From fc8abfcaa9c71fba41b26fb4c62dcfe1081a5521 Mon Sep 17 00:00:00 2001 From: Filip Pytloun Date: Fri, 4 Mar 2016 01:22:44 +0100 Subject: Option to disable rsyslog and improvements (also security) - Introduce chroot_exec function - Allow choosing custom kernel - Install raspberrypi-bootloader-nokernel package instead of getting firmware with wget - Option to disable rsyslog and use only journald - [SECURITY] ensure ssh host keys are generated on first boot - allow control if default user is created - allow control of root ssh login --- README.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'README.md') diff --git a/README.md b/README.md index 912c7ce..998c534 100644 --- a/README.md +++ b/README.md @@ -87,6 +87,10 @@ Enable IPv6 support. The network interface configuration is managed via systemd- ##### `ENABLE_SSHD`=true Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root. +##### `ENABLE_RSYSLOG`=true +If set to false, disable and uninstall rsyslog (so logs will be available only +in journal files) + ##### `ENABLE_SOUND`=true Enable sound hardware and install Advanced Linux Sound Architecture. @@ -118,6 +122,16 @@ Install and enable the hardware accelerated Xorg video driver `fbturbo`. Please ##### `ENABLE_IPTABLES`=false Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service. +##### `ENABLE_USER`=true +Create pi user with password raspberry + +##### `ENABLE_ROOT`=true +Set root user password so root login will be enabled + +##### `ENABLE_ROOT_SSH`=true +Enable password root login via SSH. May be a security risk with default +password, use only in trusted environments. + ##### `ENABLE_HARDNET`=false Enable IPv4/IPv6 network stack hardening settings. -- cgit v1.2.3