On 19/05/11 01:35, dirk cummings wrote: > On a default install of Fedora 14, and also the latest release candidate > for 15, the user is presented with: > > * An iptables rule that opens port 22 to the world > * sshd service automatically started > * sshd_config with default option: PermitRootLogin yes > > > It's like every new install comes with the keys to the castle hanging on > outside of the door for anyone who comes knocking. > > I find this situation a serious oversight in light of the fact that > Fedora obviously values security (like selinux, or how the installer > forces a minimum password length, etc) > > Any experienced linux user will know to check iptables and disable > unnecessary services, but I wouldn't expect this from a new linux user > (exactly the people the refreshed GNOME experience is supposed to > attract). I think the default configuration should be in the name of > security, and sshd should not be listening on a default port with an > open rule with root login enabled. Things have been like this since, well, forever. See discussions here: https://bugzilla.redhat.com/show_bug.cgi?id=89216 https://bugzilla.redhat.com/show_bug.cgi?id=136289 Paul. -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
