Files access rights
I have just taken a look at the Debian security and found that Debian is
NOT secure !!!
A lot of files in /etc can be read by all users and they don't need it, so,
it's a security hole.
For exemple, these files :
hosts.deny # The users shouldn't be able to see
hosts.allow # these files. If they have less informations about the system
suid.conf # it is better. A hacker is dangerous only if he has
# informations. W/o, he's nothing.
syslog.conf # In the same way, the file /etc/issue.net shouldn't
# contains the Unix type and even less the
# Distribution/version. For ex.,
ftpusers # If a hacker knows that there is a security hole in login
wu-ftpd-academ/* # v. X.XX which is in Debian Potato, when he will log on,
wwwoffle/* # he'll see
adduser.conf # Debian GNU/Linux potato host.domain.org
anacrontab # and he will be able to break the system.
apache/*
apm/*
apt/*
checksecurity.conf
cron*
dhis/
efax*
exim.conf
fstab
hosts.equiv
inetd.conf
ircd/
isapnp*
lftp.conf
lilo.conf
mailname
limits
login.access
login.defs
makedev.cfg
mtab
modules
modutils/
networks
news/
pam*
rc*
samba*
vnc.conf
Why do so many maintainers give too many rights ? All these files have
-rw-r--r--.
If this is a Debian policy rule, you should change it.
I've another question. Why is the umask command in .bash_profile instead of
in .bashrc.
.bash_profile is only for login shell and umask is not usufull in these
case only.
As .bashrc is sourced by .bash_profile, it's not a problem for login shell
to put it in .bashrc, isn't it ?
Ah ! I forgot, how to monitor FTP activity like Warftpd under Windoze ?
--
// -----oOo----- ---------oOo-------- -------oOo------\\
| Sami Dalouche | samid@ifrance.com | AIM : linhax |
| 01.34.83.16.76 | linhax@ifrance.com | ICQ : 25529539 |
\\ -----oOo----- ---------oOo-------- -------oOo------//
Reply to: