[prev in list] [next in list] [prev in thread] [next in thread] 

List:       clamav-users
Subject:    RE: [Clamav-users] clamav user password
From:       Kenneth Byrne <kbyrne () espatial ! com>
Date:       2006-02-23 17:07:13
Message-ID: 5F8F382AE551D611BF6100508BF38146019B893E () essex01 ! ess ! com
[Download RAW message or body]

> -----Original Message-----
> From: Damian Menscher [mailto:menscher@uiuc.edu]
> Sent: 23 February 2006 16:46
> To: ClamAV Users
> Subject: [Clamav-users] clamav user password
> 
> Just saw in my logs a couple of the password-guessing ssh bots were 
> making attempts at the clamav user's password.  Everyone please make 
> sure you have locked this account!
> 
> (Sorry to bother all of you for whom this is common sense, 
> but I'm sure 
> it'll wake up someone on this list.  Oh, and please don't go 
> onto some 
> OT thread about running ssh on some high-numbered port, or disabling 
> password auth, or using port-knocking.)

This really isn't anything new, it would be helpful if you told those
who didn't know about this how to lock the accounts: 
At the very least service accounts like apache/clamav/amavisd etc should
always 
be added to DenyUsers in the your relevant sshd_config and/or have a
/bin/false 
or /sbin/nologin shell entry in /etc/passwd .. unless theres a very good
reason
for requiring a shell login.

Regards,
Ken
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
[prev in list] [next in list] [prev in thread] [next in thread]