Default Fedora installation suffers from egregious configuration flaw

dirk cummings sexynaya2010 at
Thu May 19 00:35:38 UTC 2011

On a default install of Fedora 14, and also the latest release candidate for 15, the user is presented with:

An iptables rule that opens port 22 to the worldsshd service automatically startedsshd_config with default option: PermitRootLogin yes
It's like every new install comes with the keys to the castle hanging on outside of the door for anyone who comes knocking.

I find this situation a serious oversight in light of the fact that Fedora obviously values security (like selinux, or how the installer forces a minimum password length, etc)

Any experienced linux user will know to check iptables and disable unnecessary services, but I wouldn't expect this from a new linux user (exactly the people the refreshed GNOME experience is supposed to attract).  I think the default configuration should be in the name of security, and sshd should not be listening on a default port with an open rule with root login enabled.

~Team Edward~
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the security mailing list