Skip to content

Commit

Permalink
Improved security check warning.
Browse files Browse the repository at this point in the history
  • Loading branch information
Mikołaj Koziarkiewicz committed Apr 7, 2015
1 parent a6cabef commit 3d62ad1
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 2 deletions.
8 changes: 7 additions & 1 deletion tasks/security_check.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,4 +4,10 @@
- name: check for login
command: sshpass -p {{raspi_config_auth_test_password}} ssh {{raspi_config_auth_test_username}}@localhost -o NoHostAuthenticationForLocalhost=yes "echo {{raspi_config_auth_test_string}}"
register: auth_test
failed_when: "raspi_config_fail_on_auth_test and raspi_config_auth_test_string in auth_test.stdout"
changed_when: False
failed_when: False
- name: optional warning
debug: msg="{{raspi_config_auth_test_fail_msg}}"
when: "raspi_config_auth_test_string == auth_test.stdout"
changed_when: "raspi_config_auth_test_string == auth_test.stdout" # for highlighting purposes
failed_when: raspi_config_fail_on_auth_test
3 changes: 2 additions & 1 deletion vars/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ raspi_config_pi_cpu:
Pi1: BCM2708
Pi2: BCM2709
raspi_config_min_camera_mem: 128
raspi_config_auth_test_string: ABLE TO SSH IN WITH FACTORY CREDENTIALS - ASSUME PWNED IF SSH OPEN TO THE INTERNET
raspi_config_auth_test_string: VULN
raspi_config_auth_test_fail_msg: ABLE TO SSH IN WITH FACTORY CREDENTIALS - ASSUME PWNED IF SSH OPEN TO THE INTERNET
raspi_config_auth_test_username: pi
raspi_config_auth_test_password: raspberry

0 comments on commit 3d62ad1

Please sign in to comment.