diff options
author | Filip Pytloun <filip@pytloun.cz> | 2016-03-04 01:22:44 +0100 |
---|---|---|
committer | Filip Pytloun <filip@pytloun.cz> | 2016-03-06 09:25:53 +0100 |
commit | fc8abfcaa9c71fba41b26fb4c62dcfe1081a5521 (patch) | |
tree | db91cb8b90ef9bcae9002a69f948da462c9811b6 /README.md | |
parent | e92606bf4198552d2acc436efc998ac3a7ade3fc (diff) | |
download | rpi2-gen-image-fc8abfcaa9c71fba41b26fb4c62dcfe1081a5521.tar.gz rpi2-gen-image-fc8abfcaa9c71fba41b26fb4c62dcfe1081a5521.tar.bz2 rpi2-gen-image-fc8abfcaa9c71fba41b26fb4c62dcfe1081a5521.zip |
Option to disable rsyslog and improvements (also security)
- Introduce chroot_exec function
- Allow choosing custom kernel
- Install raspberrypi-bootloader-nokernel package instead of getting firmware
with wget
- Option to disable rsyslog and use only journald
- [SECURITY] ensure ssh host keys are generated on first boot
- allow control if default user is created
- allow control of root ssh login
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 14 |
1 files changed, 14 insertions, 0 deletions
@@ -87,6 +87,10 @@ Enable IPv6 support. The network interface configuration is managed via systemd- ##### `ENABLE_SSHD`=true Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root. +##### `ENABLE_RSYSLOG`=true +If set to false, disable and uninstall rsyslog (so logs will be available only +in journal files) + ##### `ENABLE_SOUND`=true Enable sound hardware and install Advanced Linux Sound Architecture. @@ -118,6 +122,16 @@ Install and enable the hardware accelerated Xorg video driver `fbturbo`. Please ##### `ENABLE_IPTABLES`=false Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service. +##### `ENABLE_USER`=true +Create pi user with password raspberry + +##### `ENABLE_ROOT`=true +Set root user password so root login will be enabled + +##### `ENABLE_ROOT_SSH`=true +Enable password root login via SSH. May be a security risk with default +password, use only in trusted environments. + ##### `ENABLE_HARDNET`=false Enable IPv4/IPv6 network stack hardening settings. |