Ubuntu Server insecurity?

i just found out that my Ubuntu Server 6.10 has login shells for almost all users set in the /etc/passwd file!

That’s a very bad idea because this maybe enabled someone to install “Data Cha0s Back Backdoor” on my machine 🙁

I checked this with 2 other fresh Ubuntu Server 6.10 installations and both had the login shells for users like daemon, mail, www-data and so on. Especially www-data should not have a chance to create a shell in my opinion!

So i changed /bin/sh to /usr/sbin/nologin and hope this makes it a bit more secure.

No Comments Yet

1 Ping/Trackback

  1. Lovely Systems on 19.02.2007 at 16:22

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Sprache ändern

Categories

Archives