Debian and other GNU/Linux systems often come with world readable logs/configurations/directories. For example, on a new install, these files are world readable:
/etc/passwd/var/log/lastlog- list of running cron jobs
Although being able to read those files isn't directly a threat, in a system where all users cannot be trusted, it's wise to minimize system visibility.
Is there a linux flavor / standard tool for avoiding those kinds of situation where new users can harvest that many details about the server they're using? Ideally, they should be limited to their own directories.
I've already set up chroot jails in the past, but I'm looking for an alternative solution or tricks some of you may have.
Thanks!
Best Answer
You may want to dig a little deeper before 'fixing' this and make sure your changes are fully thought-out. Of the files you mentioned:
I happen to know that /etc/passwd has to be readable for any number of programs (ls) to access user name information in standard configurations. Nothing in /etc/passwd is secret or privileged on any modern machine as that's what the shadow files are for, or the secrets are hosted on the network via LDAP, Kerberos or some other such thing.
I'm less sure about the other two. cron runs as the user whose jobs it is executing, so it probably needs to be able to read that file as any user who can run cron. Any user on an average system can run last,w to see recent and current logins (read from lastlog and wtmp, afair), and so these files are readable. You may certainly remove those commands, or user access to them, and then you might want to change the perms on the files or remove them altogether, once you are quite certain they are not used.
The Securing Debian Manual may be able to answer more of these questions for you or explain things better. Although it is not actively maintained it is still quite good. Other distros have similar resources.