more secure defaults
Nifty Hat Mitch
mitch48 at sbcglobal.net
Tue Jan 4 19:46:02 UTC 2005
On Mon, Jan 03, 2005 at 07:54:48PM -0800, Greg Gilley wrote:
>
> Is anyone looking at changing the defaults on a lot of the services
> to make them more secure from first install? For example, ssh
> defaults to allowing root login. Another example is vsftpd allows
> anonymous ftp by default. It would seem that if we had a more secure
> set of defaults to begin with, then we'd be setting people up for
> success more than failure.
The defaults are not too bad.
You must enter a pass word for the root account as part of the install
process. Locking ssh and root by default makes it impossible to add
the first real user via network access (breaks the initial install setup
for some folks).
IMO, vsftp and anonymous ftp is almost ok. IIR there is no pub
directory that anonymous can abuse. Most people install vsftp
to have anonymous ftp .... those that do not want anonymous ftp
use sftp.
Your point is still well taken....
Do some bugzilla searches and after some thought
file a bugzilla....
You might find one of the Fedora WIKI sites and begin a
security check list page.
A well organized check list is the meta task list for a security tool
design. With some feedback and review you could include your check
list in /usr/share/doc/HTML and add a link from index.html this could
put the check list 'in the face' of most users.
Interesting topic.
--
T o m M i t c h e l l
spam unwanted email.
SPAM, good eats, and a trademark of Hormel Foods.
More information about the users
mailing list