Tiny Core Linux
General TC => General TC Talk => Topic started by: killingtime on April 01, 2017, 12:45:05 PM
-
Hello,
New to TC and I like what's been done with this distribution. It's lean and quick.
I have some questions about the default security on a standard CorePlus distribution (7.x).
This distribution installed on a hard drive (no cd-rom or usb flash drive). Connected to a LAN subnet with many other computers that I do not control.
As I wasn't prompted to enter a password for the standard or root user during installation, I assume that some default has been used.
My questions are;
1. With this default configuration what does the OS permit from a log-in perspective via a local LAN? Is it possible to connect to any service or modify anything on the TC OS if you know the default passwords for example?
2. Is it possible to change the default passwords *without* breaking the distribution?
I've searched the forum for this, and there are many similar questions with a range of answers, but they are years old in some instances and obviously relate to a different distribution version to the latest - which will have changed in some way. I don't see anything on the FAQ (which I've read) either.
I can live with no password prompt for su rights during an interactive session, but I have no control over what others on the local LAN are going to do.
If there are any howto's on hardening this distro (not general discussions) then I'd appreciate the link if it's handy.
Thanks,
-
Hi killingtime,
there is no default password.
You can run
sudo passwd
to set one.
To make this persistent, you would need to add some files to /opt/.filetool.lst
etc/sudoers
etc/passwd
etc/shadow
etc/group
etc/gshadow
(this may be more than needed - not exactly sure)
and refresh your backup.
filetool.sh -b
AFAICT, by default, there are no network services running anybody could use to connect to your box and do bad things (ssh, samba, etc.).
However, you can install iptables.tcz on-boot and run /usr/local/sbin/basic-firewall via /opt/bootlocal.sh as described in iptables.tcz.info (can be viewed with the Apps GUI or tce-ab ).
-
The system startup script runs as root and the last thing it does is to login (unless you use noautologin) as root and the default .profile for root simply switches over to log in as tc instead. (I've hacked mine to allow me to stay logged in as root if user tc is already logged in. Call me crazy but sometimes I just want to be
god root for a while!).
Even if you install openssh and run sshd (with password authentication) it will not accept a login for tc or root with an empty password - you have to set passwords for them first.
passwd
insists on some criteria for the password while running it as root
sudo passwd tc
might warn but will let you use the password you want. Of course changing the password for root has to be done as root anyway.
Caveat - the above applies to version 4.7.7 which is the one with which I am most familar.
-
Thanks for the responses and for the instructions.
Nice to know it's secure out of the box.
Regards,
-
I'm not sure if "secure out of the box" is appropriate. Less vulnerabilities doesn't mean secure. But yes. :)
Also check the firewall (iptables.tcz).