Security

From SprezzOSWiki

The fewer security mechanisms, the cleaner the design. We believe the majority of useful security automations (outside of a Mandatory Access Control environment) best achieved via a combination of IPTables, POSIX file-based capabilities, seccomp and virtualization. As a result, several technologies have been deprecated in SprezzOS, as it is felt they served only to complicate the security landscape.

Removed Technologies

  • SELinux
  • TCPWrappers

Root account

By default, the root account cannot directly log in. This can be changed post-install with sudo passwd, but is discouraged.

Sudo

The user created during SprezzOS installation will be added to the sudo group, which requires no password by default:

%sudo   ALL=(ALL:ALL) NOPASSWD:ALL

To add an arbitrary user U to the sudo group, run

sudo usermod -G sudo -a U

{{#switch:|subgroup|child=|none=|#default=

}}{{#ifeq:|Template|{{#ifeq:|child||{{#ifeq:|subgroup||{{#switch:security

|doc
|sandbox
|testcases =
|#default = {{#switch:
 |plainlist
 |hlist
 |hlist hnum
 |hlist vcard
 |vcard hlist = 
 |#default = hlist
 }}
}}

}}}}}}