+1 vote for the solution you recommended, Vincent. ----- Original Message ---- > From: Vincent Danen <vdanen@xxxxxxxxxx> > To: Kevin Fenzi <kevin@xxxxxxxxx> > Cc: security@xxxxxxxxxxxxxxxxxxxxxxx > Sent: Thu, May 19, 2011 11:08:06 AM > Subject: Re: Default Fedora installation suffers from egregious configuration >flaw > > * [2011-05-19 07:18:38 -0600] Kevin Fenzi wrote: > > >On Wed, 18 May 2011 17:35:38 -0700 > >dirk cummings <sexynaya2010@xxxxxxxxxxx> wrote: > > > >> > >> On a default install of Fedora 14, and also the latest release > >> candidate for 15, the user is presented with: > >> > >> An iptables rule that opens port 22 to the worldsshd service > >> automatically startedsshd_config with default option: PermitRootLogin > >> yes It's like every new install comes with the keys to the castle > >> hanging on outside of the door for anyone who comes knocking. > >> > >> I find this situation a serious oversight in light of the fact that > >> Fedora obviously values security (like selinux, or how the installer > >> forces a minimum password length, etc) > >> > >> Any experienced linux user will know to check iptables and disable > >> unnecessary services, but I wouldn't expect this from a new linux > >> user (exactly the people the refreshed GNOME experience is supposed > >> to attract). I think the default configuration should be in the name > >> of security, and sshd should not be listening on a default port with > >> an open rule with root login enabled. > > > >The reason for this has been headless installs. Ie, if you install via > >vnc or the like, and finish the install and reboot and don't have > >access to the physical console, ssh is your only way to access the > >newly installed machine and setup accounts, etc. > > > >If someone can come up with a solution that covers this case, we could > >revisit this, but it's not an case thats easy to fix in any kind of > >clean way. ;( > > > >If it's brute force attacks that are the vector of concern, perhaps we > >could look at a default hashlimit rule in front of the ssh. (ie, 1 > >attempt per minute or the like). > > Or simply have a page asking the user whether or not to enable ssh? I > can't recall off the top of my head, but I believe there is a screen > where you ask if you want the firewall enabled, right? Why not have a > very obvious checkbox: "[ ] Enable ssh at boot" and if the user checks > it off, set the firewall to allow ssh and turn ssh on. If the user does > _not_ check it off (aka they are sitting back and saying "what is this > ssh thing they speak of?") then have the firewall block port 22 and > chkconfig ssh off. > > It's not difficult. Those who need ssh will know what it is and will > turn it on. Those who don't (probably the majority) will leave it off > and be protected. > > I think that would cover all areas of concern without > unnecessary/needless rate-limiting or changing sshd_config, etc. And > it's one more UI element during install (and presumably something that > could set in a kickstart file as well as a result). > > -- > Vincent Danen / Red Hat Security Response Team > -- > security mailing list > security@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/security > -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
