it-team/lmn-client
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Protect the grub boot menu.

Browse source
This commit is contained in:
Andreas B. Mundt 2023-07-23 11:35:06 +02:00
parent 1f6d262ad4
commit adc9aa8489
2 changed files with 11 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
lmn-desktop.yml
View file

@ -25,6 +25,8 @@
domain: "{{ ansible_domain }}" domain: "{{ ansible_domain }}"
kerberize_uris: steinbeis.schule kerberize_uris: steinbeis.schule
rsyncsecret: Muster! rsyncsecret: Muster!
## Use grub-mkpasswd-pbkdf2 to calculate the password hash:
grub_pwd: 'grub.pbkdf2.sha512.10000.FB60266F69FB181327AFB76193192454FC64151559EFF4D6B8FB7C7904A2A9C4778EDD515B46F770DB6A009F36903C193917BBBC571C5B6AAB2A69208BE01A6E.7B82114A0239C0EC55A50E95C48FA74A8910DEE4088447786DAB35770B9C2CF2D1550CF3B7452155EB55D5F84E5D357BF12B8D299CF9B01BF5D71D516CF826DB'
nfs4: false nfs4: false
extra_pkgs: extra_pkgs:
- vim - vim

10
roles/lmn_kde/tasks/main.yml
View file

@ -155,7 +155,15 @@
command: sync-vm.sh -t command: sync-vm.sh -t
## FIXME: do not run every time ## FIXME: do not run every time
################# from kiosk.yml ################## ################# general settings ##################
- name: Protect grub menu entries
blockinfile:
path: /etc/grub.d/40_custom
block: |
set superusers='root'
password_pbkdf2 root {{ grub_pwd }}
notify: update grub
- name: grub timeout - name: grub timeout
lineinfile: lineinfile:
dest: /etc/default/grub dest: /etc/default/grub