'Re: shells (or lack thereof) and associated risks'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       focus-sun
Subject:    Re: shells (or lack thereof) and associated risks
From:       Mark Femal <mark () BEANTREE ! COM>
Date:       2000-06-29 23:01:25
[Download RAW message or body]

I would agreee.  Syslog logging is a must IMHO.  Titan is a really good
set of tools to look into.  I never caught the use of noshell in the
distribution (http://www.fish.com/titan/src1/noshell.c).  Plus, you can
use Wes Peters' nologin.c at
ftp://ftp.xmission.com/pub/users/s/softweyr/pub/nologin.c

They are simple but effective (especially when combined with swatch)

Perhaps someone else could speak more about the ramifications for doing
this to certain system accounts.  Which ones you should or shouldn't do
this too?  As far as I know, I don't know of any ill-effects of doing this
to most system accounts but I'm not sure the impacts of a lot of the
services that are in inetd.conf since most are disabled in our
environment.

On Thu, 29 Jun 2000, Dobson, Jed wrote:

> noshell from titan (www.fish.com/security) or /sbin/nologin
>
> -jed
>
> -----Original Message-----
> From: Fritsch, Josh [mailto:Josh.Fritsch@DIGEX.COM]
> Sent: Thursday, June 29, 2000 1:29 PM
> To: FOCUS-SUN@SECURITYFOCUS.COM
> Subject: shells (or lack thereof) and associated risks
>
>
> I'm wondering what the general feeling is on system accounts and their shell
> settings.
>
> The way I see it, there are four basic options:
>
> A valid shell
> -----------------------------------------------
> daemon:x:1:1::/:/bin/sh
>
>
> A script that immediately exits
> ------------------------------------------------
> daemon:x:1:1::/:/bin/false
>
>
> Point to a non-existent file
> ------------------------------------------------
> daemon:x:1:1::/:/bin/foo
>
>
> Nothing at all
> -------------------------------------------------
> daemon:x:1:1::/:
>
> Certainly, giving system accounts a valid shell poses a security risk - -
> but did you know that if no shell is specified, Solaris seems to default to
> /bin/sh? (at least with an su)
>
> However, if /bin/false or a non-existent file are used, then root cannot
> switch to that user (perhaps needed to su to 'ftp').
>
> I'm curious to know what the general consensus is on which setup to use - -
> particularly the security risks or benefits related to each.
>
> -Josh
>

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic