The phyglos-security bundle

Functionality

The phyglos-security bundle is installed immediately after the phyglos-core bundle to provide a first layer of security functionality before the first connection to the internet is performed from the TARGET system.

The phy user is created in the TARGET system and the root user’s password is locked. The system is configured with Linux-PAM and a number security and crytographic libraries and utilities are installed. Also a simple iptables-based firewall is installed.

The commands wget and curl are installed before the system connects to the internet to retrive and prepare the CA certificates. Finally SSH server is installed in the system.

Configuration

Bundle variables

BUNDLE_SOURCES: This bundle uses the common phyglos group of source packages.

BUNDLE_KEEP_LA: This bundle needs to keep the .la files, so leave the BUNDLE_KEEP_LA variable set to yes.

The phy user’s password

PHY_PHYUSER_PSW: The phy user receives a random password using the bandit function bandit_random_string. Any other password can be given by manually assigning a value to the variable PHY_PHYUSER_PSW. This is the initial password for the phy user when the TARGET system boots for the first time, unless manually changed.