From 35deff93b3f0e99d171e8d5d12e5d86b74d97e2b Mon Sep 17 00:00:00 2001
From: Lukas Greve <please@refre.ch>
Date: Tue, 9 Dec 2025 22:20:47 +0100
Subject: [PATCH] tweak the security settings, to allow root login for debuging
 purposes (i.e. when initial-setup does not work)

---
 ingredients/core-security-off.cfg | 4 ++--
 ingredients/core-security-on.cfg  | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/ingredients/core-security-off.cfg b/ingredients/core-security-off.cfg
index dd56139..91966da 100644
--- a/ingredients/core-security-off.cfg
+++ b/ingredients/core-security-off.cfg
@@ -1,3 +1,3 @@
-rootpw --lock --iscrypted locked # Lock the root account. Can still be undone by end-user during initial setup
-selinux --disabled # Disable SELinux ; other option: --enable
+rootpw --plaintext 1234 # Root account is enabled with weak password
+selinux --disabled # Disable SELinux
 firewall --disabled # Disable firewall
\ No newline at end of file
diff --git a/ingredients/core-security-on.cfg b/ingredients/core-security-on.cfg
index 5b5c6e6..64e28a6 100644
--- a/ingredients/core-security-on.cfg
+++ b/ingredients/core-security-on.cfg
@@ -1,3 +1,3 @@
-rootpw --lock --iscrypted locked # Lock the root account. Can still be undone by end-user during initial setup
-selinux --enabled # Enable SELinux ; other option: --disabled
+rootpw --lock # No root login from the console 
+selinux --enabled # Enable SELinux
 firewall --enabled # Enable firewall
\ No newline at end of file