lorax/share/composer/ext4-filesystem.ks
Brian C. Lane f360ef9216 Lock the root account, except on live-iso
If we leave the root account w/o a password people will use it that way,
leading to insecure images. Also if we use a default password. So lock
the root account in the templates.

Users will need to do one of these things:
 1. Use [[customizations.user]] in their blueprint to configure root or
    another user.
 2. Use [[customizations.sshkey]] to set a key for root
 2. Install a package that configures a user at install time
 3. Install a package that sets up a user at boot time (eg. cloud-init)

This also drops the auth line from the kickstart templates, allowing it
to use the default password algoritm instead of md5.

Resolves: rhbz#1626122
2018-10-02 13:59:42 -07:00

35 lines
894 B
Plaintext

# Lorax Composer filesystem output kickstart template
# Firewall configuration
firewall --enabled
# NOTE: The root account is locked by default
# Network information
network --bootproto=dhcp --onboot=on --activate
# System keyboard
keyboard --xlayouts=us --vckeymap=us
# System language
lang en_US.UTF-8
# SELinux configuration
selinux --enforcing
# Installation logging level
logging --level=info
# Shutdown after installation
shutdown
# System timezone
timezone US/Eastern
# System bootloader configuration (unpartitioned fs image doesn't use a bootloader)
bootloader --location=none
%post
# Remove random-seed
rm /var/lib/systemd/random-seed
%end
# NOTE Do NOT add any other sections after %packages
%packages --nocore
# Packages requires to support this output format go here
policycoreutils
# NOTE lorax-composer will add the blueprint packages below here, including the final %end