个人工具
登录
查看“UbuntuHelp:UnsafeDefaults”的源代码 - Ubuntu中文
UbuntuHelp
讨论
查看源代码
历史
搜索
导航
首页
最近更改
随机页面
页面分类
帮助
编辑
编辑指南
沙盒
新闻动态
字词处理
工具
链入页面
相关更改
特殊页面
页面信息
查看“UbuntuHelp:UnsafeDefaults”的源代码
来自Ubuntu中文
←
UbuntuHelp:UnsafeDefaults
跳转至:
导航
,
搜索
因为以下原因,你没有权限编辑本页:
您所请求的操作仅限于该用户组的用户使用:
用户
您可以查看与复制此页面的源代码。
{{From|https://help.ubuntu.com/community/UnsafeDefaults}} {{Languages|UbuntuHelp:UnsafeDefaults}} While Ubuntu comes secure and ready to use, many people decide to offer other services on their computer, such as running an FTP server or Apache. The purpose of this page is to advise these users on the settings that they should probably change. ==== Shared Memory ==== By default, /dev/shm is mounted read/write. There has recently been an uptake noticed on many security mailing lists of /dev/shm being used in an attack against a running service such as httpd. There is almost no reason for it to be mounted read/write. To change this setting, edit the '''/etc/fstab''' file to include the following line: <pre><nowiki> tmpfs /dev/shm tmpfs defaults,ro 0 0 </nowiki></pre> The changes will take effect the next time you reboot, unless you remount /dev/shm. ==== SSH Root Login ==== This is not a major issue, as even OpenBSD ships with root login permitted (though the documentation suggests removing it), and Ubuntu does not ship with root enabled by default. However, in many environments it is standard procedure to create a root account, even if it is never used. '''If''' a root account is created, and you are running sshd, edit the '''/etc/ssh/sshd_config''' file and replace the following line: <pre><nowiki> PermitRootLogin yes </nowiki></pre> with <pre><nowiki> PermitRootLogin no </nowiki></pre> The OpenSSH server must be restarted for this to take effect, which can be done with: <code><nowiki>sudo /etc/init.d/ssh restart</nowiki></code> ==== "su" program available to non-admin users ==== This is not a problem itself, but if there are accounts with weak passwords on the system, then malicious non-admin users (or malicious software they are using) might use su to gain access to such accounts. To deny non-admin users access to "su", type this in a terminal: <pre><nowiki> sudo chown root:admin /bin/su sudo chmod 04750 /bin/su </nowiki></pre> ---- [[category:CategorySecurity]] [[category:CategoryCleanup]] [[category:UbuntuHelp]]
该页面使用的模板:
模板:From
(
查看源代码
)
模板:Languages
(
查看源代码
)(受保护)
模板:Languages/Lang
(
查看源代码
)(受保护)
返回至
UbuntuHelp:UnsafeDefaults
。