Let’s clear some FUD :)

Ronald McCarty wrote an article ‘Your Distro is Insecure: Ubuntu’.

This is an answer to some of claims he stated.

Ronald starts with some valid points about default directory permissions. Right, we choosed 0755. There are valid use cases for 0700 and 0755. It’s impossible to set up a fit-for-all solution.

Next claim is that Ubuntu supports IMAP2 and POP2. Too bad Ronald can’t read netstat’s output correctly. Ubuntu (it’s actually dovecot we talking about here) doesn’t support POP2 and IMAP2. What Ubuntu/deovecot supports are IMAP4rev1 and POP3.

Before making this claims, author should know that IMAP4 is an extension of IMAP2, so it uses the same port as imap2. As you can’t define multiple names to one port in /etc/services, sane practice is to put imap2 there. netstat reads /etc/services and then claims that protocol is imap2.

Following this is claim that Ubuntu opens bootpc and bootps UDP ports when there’s a static network configuration. bootpc is clear sign that you have a running dhclient, Ronald. If you configured your network to a static IP during installation, you won’t have dhclient running. bootps, on the other hand, is a clear sign someone is running dhcp server.

So, while there are some valid points in that article, author should know better before writing articles like this one.

5 Responses to “Let’s clear some FUD :)”

  1. [...] some FUD :) VA:F [1.1.8_518]Rating: 0.0/5 (0 votes cast) This article was found on Planet Ubuntu. Click here to visit the full article on the original website. Ronald McCarty wrote an article ‘Your Distro is Insecure: Ubuntu’. This is an answer [...]

  2. I’ve got to pimp this very simple basic lockdown script:

    One of the things it does is fix the directory permissions and disable shell accounts for users that don’t need them.

  3. @Jeff – are you sure your system accounts don’t need shell? Are you sure you don’t have something like ‘su system_user -c some_command’? If your system user has a shell, that will work. If not, that won’t work. Also, if you ‘fix’ directory permissions, users won’t be able to have web sites.

    World isn’t black and white.

  4. Would you please consider including the full text of the post in the RSS feed? It’s very irritating when you have to stop reading midwo

  5. @Marius – done