OpenVZ Forum: Users » Scientific Linux 5.7 OS Templates in contrib

Home » Mailing lists » Users » Scientific Linux 5.7 OS Templates in contrib

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

Re: Scientific Linux 5.7 OS Templates in contrib [message #43475 is a reply to message #43474]

Wed, 14 September 2011 20:55

Kelvin Raywood
Messages: 1
Registered: September 2011

Junior Member

Scott Dowdle wrote:
> ...
> The final products are a i386 and an x86_64 contributed SL 5.7 OS Template.

Thanks very much for these Scott. This is much appreciated.

I just wanted to mention one thing that I got bitten by recently with a
template from contrib.

In the official templates, /etc/shadow has * in the encrypted-password
field for root so that you can't login as root using a password.
In April, an early SL-6.0 template was contributed
(scientificlinux-6.0-x86.tar.gz Apr-11-2011) which has an encrypted
password string for root.

We normally disable password access to root in /etc/ssh/sshd_config via
"PermitRootLogin without-password" and use ssh keys or "vzctl enter" to
get root access so didn't notice that the machine had a root password
enabled. Also, since it was our first SL-6 container, we didn't have
our deployment procedure sorted out properly and this was the
sshd_config part.

It didn't take long for some spider to find the machine and guess the
password. An IRC robot was installed and /root/.ssh/authorized_keys was
overwritten. We noticed fairly quickly and then cracked the password
string.

Anyway, we learned our lesson but I think it would also be good practice
for contributors to check that their template does not have a root password.

Oh yeah - the cracked password ... password

--
Kel Raywood
TRIUMF
Vancouver BC

Report message to a moderator

[Message index]

		Scientific Linux 5.7 OS Templates in contrib By: dowdle on Wed, 14 September 2011 20:20
		Re: Scientific Linux 5.7 OS Templates in contrib By: Kelvin Raywood on Wed, 14 September 2011 20:55
		Re: Scientific Linux 5.7 OS Templates in contrib By: kir on Wed, 14 September 2011 21:36
		Re: Scientific Linux 5.7 OS Templates in contrib By: samiam on Thu, 15 September 2011 03:24
		Re: Scientific Linux 5.7 OS Templates in contrib By: dowdle on Thu, 15 September 2011 15:25

Previous Topic:	cPanel and RHEL6 openvz quotas not working
Next Topic:	yum: [Errno -3] Error performing checksum

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Thu Dec 04 23:28:18 GMT 2025

Total time taken to generate the page: 0.39251 seconds