Rlogin and hosts.equiv ranks up there with writing the root password on a whiteboard in BIG letters
------Original Message------ From: Nicholas B. Sender: [email protected] To: [email protected] ReplyTo: PaulDotCom Security Weekly Mailing List Subject: [Pauldotcom] Worst setting(s) in /etc Sent: Jun 3, 2009 2:02 PM A little ninja suggested that I post this to the list as well (originally in the pdc forums): Over the years I've seen a number of really bad configuration settings that can lead to compromise or unwanted information disclosure on *nix systems. Amongst these a common issue is configuration of NFS for easy of doing everything. The setting I'm talking about is found in the /etc/exports file and may appear something like: /home 192.168.0.*(rw,no_root_squash,insecure) This leads to giving full write access as root the everything in the /home directory to every IP address in the 192.168.0.0/24 subnet able to connect to the system via NFS. I'd like to know what poor configuration settings have others run across on *nix systems that are done for convenience and/or lack of knowledge concerning the settings found in these files. _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com Sent from my Verizon Wireless BlackBerry _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
