Author Message

Crooksey









Joined: 26 Apr 2006

Posts: 239

Location: Vatican City ApprenticeJoined: 26 Apr 2006Posts: 239Location: Vatican City

Posted: Wed Jan 19, 2011 12:29 pm Post subject: Great security on UNIX servers So I was in an office today and was setting up a printer, I then get told by the girls working in there....



"when we get stuck we type in this "username" and "password" and "these commands" into the server".



Username: root

password : password



Now this is bad enough, but giving the office users access to a root shell is ridiculous, one potential typo or them trying to type something in could potentially be a nightmare.



Lazy sys admins! But whats new there?

aidanjt









Joined: 20 Feb 2005

Posts: 1118

Location: Rep. of Ireland VeteranJoined: 20 Feb 2005Posts: 1118Location: Rep. of Ireland

Posted: Wed Jan 19, 2011 12:38 pm Post subject:



I didn't think it was possible for UNIX admins to be that incompetent.

_________________

I didn't think it was possible for UNIX admins to be that incompetent._________________ juniper wrote: you experience political reality dilation when travelling at american political speeds. it's in einstein's formulas. it's not their fault.

Naib









Joined: 21 May 2004

Posts: 5844

Location: Removed by Neddy WatchmanJoined: 21 May 2004Posts: 5844Location: Removed by Neddy

Posted: Wed Jan 19, 2011 12:46 pm Post subject: a Linux server used for simulation has permissions 777 on everything.



Looks like root just did: chmod 777 / -R



Had to put an updated version of EFFE on the machine so I scp'ed from local linux machine (in prep to contact IT to untar and redo symlinks) lo and behold EVERYTHING was editable so I could then change /etc/profiles and co

_________________

The best argument against democracy is a five-minute conversation with the average voter

Great Britain is a republic, with a hereditary president, while the United States is a monarchy with an elective king

Crooksey









Joined: 26 Apr 2006

Posts: 239

Location: Vatican City ApprenticeJoined: 26 Apr 2006Posts: 239Location: Vatican City

Posted: Wed Jan 19, 2011 12:46 pm Post subject:



They now have a web server thats more secure (not hard really) than the main UNIX server, i offered to help with the other, but got told not to interfear. Every machine in the office has a desktop icon that directly loads a terminal prompt as well.They now have a web server thats more secure (not hard really) than the main UNIX server, i offered to help with the other, but got told not to interfear.

Crooksey









Joined: 26 Apr 2006

Posts: 239

Location: Vatican City ApprenticeJoined: 26 Apr 2006Posts: 239Location: Vatican City

Posted: Wed Jan 19, 2011 12:51 pm Post subject: Naib wrote: a Linux server used for simulation has permissions 777 on everything.



Looks like root just did: chmod 777 / -R



Had to put an updated version of EFFE on the machine so I scp'ed from local linux machine (in prep to contact IT to untar and redo symlinks) lo and behold EVERYTHING was editable so I could then change /etc/profiles and co



Ive seen simmilar things before, but never on a UNIX server Ive seen simmilar things before, but never on a UNIX server

Dr.Willy









Joined: 15 Jul 2007

Posts: 519

Location: NRW, Germany GuruJoined: 15 Jul 2007Posts: 519Location: NRW, Germany

Posted: Wed Jan 19, 2011 12:56 pm Post subject: Re: Great security on UNIX servers Crooksey wrote: Now this is bad enough, but giving the office users access to a root shell is ridiculous, one potential typo or them trying to type something in could potentially be a nightmare.

With nice tools like With nice tools like op and sudo around, reading this really hurts :\

John-Boy









Joined: 23 Jun 2004

Posts: 442

Location: Desperately seeking moksha in all the wrong places GuruJoined: 23 Jun 2004Posts: 442Location: Desperately seeking moksha in all the wrong places

Posted: Wed Jan 19, 2011 12:59 pm Post subject: Crooksey wrote: offered to help with the other, but got told not to interfear.



Two thoughts to that - if you're a contractor, make sure that they've got your details so when it explodes (and it will) - there's a chance of being called in for the clean up, at an appropriate rate OR if you're not and work there - clear blue water is called for.

_________________

Like the Roman, I seem to see "the River Tiber foaming with much blood"

Crooksey









Joined: 26 Apr 2006

Posts: 239

Location: Vatican City ApprenticeJoined: 26 Apr 2006Posts: 239Location: Vatican City

Posted: Wed Jan 19, 2011 1:00 pm Post subject: As a web developer/admin for them, im in constant contact

pjp









Joined: 16 Apr 2002

Posts: 18551

AdministratorJoined: 16 Apr 2002Posts: 18551

Posted: Wed Jan 19, 2011 4:31 pm Post subject: Crooksey wrote: Ive seen simmilar things before, but never on a UNIX server 8O They'd probably be better of replacing it with a Windows print server.

_________________

Your lips move, but I can't hear what you're saying.

madchaz









Joined: 01 Jul 2003

Posts: 993

Location: Quebec, Canada l33tJoined: 01 Jul 2003Posts: 993Location: Quebec, Canada

Posted: Wed Jan 19, 2011 6:22 pm Post subject: Naib wrote: a Linux server used for simulation has permissions 777 on everything.



Looks like root just did: chmod 777 / -R





That just hurts ...

_________________

Someone asked me once if I suffered from mental illness. I told him I enjoyed every second of it.

That just hurts ..._________________Someone asked me once if I suffered from mental illness. I told him I enjoyed every second of it. www.madchaz.com A small candle of a website. As my lab specs on it.

Shining Arcanine









Joined: 24 Sep 2009

Posts: 1110

VeteranJoined: 24 Sep 2009Posts: 1110

Posted: Wed Jan 19, 2011 11:59 pm Post subject: pjp wrote: Crooksey wrote: Ive seen simmilar things before, but never on a UNIX server They'd probably be better of replacing it with a Windows print server.



That way they will be able to go to <insert malware site here> and download as much malware as they provide free of charge.

pjp









Joined: 16 Apr 2002

Posts: 18551

AdministratorJoined: 16 Apr 2002Posts: 18551

Posted: Thu Jan 20, 2011 12:33 am Post subject: Shining Arcanine wrote: That way they will be able to go to <insert malware site here> and download as much malware as they provide free of charge. Well, given the open unix box, who knows what's on it.

_________________

Your lips move, but I can't hear what you're saying.

Crooksey









Joined: 26 Apr 2006

Posts: 239

Location: Vatican City ApprenticeJoined: 26 Apr 2006Posts: 239Location: Vatican City

Posted: Thu Jan 20, 2011 12:40 pm Post subject: Surprisingly nothing.



But like everything, its only a matter of time.