On Mon, Apr 24, 2017 at 05:10:35PM +0200, Arnt Karlsen wrote:
[cut]
>
> ..we don't warn them before we drop them online on wired networks with
> heads-0.2.
> The vdev iso does this right though, it stays offline until you e.g.
> run setnet.sh.
>
> ..I agree this is a policy issue, and we should set it so at least
> clueless heads-0.2 etc people stay offline until they change their
> passwords away from the default ones.
>
So this should be implemented by the distro policy, e.g. in heads, not
in setnet or wicd...
[cut]
>
> ..I have the Knowledge, but still found myself Automagically Online
> with heads-0.2's Default Passwords, Because I Forgot I still had the
> network wire plugged in on boot-up. I'm just a human who err. ;o)
> In my case, this endpoint security breach was no problem.
> But that same blunder could kill any needy heads user.
>
It would be sufficient to deny ssh login with password, which I
believe is already the default in heads. Or to disable sshd by
default, which is unnecessary if the former holds.
Or maybe I have completely misunderstood what is the "endpoint
security breach" you are referring to.
My2Cents
KatolaZ
--
[ ~.,_ Enzo Nicosia aka KatolaZ - GLUGCT -- Freaknet Medialab ]
[ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ]
[ @) http://kalos.mine.nu --- Devuan GNU + Linux User ]
[ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ]
[ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ]