Default Fedora installation suffers from egregious configuration flaw
Paul Howarth
paul at city-fan.org
Thu May 19 08:26:06 UTC 2011
On 19/05/11 01:35, dirk cummings wrote:
> On a default install of Fedora 14, and also the latest release candidate
> for 15, the user is presented with:
>
> * An iptables rule that opens port 22 to the world
> * sshd service automatically started
> * sshd_config with default option: PermitRootLogin yes
>
>
> It's like every new install comes with the keys to the castle hanging on
> outside of the door for anyone who comes knocking.
>
> I find this situation a serious oversight in light of the fact that
> Fedora obviously values security (like selinux, or how the installer
> forces a minimum password length, etc)
>
> Any experienced linux user will know to check iptables and disable
> unnecessary services, but I wouldn't expect this from a new linux user
> (exactly the people the refreshed GNOME experience is supposed to
> attract). I think the default configuration should be in the name of
> security, and sshd should not be listening on a default port with an
> open rule with root login enabled.
Things have been like this since, well, forever. See discussions here:
https://bugzilla.redhat.com/show_bug.cgi?id=89216
https://bugzilla.redhat.com/show_bug.cgi?id=136289
Paul.
More information about the security
mailing list