From Fedora Project Wiki

Revision as of 18:33, 18 June 2015 by Mhayden (talk | contribs)

Mission

This project's mission is to eliminate the use of predictable passwords in LXC templates. It all started with BZ 1132001 which attached bug reports to fedora-all, EPEL 7, and EPEL 6. The problem exists upstream and the upstream developers are welcoming fixes.

This is part of the Fedora Security Team's 90-day challenge.

Templates

The upstream templates are on Github. Each template will be documented here as it's reviewed.

Work in progress
This section is being updated regularly. --Mhayden (talk) 17:31, 18 June 2015 (UTC)

CentOS

No changes needed as randomized root passwords are already applied during build.

Debian

The upstream Debian template current sets root's password to root. There's a proposed fix waiting on feedback from Debian's LXC package maintainer.

Fedora

No changes needed as randomized root passwords are already applied during build.

Gentoo

If a root password isn't specified, the root password is set to toor.

Ubuntu

The UBuntu template disables the root account but makes a regular user with sudo privileges that has ubuntu as a username and password (unless a user password is specified on the command line during build).

A fix has been proposed.