Re: Security Question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2005-02-14 at 10:57 -0800, Scott Becker wrote:
> I started with the default apache user and ran the following commands:
> 
> #bring up apache account-
> mkdir /home/apache
> cp /etc/skel/.* /home/apache
> chown -R apache: /home/apache
> usermod -d /home/apache apache
> usermod -s /bin/bash apache
> 
> This way I can access it with a simple 'su apache' command ran as root 
> and there's a home directory to store the .psql_history file so the 
> command history is saved across sessions. I fear that by setting the 
> shell with 'usermod -s /bin/bash apache' I've opened a can of worms. I 
> just set a password on the account to prevent any more logins but if 
> there's a security hole it would be nice to fix it and if not I would 
> like to know how they logged in and understand the process. I tried 
> (just before setting the password) to login hitting enter for the 
> password and I couldn't get in.
....
> I found nullok twice in the file. Perhaps I couldn't get in on my test 
> because PuTTY doesn't pass null. I guess I shall always set a password 
> from now on.
> 

What does 'getent shadow apache' gives you if you call it from root
account?
If it's something like:  
apache:!!:xxxxx::::::
       ^^ note these. If the exclamation marks are missing it means that
this account is without a password and nullok allows to login to it. But
if the !! (or *) is there it means something is broken on your system if
it allowed login to that account. Can you find the messages from
the /var/log/ surrounding the 'apache logged in from
dsl-82-199-133-138.dutchdsl.nl (82.199.133.138)' message?

-- 
Tomas Mraz <tmraz@xxxxxxxxxx>


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux