From a5e9a4e1201d93220b9e9ce413d20e8fef95c0f0 Mon Sep 17 00:00:00 2001 From: Taylor Helsper Date: Sun, 8 May 2022 22:57:40 -0500 Subject: [PATCH] Lock root account to prevent VM access (thanks @BitcoinBeachBR) --- rootfs/standard/usr/bin/mynode_post_upgrade.sh | 1 + setup/setup_device.sh | 1 + 2 files changed, 2 insertions(+) diff --git a/rootfs/standard/usr/bin/mynode_post_upgrade.sh b/rootfs/standard/usr/bin/mynode_post_upgrade.sh index 17f2ca2c..ec30641c 100755 --- a/rootfs/standard/usr/bin/mynode_post_upgrade.sh +++ b/rootfs/standard/usr/bin/mynode_post_upgrade.sh @@ -43,6 +43,7 @@ if ! skip_base_upgrades ; then # User updates and settings adduser admin bitcoin grep "joinmarket" /etc/sudoers || (echo 'joinmarket ALL=(ALL) NOPASSWD:ALL' | EDITOR='tee -a' visudo) + passwd -l root # Migrate from version file to version+install combo /usr/bin/mynode_migrate_version_files.sh diff --git a/setup/setup_device.sh b/setup/setup_device.sh index ce14bb9a..a8e55284 100755 --- a/setup/setup_device.sh +++ b/setup/setup_device.sh @@ -126,6 +126,7 @@ source /tmp/upgrade/out/rootfs_*/usr/share/mynode/mynode_app_versions.sh # Create any necessary users useradd -m -s /bin/bash bitcoin || true useradd -m -s /bin/bash joinmarket || true +passwd -l root # Setup bitcoin user folders mkdir -p /home/bitcoin/.mynode/