Re: How to Restart the service sshd in Fedora Linux System ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: "Ed Greshko" <Ed.Greshko@xxxxxxxxxxx>
Sent: Tuesday, 2008, December 23 16:30


jdow wrote:
Directory /etc/ssh - should be drwxr-xr-x. The world must have the
rights to read and enter the directory but not write to it.

Most of the files should be -rw-------. Only root can read or write
them. None should have x permission. And ssh_config and the .pub
files should be -rw-r--r--.

Nobody but root should be able to write to that directory under any
circumstance or your system is open to exploitation.

Each user ~/.ssh directory should be drwxr-xr-x. Each file should be
-rw-r--r--. (This is probably wrong. The directory probably should be
drwx------ and the files should be -rw-------. But under RedHat and
Fedora home directories are drwx------, so people who do not belong
can't get to the directory in the first place.
Yes, your second statement is "more" correct.  The ~/.ssh directory
should be drwx------.

While, as you point out, it won't make a difference in cases where one
doesn't alter the defaults of user creation.  In cases where you assign
groups or add users to various groups it could become a factor.  So as
not to tax ones memory I feel it is good practice to advise drwx------.


<<jdow
The main take away should be that while compacency often works rigor
is better. After installing the rigor one can turn off the SELinux "stuff" if
that is needed and still be relatively stage.

{^_-}
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux