It is currently Fri May 24, 2013 8:01 am

View unanswered posts | View active topics


Board index » Zenwalk Linux » Security and Monitoring

All times are UTC




Post new topic Reply to topic  Page 1 of 1
  [ 5 posts ] 
  Print view Previous topic | Next topic 
Author Message
mprimrose
 Post subject: Userids, Passwords and Malicious SHHD logins
PostPosted: Fri Sep 21, 2007 4:35 pm 
Senior Zenwalker
Senior Zenwalker
User avatar

Joined: Wed Oct 18, 2006 1:46 am
Posts: 269
Location: Sydney, Australia
The following article makes interesting if somewhat unsettling reading

    http://www.securityfocus.com/infocus/1876

We all, ofcourse, understand the necessity of strong userids and passwords, and if one is named paul, of the necessity of not using your name as a userid.

The problem is that by default Zenwalk is installed with SHHD ON by default. If you dont go on to fully configure SSHD properly, you leave yourself open to the sort of attacks discussed above. Now I'm not entirely sure whether, given that the new Zenwalk firewall stealths all the relevant ports (if it is turned on ofcourse), having an unconfigured SHHD running does pose a security risk and I will admit to not really being game to try it out.Perhaps someone else can shed some light on this.

As a matter of course I tend to turn off all services I dont intend to make use of and this includes SHHD when I am building a new system. If I need the services later I can start them up easily enough and get round to configuring them properly at the same time.

Regards

Michael

BTW I have no idea why paul is a commonly attacked userid. Are the more pauls running linux systems than any other persons or is there a cultural reference I'm missing  ???
 Profile Send private message  
 
guth
 Post subject: Re: Userids, Passwords and Malicious SHHD logins
PostPosted: Sun Sep 23, 2007 9:14 am 
Master of the known universe
Master of the known universe
User avatar

Joined: Sat Mar 18, 2006 1:13 pm
Posts: 1182
easy tricks to avoid ssh attacks (in sshd_config) :
- change ssh port
- use only protocol 2
- set PermitRootLogin to "no"

_________________
Guth
Zenwalk: Don't Panic

 Profile Send private message  
 
energiya
 Post subject: Re: Userids, Passwords and Malicious SHHD logins
PostPosted: Sun Sep 23, 2007 5:55 pm 
Master Zenwalker
Master Zenwalker
User avatar

Joined: Fri Feb 09, 2007 8:40 pm
Posts: 529
Location: Romania
guth wrote:
- change ssh port

Very usefull in avoiding scans from "random" machines. Another usefull trick would be to adapt your iptables rules so that ports are vulnerable only when you use a certain feature. Don't need ssh for now? Make the port invisible.
 Profile Send private message  
 
Borromini
 Post subject: Re: Userids, Passwords and Malicious SHHD logins
PostPosted: Sun Sep 23, 2007 11:15 pm 
Global Moderator
Global Moderator
User avatar

Joined: Fri Mar 10, 2006 4:46 am
Posts: 3631
Location: Still on IPv4
I have discussed this with JP, and I believe he is inclined to turn SSH off by default. However, if your firewall - which I believe should be on by default on a vanilla install - is not allowing SSH logins, SSH running is not that much of an issue.

Since most users are not aware at all of what SSH actually does, it is a good idea not to enable it by default, however.

_________________
Leenucks - the greatest thing since evolution theory || Questions about forum etiquette? Feel free to PM me.

 Profile Send private message  
 
mprimrose
 Post subject: Re: Userids, Passwords and Malicious SHHD logins
PostPosted: Mon Sep 24, 2007 2:43 am 
Senior Zenwalker
Senior Zenwalker
User avatar

Joined: Wed Oct 18, 2006 1:46 am
Posts: 269
Location: Sydney, Australia
Having just installed the Zenwalk 4.8 RC I note that the SSHD service has turned itsself on. All my other service settings and network setting seem to have held the way they were originally configured to be ie before the upgrade to 4.8 RC, only SSHD seems to have decided to start itself up at boot.

I don't know how difficult it is to set the default to off for this service in the full release of Zenwalk 4.8, but it would seem to be the preferable option.

Apart from that Zenwalk seems to have speeded up again.  :o  If you keep improving the performance of my old Pentium III I will have no valid excuses to go and buy a new toy ... I mean work computer  :)

Regards

Michael
 Profile Send private message  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 5 posts ] 

Board index » Zenwalk Linux » Security and Monitoring

All times are UTC


 Who is online

Users browsing this forum: No registered users and 3 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
 

Copyright © 2005-2009 Zenwalk.org. http://www.zenwalk.org/ • The information on this website may not be reproduced, republished or mirrored on another webpage or website without explicit permission of the Zenwalk project.