Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Could the built in accounts that come with Red Hat linux and other distros be used to gain access to a system <such as ssh>?
The built in accounts I refer to are:
bin, daemon, lp, games, rpm, ftp, squid, gopher, etc.
Not the accounts as they are set up to provide security
The servers you have running can be used, however if you are running them and they aren't needed. Don't run an ftp server, for example, unless you know exactly what you are doing.
well, I'm using squid, ssh, vsftpd, apache, samba and I want to use postfix (I havn't got it working yet though, see: my other post I dont know exactly what I'm doing on any of these, but I like the functionality they give me. I have a dsl-modem between my computer and the internet, so I dont think samba will be a problem. Are the default users and settings for vsftpd, apache, ssh, and postfix a security risk?
Originally posted by hotrodowner ... I have a dsl-modem between my computer and the internet, so I dont think samba will be a problem. ...
I am kinda curious as to your reasoning here. What kind of protections does a dsl-modem offer?
I personally would not put up any kind of file-sharing server without a solid firewall between the internet and my file-server. My current setup involves a dsl-modem connected to a Cable/DSL router doing NAT to my computers. I know the NAT provides some security-by-obscurity for me, but I still don't trust that and turn off all unnecessary services. Why risk it, you know.
Originally posted by hotrodowner well, I'm using squid, ssh, vsftpd, apache, samba and I want to use postfix (I havn't got it working yet though, see: my other post I dont know exactly what I'm doing on any of these, but I like the functionality they give me. I have a dsl-modem between my computer and the internet, so I dont think samba will be a problem. Are the default users and settings for vsftpd, apache, ssh, and postfix a security risk?
Squid is a web cache-ing system, unlikely that you need it with a cable connection for yourself.
SSH would allow remove users to securely log in to your machine, again very unlikely you need this.
vsftpd sounds like an ftp deamon, allowing others to browse files on your machine.
apache is the best web server, but do you have a site?
samba allows windows and linux machines to share files and things like printers. Yet again, do you need to allow another machine to use these things?
postfix is a Mail Transfer Agent iirc. If you use web based email (hotmail) or download your email via a POP3 account or something, you dont need to run your own email server.
It's great to learn how to set up and run each of these, but at least ensure you have a very secure firewall system running and you're using the latest bugfixed and updated versions of each piece of software before connecting it to the internet. Testing them on an isolated home network might be a better and safer plan.
Well if you do NOT require the account you can also delete it. I've deleted a couple of users/group I will NOT require. Like games, etc. Well at a Linux system that will act a server ...
1) the DSL modem only forwards ip addresses <or in my case port connections> that I want forwarded. (only ports 21, 22 and 80 are forwarded right now.)
2) I DO need most of those services. I need vsftpd so I can download my WinSCP and windows version of ssh on any computer I use. I need SSH so I can download and upload files from any computer I use <IE: college campus ones>. I need samba so I can use my files on this one computer from my windows machines. I need apache so I can have my own web site <used for later>. I need postfix to learn how to configure an email server (which I have YET to learn!!).
3) I dont know which accounts I need running, I though I didn't need the lp user, till I tried to print!!
Last edited by hotrodowner; 06-01-2003 at 02:32 PM.
to answer your original question: the answer for now is NO, those built in accounts dont have the ability to "log in". You cant ssh to your box and put in user: rpm and a password and expect to get in. I'd leave em alone unless you just dont like it.
Thankyou, that was my worry; was that someone would be able to login to my compuer as a built in account, and then take advantage of a local security flaw and become root. Thank you for your simple answer!!
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,233
Rep:
actually, as they have said, you can't log in as them,they are pseudo accounts, not real users, they have a good purpose, which i havn't seen mentioned in this trhead and that purpose is to minimize the number of root processes that can be hijacked by malicious users, so i would leave them there.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
