How to prevent new installations when I have already installed my client through LAN boot?
Thomas Lange
lange at informatik.uni-koeln.de
Thu Feb 9 13:24:34 CET 2012
>>>>> On Thu, 9 Feb 2012 10:41:26 +0100, "Thomas Neumann" <blacky+fai at fluffbunny.de> said:
> Does nobody see the fault in having
> - a NFS-share mountable by any client [on a specific network]
> - a SSH-Key without a passphrase stored in that NFS-share
> - a login account allowing (at least) the manipulation of other hosts
> boot-settings
> Please at least hint that one should consider implementing some security
> measures. What happens if J. Random User decides he doesn't like you
> anymore, mounts the nfsroot and executes "fai-chboot -e" for every host in
> your network? Or decides to play really nasty and execute 'fai-chboot -e
> -i <my own nfsroot>' which may completely wipe the system, install some
> kind of rootkit or do other unpleasant stuff?
Any kind of automated installation is unsecure. Even if you give your
users a fai-cd for installation, you cannot ensure, that they use your
CD but instead make their own fai CD with some nasty backdoor on
it. Anybody who has physical access to a computer can make evil
things IMO. And if you have ever done some PXE boot, you're lost
anyway. PXE boot is completely unsecure, because your PC can't check
if some evel DHCP server is responding instead of your official server.
Since PXE (and tftp) is insecure, FAI does not have special options for
making completely insecure things more secure.
You may want to resrict the LOGUSER account to only execute fai-chboot
or scponly. You may want to use faimond -i instead of remote calling
fai-chboot, but this is also not really secure.
IMO this all is not a problem for FAI. FAI is used since a long time
in very different environment, and I never heard of anyone not using
FAI because of security concerns.
--
regards Thomas
More information about the linux-fai
mailing list