On Mon, Apr 24, 2017 at 05:10:35PM +0200, Arnt Karlsen wrote: [cut]
> > ..we don't warn them before we drop them online on wired networks with > heads-0.2. > The vdev iso does this right though, it stays offline until you e.g. > run setnet.sh. > > ..I agree this is a policy issue, and we should set it so at least > clueless heads-0.2 etc people stay offline until they change their > passwords away from the default ones. > So this should be implemented by the distro policy, e.g. in heads, not in setnet or wicd... [cut] > > ..I have the Knowledge, but still found myself Automagically Online > with heads-0.2's Default Passwords, Because I Forgot I still had the > network wire plugged in on boot-up. I'm just a human who err. ;o) > In my case, this endpoint security breach was no problem. > But that same blunder could kill any needy heads user. > It would be sufficient to deny ssh login with password, which I believe is already the default in heads. Or to disable sshd by default, which is unnecessary if the former holds. Or maybe I have completely misunderstood what is the "endpoint security breach" you are referring to. My2Cents KatolaZ -- [ ~.,_ Enzo Nicosia aka KatolaZ - GLUGCT -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ]
signature.asc
Description: Digital signature
_______________________________________________ Dng mailing list [email protected] https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
