Hello,

I would recommend not using nologin as the users' shell. Instead,
take a look at /etc/login.access.

This makes the shell irrelevant; the user cannot log in, in any shell.

Generally, my sysadmins are in a "sysadmin" group. The "sysadmin"
group is allowed to log in from anywhere. All other users are denied
login.

There's an article on this in my column archives, if you want a
point-by-point walkthrough.

Good luck!

==ml

On Fri, Jan 04, 2002 at 07:18:55AM +0300, äÍÉÔÒÉÊ ðÏÄËÏÒÙÔÏ× wrote:
> Maybe this result my paranoya. ;-)
> And maybe not. Very posible You can extract use from this.
> In Free BSD I'am found, that user with disabled terminal entering has login
> shell named 'nologin'.
> This is sh script:
> ====================================================
> #!/bin/sh -p
> # ...
> # ...
> echo 'This account is currently not available.'
> exit 1
> ====================================================
> My mind about this:
> 1. In case of breaking this script user has root access to system. (See man
> sh, key -p ) 2. Password maybe 'viewed' any network analyser in time of users
> pop3 session with server.(As rule password crypting not use in POP3) 3. Also
> password maybe hacked bruteforce attack on POP3 daemon. For sucsessful attack
> on this manner You can append some code to You telnet/ssh for
> manage connection speed on fly.Or try use tcpwrapper for this. Setup connection
> speed = 1 boud. Begin telnet/ssh session .Specify user name and password,break
> nologin. After succsess setup connection speed as You whishes and work under
> root permission. Solution for protect from this attack:install this programm.
> For install
> just make install. You may use this in silence mode. Then compile with
> -DSILENCE_MODE key. Program distributed on GPL as is. Without any guarantees.
> At URL: http://org.zaural.ru You can find some usefull programs. My best
> wishes. Dmitry Podkorytov.
> E-mail:podkorytovmail.ru PS:on FreeBSD v.4.1 ps -x not viewed programms, thats
> running code function Exit(), called from atexit(Exit).
> It Bug ? I used top command for view PID NoLogin.
>
>
> To Unsubscribe: send mail to majordomoFreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

-- 
Michael Lucas		mwlucasFreeBSD.org, mwlucasBlackHelicopters.org
my FreeBSD column: http://www.oreillynet.com/pub/q/Big_Scary_Daemons
http://www.blackhelicopters.org/~mwlucas/
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]