mirror of
https://github.com/freedombox/FreedomBox.git
synced 2026-05-06 10:20:43 +00:00
ba9af6ddff
- A freshly installed FreedomBox can be hijacked by a third party and an admin account can be created which can be used to inject malware or simply take over the instance. Password protecting the firstboot step is a good way to avoid this. A secret will be displayed to the user as soon as the Plinth package is installed, which they have to enter during firstboot welcome step. Also, writing this to a file in plinth's home in case the user loses it. - This protection is not applicable for images built by freedom-maker and for Amazon Machine Images. Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com> Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
9 lines
335 B
Plaintext
9 lines
335 B
Plaintext
Template: plinth/firstboot_wizard_secret
|
|
Type: note
|
|
Description: FreedomBox first wizard secret - ${secret}
|
|
Please save this string. You will be asked to enter this in the first screen
|
|
after you launch the FreedomBox interface. In case you lose it, you can find
|
|
it in the file /var/lib/plinth/firstboot-wizard-secret.
|
|
.
|
|
${secret}
|