Challenge yourself to get rid of insecure software.

    Date02 Jun 2003
    2819
    Posted ByAnthony Pell
    System setups that are known to be buggy can persist for far too long unless you force yourself to take the time to revisit them periodically.. . . System setups that are known to be buggy can persist for far too long unless you force yourself to take the time to revisit them periodically.

    I'm on a lot of mailing lists, including one for my local LUG (Linux user's group) and tend to respond to a lot of questions from complete strangers. For some reason it seems that in the last few weeks I've fielded an increased number of emails that I don't want to help out on, for example

    1. "I can't get telnet to my machine - how can I disable the firewall?"
    2. "I can telnet fine, but not as root, I need to su. How can I let root log in from the network directly over telnet?"
    3. "I'm trying to change the password for a user, but it only let's me choose passwords that are longer than 4 characters, what's wrong?"

    Each time I hear questions like this I take a deep breath. I know the answers:

    1. ipchains -F or iptables -F, assuming the default policy is "ACCEPT".

    2.   for tty in `perl -e 'print join " ", 1..30, "\n"'`   do    echo "/dev/pts/$tty" >> /etc/securetty   done 

    3. Edit /etc/pam.d/passwd, remove the min= argument f rom the password required line.

    The problem is that they want to do things to which I personally object, things that decrease the security of their systems.

    People like to use the tools they're familiar with. Retraining people to do things in a new (more secure) way is very difficult. For instance when I took over a cluster of SGIs years ago I installed SSH across the board, but needed to leave telnet enabled for the PC users who needed to be able to log in.

    However even those with Unix boxen on their desk, on which ssh was installed, didn't want to use SSH. I'd even set up users with passwordless logins and host-based trust across the machines. I noted the savings of three characters in "ssh" vs "telnet". Nothing worked until I replaced /usr/bin/telnet with a shell script that looked something like this:

    ...

    You are not authorised to post comments.

    LinuxSecurity Poll

    Do you reuse passwords across multiple accounts?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    13
    radio
    [{"id":"55","title":"Yes","votes":"5","type":"x","order":"1","pct":45.45,"resources":[]},{"id":"56","title":"No","votes":"6","type":"x","order":"2","pct":54.55,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.