I got asked in a security audit again last month why all of our Debian systems have /bin/sh as the shell for accounts that should never allow logins. I realize that they're disabled in /etc/shadow, but depending on one's PAM configuration that may or may not be sufficiently effective.
My debian server was compromised due to the daemon account having a valid login shell and having samba open for internet access. The break in was made by setting a password remotly via samba for the daemon account and the logging in through ssh. Some local root exploit was then used to OWN my server...
Stellan -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
