Red Hat Bugzilla – Bug 171595
Default Install Allows Direct Root Access
Last modified: 2007-11-30 17:11:15 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20041001 Firefox/0.10.1
Description of problem:
The default configuration allows direct root login access. The blackhats apparently know this, because I noticed dictionary attacks on my root login from many locations around the world over a period of time. Since there is nothing special about my systems, I assume this is a widespread problem.
I believe better practice would be to have the direct root login disabled. A firewall can mitigate this issue, but I believe it is poor practice to rely only on the firewall for protection. The system should be delivered secure.
I believe that implementing this fix will not cause any undo restriction as legitimate users can easily login via unprivledged accounts and su to root.
Also I note that Solaris is delivered with direct ssh login to root disabled.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Install FC4
2. Login via OpenSSH direct to root.
3. Unfortunately it works.
Actual Results: You have root access to the machine.
Expected Results: Login should be denied, forcing you to login via a non-privledged account and su to root. Users who need direct login to root can easily re-enable this feature.
*** This bug has been marked as a duplicate of 89216 ***