On Tuesday, December 11, 2012, at 7:48:13 AM, Richard Shaw wrote:

> On a side note, system accounts shouldn't have shell access for
> security reasons, when I want to login as backuppc I have to use, "su
> -s /bin/bash backuppc" or something like that.

This is definitely worth emphasizing. The only time I've been invaded in
the past decade was a result of allowing backuppc to have shell access,
together with other security failures such as allowing EXEC permission to
my FTP server for logged-in and authenticated users, and using passwords
rather than private keys for authenticating the Win98 boxes. The invader
somehow managed to log in via FTP, as backuppc, and search my LAN. While I
discovered the intrusion within an hour or two, I had to reformat every
machine on the LAN and re-install everything.

I no longer allow EXEC via FTP for anyone, and have taken the Win98 boxes
off line. The backuppc user is more tightly restricted, on the "need to
know" principle.

-- 
Jim Kyle
mailto: jim AT jimkyle DOT com


------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/