[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: tiger reports

Dave Sherohman wrote:

> > How can anonymous FTP be enabled when I have no FTP server installed?
> 
> Is a config file present in /etc?

What would it be called? There are no files matching the glob "/etc/ftp*".

> It can potentially make superuser access easier to crack unless both
> accounts have strong passwords.  More generally, I suspect that this
> is flagged because it could indicate that your system has been
> compromised and an illicit superuser has been created.

Fair enough. Do I really need sash for anything? Does it really need to
have its own account?

> > that aside, what should be the shell for a disabled account? /bin/false?
> 
> That's probably the most common choice.

So should I set the shell to /bin/false for all accounts that shouldn't
allow a tty or console login? That would include postgres, mail,
www-data, daemon, bin, sys, man, games, lp, uucp, backup, operator,
nobody... For that matter, can some of these be safely deleted? I can
tell that some of them relate to specific services, but I don't know why
there's a "games" user, for example. I gather the "games" group has to
do with shared access to system-wide high-score files, but does a
corresponding user account have to exist also?

Craig
Reply to: