Default Fedora installation suffers from egregious configuration flaw
aragonx at dcsnow.com
aragonx at dcsnow.com
Thu May 19 17:40:47 UTC 2011
> Or simply have a page asking the user whether or not to enable ssh?
I
> can't recall off the top of my head, but I believe there is a
screen
> where you ask if you want the firewall enabled, right?
Why not have a
> very obvious checkbox: "[ ] Enable ssh at
boot" and if the user checks
> it off, set the firewall to
allow ssh and turn ssh on. If the user does
> _not_ check it off
(aka they are sitting back and saying "what is this
> ssh
thing they speak of?") then have the firewall block port 22 and
> chkconfig ssh off.
Isn't that only part of the
solution? Why would we ever need to have PermitRootLogin to
true? My memory is a little rusty but I'm pretty sure the install
forces the creation of a user account.
I've never done a
headless install so I know nothing about how that works. However, we
shouldn't let a minority of installations compromise the security of the
majority. As someone has already pointed out, can't they have a
different spin to allow whatever they might need?
Are there any
other services that are listening by default and allowed through the
firewall? I believe there should be none of either. However, I
have been called paranoid in the past. :)
---
Will
Y>
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/security/attachments/20110519/666fd8b3/attachment.html
More information about the security
mailing list