Re: tiger reports
Dave Sherohman wrote:
> > How can anonymous FTP be enabled when I have no FTP server installed?
>
> Is a config file present in /etc?
What would it be called? There are no files matching the glob "/etc/ftp*".
> It can potentially make superuser access easier to crack unless both
> accounts have strong passwords. More generally, I suspect that this
> is flagged because it could indicate that your system has been
> compromised and an illicit superuser has been created.
Fair enough. Do I really need sash for anything? Does it really need to
have its own account?
> > that aside, what should be the shell for a disabled account? /bin/false?
>
> That's probably the most common choice.
So should I set the shell to /bin/false for all accounts that shouldn't
allow a tty or console login? That would include postgres, mail,
www-data, daemon, bin, sys, man, games, lp, uucp, backup, operator,
nobody... For that matter, can some of these be safely deleted? I can
tell that some of them relate to specific services, but I don't know why
there's a "games" user, for example. I gather the "games" group has to
do with shared access to system-wide high-score files, but does a
corresponding user account have to exist also?
Craig
Reply to: