Security: world readable logs/configurations/directories on linux

security linux

Solution 1:

You may want to dig a little deeper before 'fixing' this and make sure your changes are fully thought-out. Of the files you mentioned:

I happen to know that /etc/passwd has to be readable for any number of programs (ls) to access user name information in standard configurations. Nothing in /etc/passwd is secret or privileged on any modern machine as that's what the shadow files are for, or the secrets are hosted on the network via LDAP, Kerberos or some other such thing.

I'm less sure about the other two. cron runs as the user whose jobs it is executing, so it probably needs to be able to read that file as any user who can run cron. Any user on an average system can run last,w to see recent and current logins (read from lastlog and wtmp, afair), and so these files are readable. You may certainly remove those commands, or user access to them, and then you might want to change the perms on the files or remove them altogether, once you are quite certain they are not used.

The Securing Debian Manual may be able to answer more of these questions for you or explain things better. Although it is not actively maintained it is still quite good. Other distros have similar resources.

Solution 2:

  • /etc/passwd should be world readable; many programs need to read it. This is not a security risk (unless you consider that showing which users exist on the machine is a security risk); the password is not stored in it now, and never was stored unencrypted.

  • /var/log/lastlog - if this is world readable, it means people can see whether there are problems on the machine that the administrators need to be looking at without having to pester the administrators first.

  • List of running cron jobs - this is shown by ps, I presume? If you are worried about users seeing what other people are doing on the same machine, then you have problems. Unix and Linux generally work best where there's a modicum of trust between the users on a machine. You can run securely with fairly general public read access; it is much harder to run without it.

If you want to run a secure system, consider SELinux. I'm not sure whether it deals with those particular issues, but of all the Linux systems, SELinux or one of its derivatives is the most likely to do it.

Related

server 2016 unable to add roles or features (not language issues)
How to simulate external azure active directory / create testing environment?
Why are network file transfers so slow with multiple small files?
Amazon EC2 instance is out of space because "root" file is gigantic
What is the relationship (if any) between UAC and ACLs on Windows platforms?
What issues are there in using Gmail for a corporate email solution?
Python Hosting
invoking telnet from two different interfaces
Linux: How to see live numbers of bytes/second transferred to/from hard drive?
Is it OK to use local. in an active directory domain name
Server 2012 Cannot find C: Boot to cd
In Ubuntu I make changes to php.ini but nothing happens