i just found out that my Ubuntu Server 6.10 has login shells for almost all users set in the /etc/passwd file!
That’s a very bad idea because this maybe enabled someone to install “Data Cha0s Back Backdoor” on my machine 
I checked this with 2 other fresh Ubuntu Server 6.10 installations and both had the login shells for users like daemon, mail, www-data and so on. Especially www-data should not have a chance to create a shell in my opinion!
So i changed /bin/sh to /usr/sbin/nologin and hope this makes it a bit more secure.
1 ping
Lovely Systems says:
%A %B %e%q, %Y at %I:%M %p (UTC 2 )
Ubuntu Server insecurity?…
i just found out that my Ubuntu Server 6.10 has login shells for almost all users set in the /etc/passwd file!
That’s a very bad idea because this maybe enabled someone to install “Data Cha0s Back Backdoor” on my machine
I checked…