Re: Should I give passwords to server ids?
From: WarpKat (uce@ftc.gov)Date: 10/15/02
- Next message: WarpKat: "Re: slow access to my web server using ipchains"
- Previous message: WarpKat: "Re: Ports 80 and 8080 Blocked!"
- In reply to: Sundial Services: "Should I give passwords to server ids?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: WarpKat <uce@ftc.gov> Date: Tue, 15 Oct 2002 11:55:29 -0700
Sundial Services wrote:
>
> After the aforementioned scare involving the user "news," I began to
> wonder.
>
> There are several user-ids associated with daemons. Some have a shell
> other than /false/ or /nolog/.
>
> What are the passwords to these daemon accounts? Are they predictable?
> Should they be changed? If so, what will break?
The daemons do not have any passwords by default. If someone were to
bruteforce the passwords to the daemons, they could run applications with
the permissions of the server daemons and possibly cause some harm.
The daemon users should never have passwords.
- Next message: WarpKat: "Re: slow access to my web server using ipchains"
- Previous message: WarpKat: "Re: Ports 80 and 8080 Blocked!"
- In reply to: Sundial Services: "Should I give passwords to server ids?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
