2011/5/19 "Jóhann B. Guðmundsson" <johannbg@xxxxxxxxx>: > On 05/19/2011 08:26 AM, Paul Howarth wrote: >> On 19/05/11 01:35, dirk cummings wrote: >>> On a default install of Fedora 14, and also the latest release candidate >>> for 15, the user is presented with: >>> >>> * An iptables rule that opens port 22 to the world >>> * sshd service automatically started >>> * sshd_config with default option: PermitRootLogin yes >>> >>> >>> It's like every new install comes with the keys to the castle hanging on >>> outside of the door for anyone who comes knocking. >>> >>> I find this situation a serious oversight in light of the fact that >>> Fedora obviously values security (like selinux, or how the installer >>> forces a minimum password length, etc) >>> >>> Any experienced linux user will know to check iptables and disable >>> unnecessary services, but I wouldn't expect this from a new linux user >>> (exactly the people the refreshed GNOME experience is supposed to >>> attract). I think the default configuration should be in the name of >>> security, and sshd should not be listening on a default port with an >>> open rule with root login enabled. >> Things have been like this since, well, forever. See discussions here: >> >> https://bugzilla.redhat.com/show_bug.cgi?id=89216 >> https://bugzilla.redhat.com/show_bug.cgi?id=136289 > > Note that saying that it has been like this for ever is not a valid point. > > We have had incident reports here on the university network where a > novice end user both staff and students installed Fedora on their > laptop/workstation and to no surprise were instantly exposed to brute > force attacks without absolutely no idea about it heck those users did > not even know what ssh is in the first place. > > There is no warning or option to disable sshd in Anaconda and the novice > end user receives no notifications about someone trying to connect to > ssh so he is absolutely clueless when that happens so even if he knows > how to react when that occurs he still has no idea if/when it's happening. This came up last year in my and a few other organizations and we pushed back at RH for some change. We said that since the firewall option in the kickstart has a --ssh option, if you don't put the --ssh, it should not enable ssh. Seems fairly obvious. Unfortunately grandfathered brokenness wins, but they did concede to the concept of adding a --no-ssh option for disabling it. It would make sense to expose this option inside the installer's security configuration interface, but I don't believe that part has been done. I'd have thought the code would be pushed into upstream Anaconda, and it may have been, but it doesn't appear that its been documented anywhere. https://bugzilla.redhat.com/show_bug.cgi?id=485086 https://bugzilla.redhat.com/show_bug.cgi?id=703081 https://bugzilla.redhat.com/show_bug.cgi?id=703082 -greg -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
