Re: RedHat security

From: Nada Lada (nadalada@spamfree.cox.net)
Date: 06/14/02 

From: "Nada Lada" <nadalada@spamfree.cox.net>
Date: Fri, 14 Jun 2002 06:08:07 GMT

Many of your concerns are addressed by "hardening" scripts like
Bastille-Linux (www.bastille-linux.org) or Trinity-OS
(http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html)
Check these out...

"Yuan Liu" <yliu@stemnet.nf.ca> wrote in message
news:3D097D46.1040606@stemnet.nf.ca...
> Nearly every time I set up a RedHat distribution (starting from 6.0)
> anywhere, I find myself asking the same questions. That's why I don't
> usually dare to install RH if its my own system. Generally I'm quite
> confused about its philosophy. Hope someone can shed a light on these.
>
> 1. If someone is physically at the console, he gets total control.
> - No logon for single user stage. I know several commercial Unises (or
> maybe all of them) behave the same. Guess the main reason is for
> password resetting. But Linux can easily be booted using a floppy, so
> if it is truly needed, you can always do this with a rescue disk.
> Though the end result looks the same, the added difficulty provides some
> deterrence, IMO.
>
> - Anyone, any user can reboot the system. I don't know of another *nix
> doing this and this scares me. I'm on RedHat 7.3 and I don't even have
> to be on a text console; even if I'm in an X-console, I can still do as
> an unprivileged user
> $ reboot
> and send all users to hell. Haven't tested this from a remote session,
> so I group it here. If it also allows any user to do this remotely,
> this is hell proper. Not to mention that the default logon menu has
> this "Reboot" option, just like Windows.
>
> 2. Anyone can mount/umount a floppy or CD by default. Shouldn't the
> default be not able to, then allow the admin to grant privilege? And
> what's wrong with keeping it tight with sudo and stuff?
>
> 3. Anyone can run, sigh, even grub. Does this scare someone other than
> myself?
>
> RH used to have a slew of networking defaults that were not security
> minded. It seems that they are attacking on them over releases. But
> these privilege related things are also essential. Looking at what an
> ordinary user can do in RH makes a full blown virus attack into my
> dreams - nightmare, is this what such a dream is called? The above are
> just a few that bothered me most recently. What do you people think?
> Maybe we should start a log or something.
>
> Yuan Liu
>

Relevant Pages

  • Re: RedHat security
    ... > Nearly every time I set up a RedHat distribution ... any user can reboot the system. ... > ordinary user can do in RH makes a full blown virus attack into my ... > dreams - nightmare, is this what such a dream is called? ...
    (comp.os.linux.security)
  • RedHat security
    ... Nearly every time I set up a RedHat distribution ... any user can reboot the system. ... ordinary user can do in RH makes a full blown virus attack into my ... dreams - nightmare, is this what such a dream is called? ...
    (comp.os.linux.security)
  • RedHat security
    ... Nearly every time I set up a RedHat distribution ... any user can reboot the system. ... ordinary user can do in RH makes a full blown virus attack into my ... dreams - nightmare, is this what such a dream is called? ...
    (comp.os.linux.security)
  • Re: RedHat security
    ... > Nearly every time I set up a RedHat distribution ... If someone is physically at the console, ... any user can reboot the system. ... password on the BIOS, and a password for the boot loader to reduce this ease ...
    (comp.os.linux.security)
  • Re: RedHat security
    ... > Nearly every time I set up a RedHat distribution ... If someone is physically at the console, ... any user can reboot the system. ... password on the BIOS, and a password for the boot loader to reduce this ease ...
    (comp.os.linux.security)