Re: How can I secure a Debian installation?

To: debian-user@lists.debian.org
Subject: Re: How can I secure a Debian installation?
From: Brian <ad44@cityscape.co.uk>
Date: Tue, 28 Jan 2014 11:57:20 +0000
Message-id: <[🔎] 20140128115719.GI3888@copernicus.demon.co.uk>
In-reply-to: <[🔎] 52E7310A.1050305@q.com>
References: <[🔎] 52E7310A.1050305@q.com>

On Mon 27 Jan 2014 at 20:24:42 -0800, Jon Danniken wrote:

> I recently came across a posting by an individual who got his
> Debian machine compromised due to a number of security problems, one of
> which was the default installation and running of sshd with
> "PermitRootLogin =
> Yes".  in /etc/ssh/sshd_config.

These types of posts are not unusual; what they all generally have in
common is a lack of detail and any evidence that "PermitRootLogin = Yes"
in itself is the cause. Having introduced a FUD factor it is now easier
to promote alternatives without having to justify them.

> So I checked the Debian installation that I put on my laptop a month ago
> (from the Wheezy net install CD), and sure enough I had the same
> vulnerability

"PermitRootLogin = Yes" is upstream's (and Debian's) default setting; it
is not an insecure one. You could introduce an insecurity by using
"password1" as the root password.

> (I fixed it by changing the "PermitRootLogin" value).

If you have a strong password for the root login you wouldn't have fixed
anything.

Reply to:

Follow-Ups:
- Re: How can I secure a Debian installation?
  - From: Jon Danniken <danniken@q.com>

References:
- How can I secure a Debian installation?
  - From: Jon Danniken <danniken@q.com>

Prev by Date: Re: PXE install, without internet?
Next by Date: Re: How can I secure a Debian installation?
Previous by thread: Re: How can I secure a Debian installation?
Next by thread: Re: How can I secure a Debian installation?
Index(es):
- Date
- Thread