": "{{user `resource_pool`}}",
290-
"shutdown_command": "echo '{{user `ssh_password`}}' | sudo -S -E sh -c 'userdel -f -r {{user `ssh_username`}} && rm -f /etc/sudoers.d/{{user `ssh_username` }} && {{user `shutdown_command`}}'",
290+
"shutdown_command": "echo '{{user `ssh_password`}}' | sudo -S -E sh -c 'userdel -f -r {{user `ssh_username`}} && rm -f /etc/sudoers.d/{{user `ssh_username` }} && rm -f /etc/sudoers.d/90-cloud-init-users && {{user `shutdown_command`}}'",
291291
"ssh_password": "{{user `ssh_password`}}",
292292
"ssh_timeout": "4h",
293293
"ssh_username": "{{user `ssh_username`}}",

0 commit comments

Comments
 (0)