RedHat 5.1 default security.

RedHat 5.1 default security.

Post by mcv » Tue, 19 Jan 1999 04:00:00



Hi,
If I add a user to a RedHat 5.1 box, and they telnet to the system, will
they be able to cause any damage to the system, e.g. - delete files, run
config programs?
Cheers,
Mark.
 
 
 

RedHat 5.1 default security.

Post by Raymond Doetje » Tue, 19 Jan 1999 04:00:00


Depends on where the are in the system. In their home drive yes. But in root
and /sur/bin not usally.
But when you type ls -all you see the file rights and then you know if a
person and a group may delete of edit files.

But I know from all Linux distributions that users cannot dammage the system
accedently even taking actions on purpose is not very easy.

Raymond


> Hi,
> If I add a user to a RedHat 5.1 box, and they telnet to the system, will
> they be able to cause any damage to the system, e.g. - delete files, run
> config programs?
> Cheers,
> Mark.

  vcard.vcf
< 1K Download

 
 
 

RedHat 5.1 default security.

Post by Matt Krac » Wed, 20 Jan 1999 04:00:00



>If I add a user to a RedHat 5.1 box, and they telnet to the system, will
>they be able to cause any damage to the system, e.g. - delete files, run
>config programs?

Whenever you let someone log on to your system, there's the possibility
that they could do * things to it.  However, if you take some simple
precautions, the chances of them doing damage to your system (on purpose
or by accident) is minimized.

First, you'll want to make sure that you don't have any stray suid
programs.  Do a 'find / -perm +4000 -print' to see all the suid
programs on your system.  If any of them don't *need* to be suid,
change their permissions to be normal (ie, 'chmod 755 <filename>').
Programs that use SVGALib (such as zgv, DOOM, Quake, etc) need to
be suid if you want normal users to be able to use them.  If you
don't care about normal users being able to use these programs,
then strip them of the suid bit.  The XFree86 X servers no longer
need to be suid root, just a wrapper script.  I'm pretty sure that
Red Hat 5.1 shipped with the wrapper script, but if it didn't, go
to ftp.redhat.com and get the updated XFree86 packages.  There are
a couple programs, like ping and traceroute, that need to be suid
root if you want normal users to be able to use them.  You don't
*have* to give them access to these programs, though.

By default I don't think Red Hat uses shadow passwords.  You'll want
to enable them.  Type in 'pwconv' to convert your old password file
to shadow password style.  This will make your system much more
secure, since normal users won't be able to copy the encrypted
passwords from /etc/password and crack them.

You'll also probably want to mess with limiting the resources a user
can use up.  You can use disk quotas to keep one user from filling
up your entire /home partition, and you can use ulimit (bash) or
limit (tcsh) to limit the amount of processes or memory that can
be allocated.  Remember to people give people enough room to get
work done.  Setting draconian limits will make your system unusable.
See the man pages for bash and tcsh for instructions on how to set
limits.

That should at least get you started.

 
 
 

RedHat 5.1 default security.

Post by David F » Wed, 20 Jan 1999 04:00:00



> If I add a user to a RedHat 5.1 box, and they telnet to the system, will
> they be able to cause any damage to the system, e.g. - delete files, run
> config programs?

Just an aside, unless you keep up with the security updates a Redhat
5.1 system will have many known exploits.  You probably don't have to
give out an account, some cracker will soon break into your system and
damage it anyway.
--
David Fox           http://hci.ucsd.edu/dsf             xoF divaD
UCSD HCI Lab                                         baL ICH DSCU
 
 
 

RedHat 5.1 default security.

Post by Bill Unr » Thu, 21 Jan 1999 04:00:00



Quote:>If I add a user to a RedHat 5.1 box, and they telnet to the system, will
>they be able to cause any damage to the system, e.g. - delete files, run
>config programs?

They are then users on the system. If you do not give them root
priviledges, they will be limited in the damage they can do, but
certainly damage is not preclueded. Furthermore, It is an axiom that any
legitimate user on a system can become root, and thus have unlimited
control. So, do not give malicious people an account on your system.
 
 
 

1. Redhat 5.1 - default setup - hacked?

I set up a Redhat 5.1 box as an experiment, intending to operate it
alongside my FreeBSD box. I haven't done much with it beyond some
performance testing. It doesn't carry any software other than the packages
provided with Redhat 5.1. I've never had a successful hack attempt with any
version of FreeBSD, however after being up a few days, this shows in
"laston -a -d" on the Redhat box.

cigna    ttyp1        Sun Nov 15 11:50 - 11:56  (00:05)
boramae.desicom.co.kr

User "cigna" was not created by me, and doesn't show up in my password file.
The password file does however, carry a suspicious modification date.
Additionally, the message log shows the following:

(Note that genesis.newtoy.com is not one of my machines, and 205.164.44.73
is not the IP of www.newtoy.com, so I suspect that I'm being delivered
forged name service responses. I would hope that named is intelligent enough
to discard these?)

Nov 15 10:56:25 green named[294]: ns_resp: query(genesis.newtoy.com)
contains our address (NS1.NEWTOY.COM:205.164.44.73)
Nov 15 10:57:08 green identd[3007]: from: 205.161.105.205
( ffml.fanfic.com ) for: 4233, 8888
Nov 15 10:57:08 green identd[3007]: Successful lookup: 4233 , 8888 :
snowfox.root
Nov 15 11:19:37 green named[294]: ns_forw: query(www.newtoy.com) contains
our address (NS1.NEWTOY.COM:205.164.44.73)
Nov 15 11:40:30 green identd[3086]: Successful lookup: 5182 , 23 :
snowfox.root
Nov 15 11:48:07 green kernel: Appletalk 0.17 for Linux NET3.035
Nov 15 11:50:32 green PAM_pwdb[3104]: (login) session opened for user cigna
by (uid=0)
Nov 15 11:50:32 green login[3104]: LOGIN ON ttyp1 BY cigna FROM
boramae.desicom.co.kr

I'd appreciate any suggestions or explanations as to exactly what this
means.

2. Newbie confused by modem terminology

3. ppp redhat 5.1: not replacing default route eth0: MEANING ???

4. Question on changing FTP port 21

5. Is RedHat 5.1's kernel configured for PPP by default?

6. Setting netmasks like 255.255.255.192

7. Default router, PCMCIA and Redhat 5.1

8. Sunfreeware man pages

9. Default XWin desktop in RedHat 5.1

10. Redhat Linux 5.1 has Internet security holes

11. upgrade from Redhat Linux 5.0 to redhat linux 5.1

12. RedHat 5.0 to RedHat 5.1