Re: [MLUG] Lax security practices?

Email address obfuscation in effect -- please click here to turn it off.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: MLUG Members <EMAIL:PROTECTED>
Subject: Re: [MLUG] Lax security practices?
From: Daniel Nowlin <EMAIL:PROTECTED>
Date: Tue, 21 Mar 2006 22:21:03 -0600
Delivery-date: Tue, 21 Mar 2006 22:21:22 -0600
Envelope-to: EMAIL:PROTECTED
In-reply-to: <EMAIL:PROTECTED>
References: <EMAIL:PROTECTED>
Reply-to: MLUG Members <EMAIL:PROTECTED>
Sender: EMAIL:PROTECTED
User-agent: Thunderbird 1.5 (X11/20051201)

WOW yes it is. I even run a service called sshblacklist on my server. It checks the security log (FC4) for any bad user/password and starts a count. When this count for this IP reaches a set number then it adds that IP to an IPTABLES block list. After a set number of days it then removes the IP.

Dan

Phillip Kelchen wrote:

Since I have found myself with two computers running Linux now (my new desktop and my old laptop, both running SuSE 10.0, one 32-bit and one 64-bit.) I have been working on networking the two so that I can put the notes I take on the laptop on the desktop and print on the desktop's printer from the laptop.

One thing I noticed was that I could ssh and login as root by default to either machine with SSH1 or SSH2 (!!!) Doesn't this strike you as a huge security loophole since this is set up this way out of the box? It did for me- enough to hunt down how to properly configure /etc/ssh/sshd_config to disable SSH1 and remote root logins. I would have thought that sort of thing would (should) be disabled by default as it is a security risk and only those who know what they are doing would need to change it. SFTP and SSH to Bengal still work fine after my changes, so I'd imagine that most people's SSHing to other boxes and using SFTP would be unhindered too. You can still su to root on the remote machine granted that you have a shell account and that your account is in the sudoers group.

I guess this kind of thing is how Linux boxes get hacked if they have to allow SSH access to the Internet- brute force the root password via SSH or force the connection to use SSH1 and crack that. SuSE is a rather polished distribution and I guess that there are a lot of new/inexperienced users that are running it totally unaware of the security issue, like I was for the last 2 years. I was behind a router that blocked incoming SSH, but...
Phillip
_______________________________________________ members mailing list EMAIL:PROTECTED http://mlug.missouri.edu/mailman/listinfo/members


--
Daniel Nowlin
IATS - DataCenter


_______________________________________________
members mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/members

Follow-Ups:
- Re: [MLUG] Lax security practices?
  - From: Phillip Kelchen <EMAIL:PROTECTED>
- Re: [MLUG] Lax security practices?
  - From: Josh <EMAIL:PROTECTED>

References:
- [MLUG] Lax security practices?
  - From: Phillip Kelchen <EMAIL:PROTECTED>

Prev by Date: [MLUG] Lax security practices?
Next by Date: Re: [MLUG] Lax security practices?
Previous by thread: [MLUG] Lax security practices?
Next by thread: Re: [MLUG] Lax security practices?
Index(es):
- Date
- Thread