At 09:27 AM 7/26/01 -0400, you wrote:
Hey,
>I just recently reinstalled Linux and set up CF. When I set everything up I
>used the default "nobody" user to run the service.
>
>This morning I log in and find "nobody" logged in from 64.13.147.85 and
>ftp'ing to hobbiton.org!!! They disconnected after I tried to talk to them,
>and to this point I haven't seen them back in.
>
>Is there some way that I need to close this hole? I did not create a login
>for "nobody", but would it hurt CF if I did and assigned a password?
Nobody probably came with your distribution and does not need a shell to
run cold fusion. Set their default shell to /bin/false. It should also
already have a password.
You also want to wrap your services, probably turn off telnet, and install
firewalling. If you know what I mean by that, bear with me, but just in
case you don't:
Your distribution probably came with Wietse Venema's TCP Wrappers
program. If you have /etc/hosts.deny and /etc/hosts.allow files, you have
TCP wrappers. Add the line
in.telnetd: ALL
to hosts.deny and your machine will refuse telnet requests. (If you're
using telnet and have a static IP, add that IP to
/etc/hosts.allow--"in.telnetd 192.168.99.1," replacing that IP with yours,
of course. SSH is better.)
Your distribution probably also came with IP chains. There are great
firewalling faqs online, including
http://www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO.html
Good luck!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-linux%40houseoffusion.com/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_linux or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
