[App_rpt-users] What is the "debian" user in the DIAL distro?

[Thor Wiegman]

You're not the first person I'm aware of to have this type of problem.  
AllStarLink nodes are an easy target to become bitcoin miners and 
members of botnets.  Most people installing these nodes don't know the 
basics of Linux system administration and the defaults aren't even 
remotely secure.

Not only should that "debian" user be deleted, the appropriate changes 
to SSH need to be made to prevent the superuser "root" from logging in 
remotely.  That is one of the first things that everyone needs to be 
change after installation of a DIAL system, not sure why it's even 
allowed by default.

I've noticed that a lot of node ops tend to login as root and execute 
commands as the root user.  Crazy!  It's an extremely dangerous and 
insecure thing to do, but people new to Linux don't know any better.

It would be nice if the default installation were setup in such a way 
that prevented or discouraged login by the superuser.  It's odd that 
sudo doesn't appear to be installed by default.  Would be very nice if 
the installation script prompted for the creation of a user account with 
proper permissions in much the same way as standard distros do.  Not 
perfect, but it's a start.

Most of these systems are being run by people who are new to Linux.  
They don't know about Linux/Unix system administration and nobody is 
"elmering" them in it.  The result is people taking dangerous shortcuts 
and developing bad habits.  The community would benefit from some 
guidance in system administration as well as from some improved defaults 
in the distro.



On 05/10/2017 12:38 PM, app_rpt-users-request at lists.allstarlink.org wrote:
> What is the "debian" user in the DIAL distro?