Re: Fedora change that will probably affect RHEL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 7/30/2015 2:23 PM, Nathan Duehr wrote:
>On Jul 30, 2015, at 12:20, Warren Young<wyml@xxxxxxxxxxx>  wrote:
>
>Meanwhile over here in CentOS land, you still see SSH password guessers banging on every public IP that responds to port 22.  Why?  Because it still occasionally works.  Increase the password strength minima, and this class of worm, too, will quickly die out.
If the Windows fix was firewall on by default, why isn’t that the appropriate “fix" for Linux distros? Why mess with the password strength or which daemons are running?

Seems like it adds the necessary step of “STOP: If you turn off this, you’d better know what you’re doing”, without messing around with default settings of packages and/or password library configuration files.


if sshd is firewalled by default, why even run it?



--
john r pierce, recycling bits in santa cruz

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux