change the last /etc/passwd field from like /bin/sh to perhaps /bin/false
some of those accounts might have this last field empty, and they are at
risk, set them to something also like /bin/false.
Thanks,
Ron DuFresne
On Mon, 8 Jan 2001, SAGI MINI wrote:
> There is a suggestion that in order to secure the OS, the following need to
> set to noshell:
>
> daemon shell, bin shell, sys shell, adm shell, lp shell, smtp shell, uucp
> shell, listen shell, nobody shell ,etc.
>
> What exactly do they mean by putting shell to noshell. It was claimed that
> any process such as lp daemon even without granting a password to the
> account is able to access to the system provided the shell environemnt is
> available.
>
> If such, how the above is possible to achieve and what are those
> configuration need to be considered. Please advise.
>
> regards.
> _________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
