[lxc-devel] [PATCH] CentOS and Fedora Templates: Harden root passwords and add static MAC network addresses.
Michael H. Warfield
mhw at WittsEnd.com
Tue Dec 31 17:17:46 UTC 2013
On Tue, 2013-12-31 at 10:59 -0500, S.Çağlar Onur wrote:
> Hi Michael,
>
> On Thu, Dec 26, 2013 at 6:08 PM, Michael H. Warfield <mhw at wittsend.com> wrote:
> > CentOS and Fedora Templates: Harden root passwords and add static MAC network addresses.
> >
> > 1) Add logic to root password setting. Root password is now set to
> > "Root-${name}-${RANDOM} to defeat common brute force scans.
> > 2) Enhance exit messages to explain root password and password changing.
> Not an objection but a question. What about creating the container
> using either quiet parameter or via API? In that case user is unlikely
> to see that output hence won't be able to login the box.
That's a very good question. Certainly, the "chroot ${root_fs} passwd"
trick is going to work in any case. I had considered adding the
temporary root password in the config file in comments but then didn't.
[Snip]
Regards,
Mike
--
Michael H. Warfield (AI4NB) | (770) 978-7061 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20131231/e83b41e9/attachment.pgp>
More information about the lxc-devel
mailing list