Re: Default Fedora installation suffers from egregious configuration flaw

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The default Fedora 14 includes a rule to except all multicast dns:
ACCEPT     udp  --  0.0.0.0/0            224.0.0.251         state NEW
udp dpt:5353

-Joe

On Thu, May 19, 2011 at 1:49 PM, Kevin Fenzi <kevin@xxxxxxxxx> wrote:
> On Thu, 19 May 2011 13:40:47 -0400
> aragonx@xxxxxxxxxx wrote:
>
>> Isn't that only part of the
>> solution?  Why would we ever need to have PermitRootLogin to
>> true?  My memory is a little rusty but I'm pretty sure the install
>> forces the creation of a user account.
>
> No, it does at firstboot.
>
> If you install a headless machine, you have no way to make a user
> without logging in as root and making one.
>
>> I've never done a
>> headless install so I know nothing about how that works.  However, we
>> shouldn't let a minority of installations compromise the security of
>> the majority.  As someone has already pointed out, can't they have a
>> different spin to allow whatever they might need?
>
> I think there are solutions to this, but they should be worked with the
> anaconda folks, rather than here. ;)
>
>> Are there any
>> other services that are listening by default and allowed through the
>> firewall?  I believe there should be none of either.  However, I
>> have been called paranoid in the past.  :)
>
> Nope. Not on a default install anymore I don't think...
>
> kevin
>
> --
> security mailing list
> security@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/security
>
--
security mailing list
security@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/security



[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Coolkey]

  Powered by Linux