security questions

To: debian-user@lists.debian.org
Subject: security questions
From: Peter Jay Salzman <p@belial.ucdavis.edu>
Date: Sat, 28 Oct 2000 10:06:56 -0700 (PDT)
Message-id: <Pine.LNX.4.21.0010281000440.17174-100000@belial.ucdavis.edu>

i just installed a host security checker, tiger (TARA?) which is more or
less along the lines of what i remember from dan farmer's COPS (a loooong
time ago!)

it had a number of complaints about accounts which were disabled but had
valid shells.  like this one:

	www-data:x:33:33:www-data:/var/www:/bin/sh

why, exactly, is this a security risk?  is tiger expecting something along
the lines of:

	www-data:x:33:33:www-data:/var/www:

what is the hangup here?


also, i noticed that some accounts which are disabled are given a shell of
/bin/false:

	ftp:x:100:65534::/home/ftp:/bin/false

tiger seemed to hate this too.  i tried playing around with /bin/false.
can't seem to figure out what it is.  whatever it is, it's tiny.  only 4 kb
long.

thanks!
pete

Reply to:

Follow-Ups:
- Re: security questions
  - From: Robert Waldner <Waldner@KPNQwest.at>
- /bin/false (was Re: security questions)
  - From: kmself@ix.netcom.com

Prev by Date: Second post about: Warning: Ron = 43, Rloop = 10, Roff = 46
Next by Date: Re: ipchains and netfilter on 2.4.0-test9
Previous by thread: Second post about: Warning: Ron = 43, Rloop = 10, Roff = 46
Next by thread: Re: security questions
Index(es):
- Date
- Thread