Re: more secure defaults

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Jan 03, 2005 at 07:54:48PM -0800, Greg Gilley wrote:
> 

> Is anyone looking at changing the defaults on a lot of the services
> to make them more secure from first install? For example, ssh
> defaults to allowing root login. Another example is vsftpd allows
> anonymous ftp by default. It would seem that if we had a more secure
> set of defaults to begin with, then we'd be setting people up for
> success more than failure.

The defaults are not too bad.

You must enter a pass word for the root account as part of the install
process.  Locking ssh and root by default makes it impossible to add
the first real user via network access (breaks the initial install setup
for some folks).

IMO, vsftp and anonymous ftp is almost ok.  IIR there is no pub
directory that anonymous can abuse.  Most people install vsftp 
to have anonymous ftp ....  those that do not want anonymous ftp
use sftp.

Your point is still well taken....
Do some bugzilla searches and after some thought 
file a bugzilla....

You might find one of the Fedora WIKI sites and begin a
security check list page.   

A well organized check list is the meta task list for a security tool
design.  With some feedback and review you could include your check
list in /usr/share/doc/HTML and add a link from index.html this could
put the check list 'in the face' of most users.

Interesting topic.  




-- 
	T o m  M i t c h e l l 
	spam unwanted email.
	SPAM, good eats, and a trademark of  Hormel Foods.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux