Re: Security Changes For Fedora 9

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2007-12-20 at 19:29 -0800, riley.marquis@xxxxxxxxxxxxxxx wrote:
> Security Updates For Fedora 9
> 
> Greetings!
> I had several ideas for Fedora 9 in regards to improving the security of a
> default installation.
> 
> 1: Disable root account / Use Sudo
Maybe more secure from one point of view maybe less secure from another.
So please no.

> 2: /etc/ssh/sshd_config changes
> -PermitRootLogin no (currently 'yes')
Not before we have a way how to login on remotely installed vnc machine.

> -LoginGraceTime 1m (currently 2m)
If upstream changes it then yes.

> -Banner /etc/issue.net (currently not set)
sshd doesn't support escape sequences which are currently present in
issue.net

> -AllowGroups wheel (currently not set)
No.

> We should also see if the OpenSSH developers would be willing to make
> these changes the default on Portable OpenSSH.
They wouldn't except perhaps the LoginGraceTime change.

> 3: Add wheel group if not present
> If there is no wheel group by default, we should include one in Fedora 9. 
> This means deciding on what Group ID (GID) to use.  Anaconda would need to
> force creation of a user account that is a part of this group.
There is a wheel group by default with root as a member.

> 4: GCC Lockdowns
> With the new GCC-4.3.0 recently built for Fedora 9, we should forbid
> ordinary users access to the programs it contains, incl. rpmbuild, mock,
> etc.  Only members of the wheel, koji, and mock groups should have access
> to software development tools.  Did I miss any groups that should be
> allowed access?
Nonsense.


-- 
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb

--
Fedora-security-list mailing list
Fedora-security-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-security-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Coolkey]

  Powered by Linux