new security holes in Fedora 18 ?

[jenaniston]

What is your experience so far at the "out of the box" without security mods, vulnerability of Fedora 18 ?

No need to even mention after Java enabled . . . I am talking out of the box - so to speak.

Is it the tradeoff that we might have to endure now in the RHEL universe of 2013 ?

[DBelton]

Other than a unprivileged user being able to bring a server to it's knees with a simple dd (or cp) command?

Just find out the user number assigned to your user...

Then

Code:

dd if=/dev/zero of=/run/user/<usernumber>/test.txt bs=512 count=999999999

It will fill the /run tmpfs up and then system processes/services can't use it.

This can be run by a normal user that has ssh'd into the server as well as a local user. No root privilege necessary.

[BBQdave]

Quote:

Originally Posted by jenaniston

What is your experience so far at the "out of the box" without security mods...

What additional security mods do you use for an out of the box install?

Root user and non-admin user accounts. Though it is up to the individual to set solid passwords.
Firewall on by default.
SELinux enabled.

[nonamedotc]

No root login via ssh and restricting ssh only through keys instead of passwords might be useful.

Just as one extra baby step, I change the ssh port to something I like - although it is probably insignificant baby step today ..

[blittle]

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type echo-request -j REJECT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited