|
Built in accounts a threat?
Could the built in accounts that come with Red Hat linux and other distros be used to gain access to a system <such as ssh>?
The built in accounts I refer to are: bin, daemon, lp, games, rpm, ftp, squid, gopher, etc. |
Not the accounts as they are set up to provide security
The servers you have running can be used, however if you are running them and they aren't needed. Don't run an ftp server, for example, unless you know exactly what you are doing. |
well, I'm using squid, ssh, vsftpd, apache, samba and I want to use postfix (I havn't got it working yet though, see: my other post I dont know exactly what I'm doing on any of these, but I like the functionality they give me. I have a dsl-modem between my computer and the internet, so I dont think samba will be a problem. Are the default users and settings for vsftpd, apache, ssh, and postfix a security risk?
|
Here are some good security guides.
# Basic security Linux Questions Security references Security Help Files Firewalls and Security |
Quote:
I personally would not put up any kind of file-sharing server without a solid firewall between the internet and my file-server. My current setup involves a dsl-modem connected to a Cable/DSL router doing NAT to my computers. I know the NAT provides some security-by-obscurity for me, but I still don't trust that and turn off all unnecessary services. Why risk it, you know. |
Quote:
SSH would allow remove users to securely log in to your machine, again very unlikely you need this. vsftpd sounds like an ftp deamon, allowing others to browse files on your machine. apache is the best web server, but do you have a site? samba allows windows and linux machines to share files and things like printers. Yet again, do you need to allow another machine to use these things? postfix is a Mail Transfer Agent iirc. If you use web based email (hotmail) or download your email via a POP3 account or something, you dont need to run your own email server. It's great to learn how to set up and run each of these, but at least ensure you have a very secure firewall system running and you're using the latest bugfixed and updated versions of each piece of software before connecting it to the internet. Testing them on an isolated home network might be a better and safer plan. |
Well if you do NOT require the account you can also delete it. I've deleted a couple of users/group I will NOT require. Like games, etc. Well at a Linux system that will act a server ...
|
1) the DSL modem only forwards ip addresses <or in my case port connections> that I want forwarded. (only ports 21, 22 and 80 are forwarded right now.)
2) I DO need most of those services. I need vsftpd so I can download my WinSCP and windows version of ssh on any computer I use. I need SSH so I can download and upload files from any computer I use <IE: college campus ones>. I need samba so I can use my files on this one computer from my windows machines. I need apache so I can have my own web site <used for later>. I need postfix to learn how to configure an email server (which I have YET to learn!!). 3) I dont know which accounts I need running, I though I didn't need the lp user, till I tried to print!! |
to answer your original question: the answer for now is NO, those built in accounts dont have the ability to "log in". You cant ssh to your box and put in user: rpm and a password and expect to get in. I'd leave em alone unless you just dont like it.
|
Thankyou, that was my worry; was that someone would be able to login to my compuer as a built in account, and then take advantage of a local security flaw and become root. Thank you for your simple answer!!
|
actually, as they have said, you can't log in as them,they are pseudo accounts, not real users, they have a good purpose, which i havn't seen mentioned in this trhead and that purpose is to minimize the number of root processes that can be hijacked by malicious users, so i would leave them there.
|
| All times are GMT -5. The time now is 02:41 PM. |