Re: possible security flaw.

Mon, 31 May 1999 10:31:19 -0700 

[EMAIL PROTECTED] enscribed thusly:
> Hi,
>       If I can telnet to my system and log in as root is this considered a
> security flaw? If so, how can I correct this?

        A lot of people might disagree but...  IMNSHO, yes, this is a
security flaw.  You don't say what distribution you are running but
removing the ttyp* entries from /etc/securetty should do it.  You might
also want to consider switching to ssh for remote connections rather
than telnet.  There is also an SSL enabled version of telnet available.

        If you've got a lame distro that's allowing remote root telnet
by default there are probably other nasty things they are in the habit
of doing.  Check /etc/inetd.conf for shell, exec, and login entries
(rshd, rexecd, and rlogind).  If you're not using them, comment them out.
If you are using them, consider switching to ssh.  Check for pop* or imap
entries.  If your not using them, commment them out.  If you are using
them consider switching to SSL enabled versions, pop3s and/or imaps.

        In general, inspect /etc/inetd.conf for anything you don't understand
or don't need and comment it out.  Very few of us need echo, chargen,
discard, or daytime.  If you make changes to inetd.conf, be sure the restart
inetd or get him to reload by issuing a "kill -1 {pid_of_inetd}" (make sure
you use a -1 for a SIGINT).

        For more tips (warning... shameless self-promoting plug alert)
check out my article on 10 tips to lock down Linux up on LinuxWorld
<www.linuxworld.com>.  This is the first part of a two parter.  Part one
is basic tips.

> Thanks.
> Dave.

> ___________________________________________________________________
> You don't need to buy Internet access to use free Internet e-mail.
> Get completely free e-mail from Juno at http://www.juno.com/getjuno.html
> or call Juno at (800) 654-JUNO [654-5866]

        Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  [EMAIL PROTECTED]
  (The Mad Wizard)      |  (770) 925-8248   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!

Reply via email to