[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] SSH security issues.
- Subject: Re: [cobalt-users] SSH security issues.
- From: SteelHead <brk@xxxxxxxx>
- Date: Sun Jun 24 11:18:01 2001
- Organization: Linuxhelpers
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
I have an isp running SunOS. with 4 sehell accounts, I have *never* been
able to slip outside my assigned tree. ( I have pasted the login screens
below) I am not a crazed 13 year old with nothing to do but crack sites,
which means I am not the perfect example of a cracker. Decent, competent,
but not the ultimate.
I *believe* the best approach is to use chroot and friends to thier best
abilites, and be sure that all "su" access is lockout enabled and keep logs
on *who* accesses what.
Your best defense, as Steve Gibson suggests, is to know the enemy, put up
the best defenses, keep backups of the important stuff, and just let it
happen, then learn quick what went wrong to prevent the next attack.
My meager 2 cents.
Bill
----- Original Message -----
From: "chris" <chris@xxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Sunday, June 24, 2001 6:26 PM
Subject: [cobalt-users] SSH security issues.
>
> I have problems with SSH.
>
>
> I run web hosting, and I give users access to SSH, the problem is they
> are able to READ all files on the server including phpmyadmin on our
> main domain which has the mysql user/pass.
>
>
> That is a pretty large security issue, but everyone seems to think its
> unfixable (if so I geuss telnet is no longer a option for customers)
>
>
> Also a privacy issue, because people can view everyone who is hosted by
> us on the server.
>
>
> Anyone know how to make it so that you can limit a users SSH access to
> there account only?
>
>
> Thanks,
> Chris
>
>
login as: brk2
Sent username "brk2"
brk2@xxxxxxxxxxxxx's password:
Last login: Sun Jun 24 16:40:58 2001 from ppp-xxx.xxx.xxx.xxxSun
Microsystems Inc. SunOS 5.6 Generic August 1997
-----------------------------------------------------------
TIPS:
--- To change your login shell, use "setshell"
NOTICE:
--- Please NEVER use /tmp to extract or store files. Use /scratch instead.
--- Files in /scratch or any other public directories are _not_ considered
private. We reserve the right to search public directories for abuse.
--- Storing pirated software on our system is illegal and also against
our acceptable use policy. If found, your shell access will be
PERMANENTLY disabled. Period.
--- Copyrighted audio files (i.e. MP3's) fall under the above policy;
if you store them in a public directory your shell access will be
removed.
--- You may NOT run any programs in the background on this server while
you
are not logged in. They will be killed and your shell access disabled.
--- No IRC bots are allowed on this server.
--- No backups of this server are being done. Storage of information is
strictly at your own risk. Please keep a local backup copy on your own
computer.
DO NOT leave your sessions open for days at a time. Please logout when you
are finished.
Thanks
Sun Microsystems Inc. SunOS 5.6 Generic August 1997
-----------------------------------------------------------
TIPS:
--- To change your login shell, use "setshell"
NOTICE:
--- Please NEVER use /tmp to extract or store files. Use /scratch instead.
--- Files in /scratch or any other public directories are _not_ considered
private. We reserve the right to search public directories for abuse.
--- Storing pirated software on our system is illegal and also against
our acceptable use policy. If found, your shell access will be
PERMANENTLY disabled. Period.
--- Copyrighted audio files (i.e. MP3's) fall under the above policy;
if you store them in a public directory your shell access will be
removed.
--- You may NOT run any programs in the background on this server while
you
are not logged in. They will be killed and your shell access disabled.
--- No IRC bots are allowed on this server.
--- No backups of this server are being done. Storage of information is
strictly at your own risk. Please keep a local backup copy on your own
computer.
DO NOT leave your sessions open for days at a time. Please logout when you
are finished.
Thanks