From dcc78cfdb98c337a0b94f92920483d051cc688e4 Mon Sep 17 00:00:00 2001 From: Eric MacDonald Date: Tue, 6 Dec 2022 12:53:13 +0000 Subject: [PATCH] Lock root account This update stops setting the root password and locks the root account Test Plan: PASS: Verify root account can't be logged into with 'root' as password. PASS: Verify can set root password with 'sudo passwd root' Story: 2009968 Task: 46997 Signed-off-by: Eric MacDonald Change-Id: I5ae53c2e457ffba3cdaea7bb45ff82bb60945083 --- kickstart/files/kickstart.cfg | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/kickstart/files/kickstart.cfg b/kickstart/files/kickstart.cfg index 264b1fe1..5e95bb5a 100644 --- a/kickstart/files/kickstart.cfg +++ b/kickstart/files/kickstart.cfg @@ -2006,8 +2006,16 @@ HOOK_LABEL="post" ilog "*********************************************************" ilog "**** Post - Add user/groups **" ilog "*********************************************************" + # Set password for root to 'root' -usermod -p '$6$hEv/K.fPeg/$ezIWhJPrMG3WtdEwqQRdyBwdYmPZkqW2PONFAcDd6TqWliYc9dHAwW4MFTlLanVH3/clE0/34FheDMpbAqZVG.' root +# usermod -p '$6$hEv/K.fPeg/$ezIWhJPrMG3WtdEwqQRdyBwdYmPZkqW2PONFAcDd6TqWliYc9dHAwW4MFTlLanVH3/clE0/34FheDMpbAqZVG.' root + +# To enable root password +# 1. Uncomment set root password command above +# 2. Comment out 'passwd -l root' command below + +# Lock the root password +passwd -l root # Remove admin user whether it exists or not deluser admin || true