From Fedora Project Wiki

Revision as of 17:53, 18 June 2015 by Mhayden (talk | contribs)

Mission

This project's mission is to eliminate the use of predictable passwords in LXC templates. It all started with BZ 1132001 which attached bug reports to fedora-all, EPEL 7, and EPEL 6. The problem exists upstream and the upstream developers are welcoming fixes.

This is part of the Fedora Security Team's 90-day challenge.

Templates

The upstream templates are on Github. Each template will be documented here as it's reviewed.

Work in progress
This section is being updated regularly. --Mhayden (talk) 17:31, 18 June 2015 (UTC)
Template Status Notes
CentOS CentOS already uses randomized root passwords
Debian In progress Fix proposed (see below)
Fedora Fedora already uses randomized root passwords
Ubuntu Under review No fix proposed yet

CentOS

No changes needed as randomized root passwords are already applied during build.

Debian

The upstream Debian template current sets root's password to root. There's a proposed fix waiting on feedback from Debian's LXC package maintainer.

Fedora

No changes needed as randomized root passwords are already applied during build.

Ubuntu

The UBuntu template disables the root account but makes a regular user with sudo privileges that has ubuntu as a username and password (unless a user password is specified on the command line during build).