Google
  Web www.spinics.net

Re: Default Fedora installation suffers from egregious configuration flaw

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On 05/19/2011 01:18 PM, Kevin Fenzi wrote:
> The reason for this has been headless installs. Ie, if you install via
> vnc or the like, and finish the install and reboot and don't have
> access to the physical console, ssh is your only way to access the
> newly installed machine and setup accounts, etc.
>
> If someone can come up with a solution that covers this case, we could
> revisit this, but it's not an case thats easy to fix in any kind of
> clean way. ;(
>
> If it's brute force attacks that are the vector of concern, perhaps we
> could look at a default hashlimit rule in front of the ssh. (ie, 1
> attempt per minute or the like).

I would think admins that are doing headless install would be doing them 
via PXE+Cobbler with .ks files not via the DVD

If they do they should create their own iso for that case or server sig 
spin one for them since we hand out dvd to novice end users.

Anyway there came an interesting discussion out of this thread at work 
on who was legally liable for any harm/financial damage that might be 
caused from bad default options like this which I have now forwarded to 
legal to clarify.

JBG
--
security mailing list
security@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/security


[Home]     [Fedora Legacy List]     [Fedora Maintainers]     [Fedora Desktop]     [Red Hat 9 Bible]     [Fedora Bible]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Coolkey]     [Fedora Tools]

Powered by Linux

Google
  Web www.spinics.net