Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Worst setting(s) in /etc
From: dagershman_dgt at dagertech.net (David A. Gershman)
Date: Wed, 3 Jun 2009 13:21:42 -0700 (PDT)


Root password?  You had a root password?

Rlogin and hosts.equiv ranks up there with writing the root password
on a whiteboard in BIG letters


------Original Message------
From: Nicholas B.
Sender: pauldotcom-bounces at mail.pauldotcom.com
To: Pauldotcom at mail.pauldotcom.com
ReplyTo: PaulDotCom Security Weekly Mailing List
Subject: [Pauldotcom] Worst setting(s) in /etc
Sent: Jun 3, 2009 2:02 PM

A little ninja suggested that I post this to the list as well
(originally in the pdc forums):

Over the years I've seen a number of really bad configuration settings
that can lead to compromise or unwanted information disclosure on *nix
systems.  Amongst these a common issue is configuration of NFS for
easy of doing everything.  The setting I'm talking about is found in
the /etc/exports file and may appear something like:

/home      192.168.0.*(rw,no_root_squash,insecure)

This leads to giving full write access as root the everything in the
/home directory to every IP address in the 192.168.0.0/24 subnet able
to connect to the system via NFS.

I'd like to know what poor configuration settings have others run
across on *nix systems that are done for convenience and/or lack of
knowledge concerning the settings found in these files.
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


Sent from my Verizon Wireless BlackBerry
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com



---------------
David A. Gershman
gershman at dagertech.net
http://dagertech.net/gershman/
"It's all about the path!" --d. gershman


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]