From d192f1b1a13ab451e5b5fd80d52565cb5e7925eb Mon Sep 17 00:00:00 2001
From: Xavier Petit <32063953+xpetit@users.noreply.github.com>
Date: Thu, 24 Oct 2019 18:10:34 +0100
Subject: [PATCH] Fix root security breach, remove tty

---
 scripts/install_client.sh | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/scripts/install_client.sh b/scripts/install_client.sh
index 1625301f..34727efa 100755
--- a/scripts/install_client.sh
+++ b/scripts/install_client.sh
@@ -108,11 +108,20 @@ echo overlayroot=\"device:dev=/dev/disk/by-partlabel/01-tmp-system,recurse=0\" >
 
 update-initramfs -u
 
-# Remove root & user password
-passwd -d root
+# Lock root password
+passwd -l root
+
+# Disable user password
 passwd -d student
+
 cp /etc/shadow /etc/shadow-
 
+# Remove tty
+cat <<EOF>> /etc/systemd/logind.conf
+NAutoVTs=0
+ReserveVT=N
+EOF
+
 # Remove user abilities
 gpasswd -d student sudo
 gpasswd -d student lpadmin