No edit summary |
No edit summary |
||
| Line 8: | Line 8: | ||
{{admon/warning|Work in progress|This section is being updated regularly. --[[User:Mhayden|Mhayden]] ([[User talk:Mhayden|talk]]) 17:31, 18 June 2015 (UTC)}} | {{admon/warning|Work in progress|This section is being updated regularly. --[[User:Mhayden|Mhayden]] ([[User talk:Mhayden|talk]]) 17:31, 18 June 2015 (UTC)}} | ||
=== CentOS === | === CentOS === | ||
| Line 29: | Line 17: | ||
=== Fedora === | === Fedora === | ||
No changes needed as randomized root passwords are already applied during build. | No changes needed as randomized root passwords are already applied during build. | ||
=== Gentoo === | |||
If a root password isn't specified, the root password is set to <code>toor</code>. | |||
=== Ubuntu === | === Ubuntu === | ||
The UBuntu template disables the root account but makes a regular user with sudo privileges that has <code>ubuntu</code> as a username and password (unless a user password is specified on the command line during build). | The UBuntu template disables the root account but makes a regular user with sudo privileges that has <code>ubuntu</code> as a username and password (unless a user password is specified on the command line during build). | ||
A [https://github.com/major/lxc/commit/26f3a4ab2513546ad06ca3121858d7c68edd5177 fix has been proposed]. | |||
[[Category:Security]] | [[Category:Security]] | ||
Revision as of 18:33, 18 June 2015
Mission
This project's mission is to eliminate the use of predictable passwords in LXC templates. It all started with BZ 1132001 which attached bug reports to fedora-all, EPEL 7, and EPEL 6. The problem exists upstream and the upstream developers are welcoming fixes.
This is part of the Fedora Security Team's 90-day challenge.
Templates
The upstream templates are on Github. Each template will be documented here as it's reviewed.
CentOS
No changes needed as randomized root passwords are already applied during build.
Debian
The upstream Debian template current sets root's password to root. There's a proposed fix waiting on feedback from Debian's LXC package maintainer.
Fedora
No changes needed as randomized root passwords are already applied during build.
Gentoo
If a root password isn't specified, the root password is set to toor.
Ubuntu
The UBuntu template disables the root account but makes a regular user with sudo privileges that has ubuntu as a username and password (unless a user password is specified on the command line during build).