> From: "Scott" <[EMAIL PROTECTED]>
>
> Dan,
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of Dan Horth
> > Sent: Monday, September 18, 2000 5:19 AM
> > To: [EMAIL PROTECTED]
> > Subject: Re: Help ! This is a exploit ? What I do to do .
> >
> >
> > seems like a brute force attack on your ftp server - indications are
> > that the attack was successfully averted... but you really should do
> > plenty of other checks before deciding that your server is secure...
> > try this checklist:
> >
> > http://www.cert.org/tech_tips/intruder_detection_checklist.html
> >
> > it's interesting that they're trying specific user names towards the
> > end rather than just generic accounts such as root and bin and lp...
> > they got those names from your /etc/passwd file which is being
> > publicly advertised right now (I had a look just then) on your ftp
> > server... if you had shell access enabled for any of your users in
> > that list, with weak passwords on them then the attacker would have
> > been able to get local user access pretty easily on your server...
> > https://listman.redhat.com/mailman/listinfo/redhat-list
>
> Couldn't he just chmod /etc/passwd to 600? Thus disallowing viewing of this
> file. What are the problems that may arise from this change?
>
> Scott
> [EMAIL PROTECTED]
I'm pretty certain this will "break" lots of things. Unix requires a
world readable /etc/passwd so that many commands work. This is why
shadow passwords were invented - /etc/passwd is world readable but
does not contain the encrypted password and then /etc/shadow (or
whatever it is called) is readable only by root and contains the
passwords.
Dave
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
