<mathieudb>
mssdvd: you have other subfolders for other branches
olani- has quit [Ping timeout: 248 seconds]
olani has joined #yocto
<mssdvd>
mathieudb: thanks!
olani has quit [Remote host closed the connection]
olani has joined #yocto
olani has quit [Remote host closed the connection]
olani has joined #yocto
olani has quit [Remote host closed the connection]
olani has joined #yocto
068AAB9AB has joined #yocto
047AADFEY has joined #yocto
068AAB9AB has quit [Remote host closed the connection]
olani has quit [Remote host closed the connection]
047AADFEY has quit [Remote host closed the connection]
jclsn has quit [Ping timeout: 252 seconds]
jclsn has joined #yocto
olani has joined #yocto
olani has quit [Remote host closed the connection]
walter has joined #yocto
walter has quit [Changing host]
walter has joined #yocto
olani has joined #yocto
olani has quit [Remote host closed the connection]
olani has joined #yocto
Jones42 has quit [Ping timeout: 248 seconds]
Jones42 has joined #yocto
<CrazyGecko>
Jones42: did you find a solution? I have the same problem with a config file
<rburton>
mssdvd: dont' considering it authoritive though: a lot of CVEs don't have the required metadata anymore. it's a starting point, not a final report.
<mssdvd>
rburton: you mean they miss the CPE?
<rburton>
yes
<rburton>
if a CVE has no CPE then it's not in the report. this didn't used to be a problem a few years ago, but is very much a problem now.
<mssdvd>
rburton: and this is caused by the ongoing problems at NVD, right?
<rburton>
more exacerbated but yes
frgo has joined #yocto
frgo has quit [Remote host closed the connection]
frgo has joined #yocto
frgo_ has quit [Ping timeout: 248 seconds]
<mssdvd>
Could this problem be solved by switching to cvelistv5, or is it a more widespread issue?
<rburton>
more of a widespread issue
<rburton>
cvelistv5 does help a bit
<rburton>
worth trying the vex class and associated tooling that can read the cvelistv5 database
* rburton
puts that on this todo list for today just to see what the delta is
mm_x_ has joined #yocto
mckoan is now known as mckoan|away
olof has quit [Remote host closed the connection]
rob_w has quit [Remote host closed the connection]
Mayur has joined #yocto
<Mayur>
Hello Guys,
<Mayur>
I wan to disable login via Terminal and Enable for SSH only for a user.
<Mayur>
i tried 2 things. via
<Mayur>
inherit extrausers
<Mayur>
EXTRA_USERS_PARAMS
<Mayur>
1. usermod --shell /sbin/nologin <USER> -> blocks also for SSH
<Mayur>
2. passwd --lock <USER> -> blocks also for SSH.
<Mayur>
so wanted to ask if there is any better approch to do that in linux / Yocto way?
vladest has quit [Remote host closed the connection]
<rburton>
i presume you mean "oh a physical keyboard and screen" by terminal? you can just edit inittab and stop it running login prompts on the terminals at all.
<Mayur>
i mean directly on device via tty cable by local terminal.
<rburton>
yeah just don't run a getty on the serial ports then
<rburton>
SERIAL_CONSOLES is the variable you want to change
<Mayur>
we still need it for root user enabled. want all other users blocked on Terminal
<rburton>
what's the thread model here if they can ssh in?
<rburton>
threat model, even
dlpartain has quit [Ping timeout: 258 seconds]
<Mayur>
thats the basic requirement . that we need to fullfill. idea is : root user can login in worst case scenario. i can not change it. ;)
<Mayur>
1st que will be: is it at all possible?
<Mayur>
2nd : if yes, then how?
<rburton>
you might be able to do something with PAM to rejected based on where the login is coming from
florian__ has joined #yocto
<Mayur>
and is it correct that password -lock will also block for SSH. i thought SSH based login via KEY is complete diff approch and it should work.
jclsn has quit [Ping timeout: 248 seconds]
<rburton>
that might depend on the ssh you're using?
jclsn has joined #yocto
<Mayur>
its openssh
<neverpanic>
IIRC SSH key auth bypasses PAM and should therefore work with disabled password.
<neverpanic>
s/disabled/locked/
florian_kc is now known as florian
dlpartain has joined #yocto
<Mayur>
i dont have PAM enabled in Yocto at the moment.
vladest has joined #yocto
mm_x_ has quit [Quit: Konversation terminated!]
frgo has quit [Remote host closed the connection]
frgo has joined #yocto
<Jones42>
CrazyGecko: not quite. I used 'require conf/distro/distro-${MACHINE}.conf' to do the trick