On a default install of Fedora 14, and also the latest release candidate for
15, the user is presented with:
An iptables rule that opens port 22 to the worldsshd service automatically
startedsshd_config with default option: PermitRootLogin yes
It's like every new install comes with the keys to the castle hanging on
outside of the door for anyone who comes knocking.
I find this situation a serious oversight in light of the fact that Fedora
obviously values security (like selinux, or how the installer forces a minimum
password length, etc)
Any experienced linux user will know to check iptables and disable unnecessary
services, but I wouldn't expect this from a new linux user (exactly the people
the refreshed GNOME experience is supposed to attract). I think the default
configuration should be in the name of security, and sshd should not be
listening on a default port with an open rule with root login enabled.
~Team Edward~
--
security mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/security
