heat-templates/jeos/CentOS-6.3-x86_64-cfntools.tdl
Steven Dake 8f19ddc364 Resolve CVE-2013-2069
Fix problem where root escalation is possible in a VM.

For more details:
http://lists.fedoraproject.org/pipermail/announce/2013-May/003157.html

Change-Id: I95013d8155d0338c4161a6cb87f02974973fcf80
2013-05-24 01:43:32 -07:00

40 lines
1.1 KiB
Plaintext

<template>
<name>CentOS-6.3-x86_64-cfntools</name>
<os>
<name>CentOS-6</name>
<version>3</version>
<arch>x86_64</arch>
<install type='iso'>
<iso>file:/var/lib/libvirt/images/CentOS-6.3-x86_64-bin-DVD1.iso</iso>
</install>
</os>
<description>CentOS 6.3</description>
<commands>
<command name='lockroot'>
passwd -l root
</command>
<command name='network-config'>
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 &lt;&lt; EOF
DEVICE="eth0"
BOOTPROTO=dhcp
NM_CONTROLLED="yes"
ONBOOT="yes"
EOF
</command>
<command name='packages'>
yum -y update
curl -O http://ftp.ps.pl/pub/Linux/fedora-epel/6/i386/epel-release-6-7.noarch.rpm
rpm -Uvh epel-release-6-7.noarch.rpm
yum -y install perl python python-setuptools cloud-init python-pip
pip-python install argparse 'boto==2.5.2' heat-cfntools
cfn-create-aws-symlinks --source /usr/bin
rm -f epel-release-6-7.noarch.rpm
</command>
<command name='post-configuration'>
chmod +x /etc/rc.d/rc.local
chkconfig --level 345 sshd on
rm -rf /etc/udev/rules.d/70-persistent-net.rules
</command>
</commands>
</template>