Cassini distribution images can be hardened to reduce potential sources or attack vectors of security vulnerabilities. Cassini security hardening modifies the distribution to:
Force password update for each user account after first logging in. An empty and expired password is set for each user account by default.
Enhance the kernel security, kernel configuration is extended with the
Enable the ‘Secure Computing Mode’ (seccomp) Linux kernel feature by appending
Ensure that all available packages from
pokylayers are configured with:
Disable all login access to the
cassini-testdistro feature is enabled then
rootlogin is enabled. Currently, running
inline testsin LAVA require login as
rootto run transfer-overlay commands.
Sets the umask to
0027(which translates permissions as
640for files and
Security hardening is not enabled by default, see Security Hardening for details on including the security hardening on the Cassini distribution image.
Cassini security hardening does not reduce the scope of the Run-Time Integration Tests.