Bug 9614

Summary: /etc/rc.d/rc.local shares too much information.
Product: [Retired] Red Hat Linux Reporter: lars
Component: initscriptsAssignee: Bill Nottingham <notting>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 6.1CC: rvokal
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2000-03-20 16:23:12 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description lars 2000-02-20 21:43:05 UTC 
The rc.local distributed by RedHat provides more information to remote
users than the security-conscious admin may be comfortable with.

In particular, in updates the /etc/issue.net file at each boot to advertise
both the kernel version and the redhat release to anyone who telnets to the
local system.

In the event that there are remote exploits tied to particular kernel
versions or particular redhat distributions, this makes it far easier for a
malicious user to identify likely target systems.

This information is fine for inclusing in /etc/issue, since this is only
seen by non-network logins, but it seems that it would be a good idea to
modify rc.local so that /etc/issue.net contains more generic information
(such as "RedHat Linux -- http://www.redhat.com/:).
Comment 1 Bill Nottingham 2000-03-20 16:23:59 UTC 
We probably won't change this; users are free to customize
their own rc.local if they wish.