Red Hat Bugzilla – Bug 1968
issue and issue.net leak information to hackers
Last modified: 2008-05-01 11:37:49 EDT
The default issue and issue.net written at each boot
by /etc/rc.d/rc.local provides too much information
to unverified users. Linux kernel versions, etc
would be better placed in /etc/motd, which is
printed *after* the user has been verified.
While we understand the point, I think that this would be too paranoid
a setting. However, our main security man may disagree. Cristian?
given the fact that a linux box can be network probed for the kernel
version anyway, I don't see this as a huge security problem.