> -----Original Message----- > From: Damian Menscher [mailto:[EMAIL PROTECTED] > Sent: 23 February 2006 16:46 > To: ClamAV Users > Subject: [Clamav-users] clamav user password > > Just saw in my logs a couple of the password-guessing ssh bots were > making attempts at the clamav user's password. Everyone please make > sure you have locked this account! > > (Sorry to bother all of you for whom this is common sense, > but I'm sure > it'll wake up someone on this list. Oh, and please don't go > onto some > OT thread about running ssh on some high-numbered port, or disabling > password auth, or using port-knocking.)
This really isn't anything new, it would be helpful if you told those who didn't know about this how to lock the accounts: At the very least service accounts like apache/clamav/amavisd etc should always be added to DenyUsers in the your relevant sshd_config and/or have a /bin/false or /sbin/nologin shell entry in /etc/passwd .. unless theres a very good reason for requiring a shell login. Regards, Ken _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
