From 8fc5f4a418f359f6999994d9f4b83d7a8caf6d7a Mon Sep 17 00:00:00 2001
From: t3chn0m4g3 <t3chn0m4g3@gmail.com>
Date: Tue, 19 Feb 2019 10:01:38 +0100
Subject: [PATCH] prevent cockpit root login

---
 iso/installer/install.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/iso/installer/install.sh b/iso/installer/install.sh
index d10a091f..16d32c48 100755
--- a/iso/installer/install.sh
+++ b/iso/installer/install.sh
@@ -670,6 +670,9 @@ sed -i 's#ListenStream=9090#ListenStream=64294#' /lib/systemd/system/cockpit.soc
 sed -i '/^port/Id' /etc/ssh/sshd_config
 echo "Port 64295" >> /etc/ssh/sshd_config
 
+# Do not allow root login for cockpit
+sed -i '2i\auth requisite pam_succeed_if.so uid >= 1000' /etc/pam.d/cockpit
+
 # Let's make sure only myCONF_TPOT_FLAVOR images will be downloaded and started
 case $myCONF_TPOT_FLAVOR in
   STANDARD)