From Fedora Project Wiki

No edit summary
No edit summary
Line 8: Line 8:


{{admon/warning|Work in progress|This section is being updated regularly. --[[User:Mhayden|Mhayden]] ([[User talk:Mhayden|talk]]) 17:31, 18 June 2015 (UTC)}}
{{admon/warning|Work in progress|This section is being updated regularly. --[[User:Mhayden|Mhayden]] ([[User talk:Mhayden|talk]]) 17:31, 18 June 2015 (UTC)}}
{|
! Template !! Status !! Notes
|-
| CentOS || {{check}} || CentOS already uses randomized root passwords
|-
| Debian || In progress || Fix proposed (see below)
|-
| Fedora || {{check}} || Fedora already uses randomized root passwords
|-
| Ubuntu || Under review || No fix proposed yet
|}


=== CentOS ===
=== CentOS ===
Line 29: Line 17:
=== Fedora ===
=== Fedora ===
No changes needed as randomized root passwords are already applied during build.
No changes needed as randomized root passwords are already applied during build.
=== Gentoo ===
If a root password isn't specified, the root password is set to <code>toor</code>.


=== Ubuntu ===
=== Ubuntu ===
The UBuntu template disables the root account but makes a regular user with sudo privileges that has <code>ubuntu</code> as a username and password (unless a user password is specified on the command line during build).
The UBuntu template disables the root account but makes a regular user with sudo privileges that has <code>ubuntu</code> as a username and password (unless a user password is specified on the command line during build).
A [https://github.com/major/lxc/commit/26f3a4ab2513546ad06ca3121858d7c68edd5177 fix has been proposed].


[[Category:Security]]
[[Category:Security]]

Revision as of 18:33, 18 June 2015

Mission

This project's mission is to eliminate the use of predictable passwords in LXC templates. It all started with BZ 1132001 which attached bug reports to fedora-all, EPEL 7, and EPEL 6. The problem exists upstream and the upstream developers are welcoming fixes.

This is part of the Fedora Security Team's 90-day challenge.

Templates

The upstream templates are on Github. Each template will be documented here as it's reviewed.

Work in progress
This section is being updated regularly. --Mhayden (talk) 17:31, 18 June 2015 (UTC)

CentOS

No changes needed as randomized root passwords are already applied during build.

Debian

The upstream Debian template current sets root's password to root. There's a proposed fix waiting on feedback from Debian's LXC package maintainer.

Fedora

No changes needed as randomized root passwords are already applied during build.

Gentoo

If a root password isn't specified, the root password is set to toor.

Ubuntu

The UBuntu template disables the root account but makes a regular user with sudo privileges that has ubuntu as a username and password (unless a user password is specified on the command line during build).

A fix has been proposed.