From: Heiko Z. <he...@zu...> - 2009-06-06 19:21:07
|
Quoting Bruce Smith <bw...@re...>: >>> If a new DL install came online on the Internet, would anyone be able >>> to hack the system? sshd and other services shouldn't be started so >>> is there anyway to connect or login other than the local console? >> >> He was actually asking for enabling the network, SSH and Webmin. So >> yes, anybody could connect to it. > > Don't know about webmin, but we could configure SSH to not allow root > login and/or not allow login to accounts without a password. > > Maybe we could config webmin to only listen on the internal network > nic by default? > > Or on boot, if an init script detects root doesn't have a password, we > could generate and assign a random password to root, and display it on > the console. That would keep out remote users. :-) Not sure if this would be worth the effort. I'm currently leaning more towards a "No". -- Regards Heiko Zuerker http://www.devil-linux.org ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. |