[svlug] Ubuntu 9.04 upgrade]

Grant Bowman grantbow at gmail.com
Fri May 1 19:32:38 PDT 2009


Hi James,

I'm no security expert, but this URL seems to say that
/usr/sbin/nologin or cousins like /bin/false aren't much of an
improvement for real security.  How do other distributions handle
this?

http://www.semicomplete.com/articles/ssh-security/

-- 
-- Grant Bowman                                   <grantbow at gmail.com>
-- https://wiki.ubuntu.com/CaliforniaTeam


> Just please don't forget to fix the Ubuntu required vulnerabilities it
> includes. (Yes required as during the update it attempts to unfix them
> and then tells you things won't work if you dont' let it happen.)
>
> Every system user on Ubuntu has a shell, login type, and yes it's
> reasonbly easy to brute your way in because of this.  Change them all
> from /sbin/sh to /usr/sbin/nologin for your own sake.




More information about the svlug mailing list