On Tue, 2014-08-19 at 17:28 +0200, Ondřej Surý wrote: > Hi, > [probably also applies to more templates]
> the default security of debian template is horrible. Default sshd_config > permits root login with password and sets the default password to > 'root'. > Please at least pull changes from: > https://bugs.debian.org/758643 > https://bugs.debian.org/758647 > Note that this needs pwgen to generate new password, so you might > want to generate random password using some common tool or method > (openssl, etc...) > And please do a similar security audit of all templates shipping with > lxc, > I have also seen ubuntu/ubuntu in the ubuntu template... Yes, it does apply to more templates (but not all templates). This has been discussed before. Please look at the Fedora and CentOS templates for how we handle them there. In those cases, it's configurable and supports templating. It's up to the other template maintainers if they want to pull that over and there are issues with the download template and its defaults (if you use the download template to pull a Fedora rootfs, you still get root:root). I'm not familiar with who the maintainer of the Debian template is. I've only contributed to the Fedora, CentOS, and OpenSUSE templates. > Cheers, Regards, Mike -- Michael H. Warfield (AI4NB) | (770) 978-7061 | [email protected] /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
signature.asc
Description: This is a digitally signed message part
_______________________________________________ lxc-devel mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-devel
