How to prevent new installations when I have already installed my client through LAN boot?

Thomas Lange lange at informatik.uni-koeln.de
Thu Feb 9 15:52:06 CET 2012


>>>>> On Thu, 9 Feb 2012 15:11:29 +0100, "Thomas Neumann" <blacky+fai at fluffbunny.de> said:

First, I didn't hat the impression that anyone wants to attack me.

    > That's totally fine. But why isn't that part of the documentation? Why not
    > state that there are architectural issues related to pxe, tftp and
    > fai-chboot/fai-mond that may be worth considering?
These are network basics, that I don't want to explain in the FAI guide.

    > What do you think about the token/otp idea from my other mail?
Currently I don't care about securing the fai-chboot part, but you may
discuss this with other users that are interested in this.

    > I totally agree it's not a problem for FAI. What I don't agree with is to
    > advice users to use features which may harm them in non-obvious ways. I'm
    > fine with either fixing the tools or documenting the issues. Blaming the
    > user for not thinking things through hard enough is rather cheesy.
IMHO the FAI guide does not need to explain all security concerns
regarding an installation and networking. These are basic topics for
sysadmins, and do not need to be explained again in the FAI guide.

What about a wiki page concerning security in FAI? This would be a
good palce IMO.
-- 
regards Thomas


More information about the linux-fai mailing list