[Gluster-infra] Slave23 compromised
Michael Scherer
mscherer at redhat.com
Fri Mar 6 15:34:16 UTC 2015
Le vendredi 06 mars 2015 à 10:31 -0500, John Mark Walker a écrit :
> ----- Original Message -----
> > Le vendredi 06 mars 2015 à 10:25 -0500, John Mark Walker a écrit :
> > > Ugh. Who setup this VM?
> >
> > It was likely justin, but I was the one who touched it last, as it was
> > broken.
> >
> > I might have changed root password to be easy to remember while on
> > rescue mode or something like this, and likely forgot about it, which
> > would explain.
> >
> > So I guess my fault.
>
>
> Sorry - I regret asking. Blaming folks isn't going to help. I just want to make sure we don't allow root password logins.
>
> In your opinion, does it make sense to shut down root logins altogether and just make users "sudo"? Or allow root logins with the SSH key? I have no idea - especially for these VMs that are probably only going to have one user.
I started a discussion on the topic 2 days ago on how we want to have
people access servers.
But in the mean time, I will make root by ssh keys only on all salt
managed server ( and have the other in the pool to have a consistant
policy ). I do that every time and since that's handled by cfgmgmt on
most of my servers, I didn't even think about it.
--
Michael Scherer
Open Source and Standards, Sysadmin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://www.gluster.org/pipermail/gluster-infra/attachments/20150306/3de8e415/attachment-0001.sig>
More information about the Gluster-infra
mailing list