CentOS and Fedora Templates: Harden root passwords and add static MAC network
addresses.
1) Add logic to root password setting. Root password is now set to
"Root-${name}-${RANDOM} to defeat common brute force scans.
2) Enhance exit messages to explain root password and password changing.
Hey all,
I'm in the middle of some cleanup and fix-ups in the Fedora and CentOS
templates including hardening the root password and some static MAC
address code and generally reconciling the two templates into some
semblance of coherency.
I noticed this in the comments emitted from the CentOS tem
On Tue, 2013-12-24 at 15:32 +0100, Stéphane Graber wrote:
> On Tue, Dec 24, 2013 at 03:01:38PM +0100, Guillaume ZITTA wrote:
> > Hi,
> >
> > I'm coding a new template (for gentoo).
> >
> > I saw this kind of tweak in many templates :
> >
> > if [ "$nics" -eq 1 ] && ! grep -q "^lxc.network.h
On Wed, 25 Dec 2013 18:54:57 -0500
"Michael H. Warfield" wrote:
> [Holiday is mostly over... Most of the family has departed to their
> homes or other homes. Grandpa lays back to a late nap - errr -
> E-Mail...]
>
> Ok all,
>
> Serge and Stéphane know my background as a security researcher an
On Thu, 2013-12-26 at 13:02 -0500, Dwight Engen wrote:
> On Wed, 25 Dec 2013 18:54:57 -0500
> "Michael H. Warfield" wrote:
>
> > [Holiday is mostly over... Most of the family has departed to their
> > homes or other homes. Grandpa lays back to a late nap - errr -
> > E-Mail...]
> >
> > Ok all
If not, my proposal:
I set an incomplete (prefix) lxc.network.hwaddr in default conf.
lxc-create complete it randomly and write it to the container's
config.
Does it make sense?
I think so. Just 'xx' in place of real numbers?
I do not/can't code in C, but perhaps I should try ...
Guill
Hi all
On 12/06/2013 03:07 PM, Andre Nathan wrote:
> I've written Ruby bindings for liblxc, available at
>
> https://github.com/andrenth/ruby-lxc
Thanks to Stéphane, the official ruby-lxc repository is now hosted
inside the LXC organization in github:
https://github.com/lxc/ruby-lxc
Cheers
Le 26/12/2013 00:12, Laurent Vivier a écrit :
Le 25/12/2013 21:47, Stéphane Graber a écrit :
On Wed, Dec 25, 2013 at 09:38:57PM +0100, Laurent Vivier wrote:
These containers will use the binfmt kernel module and
an interpreter to execute binaries inside the container.
To use it :
1- configure
Ok, Stéphane!
I will review these translations and submit a patchset!
Thanks!
*--*
*Julio Cesar Faracco*
*University of São Paulo (USP) - Brazil*
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/l
