As with any operating system, software packages that you download and install in Linux will have default configurations. While the security risk of defaults depends on the product and vendor, many installations introduce vulnerabilities by default, or are later misconfigured by administrators. Here are some common default Linux configurations that add to the system's overall vulnerability:
- User home permissions—the default permission on a home folder is 755, meaning that anyone who can access the server can view the contents of other users' home directories. This could include developer scripts, administrator backup files, password lists and keys, or other sensitive documents.
- World-readable and world-writable directories/files—when a file is created, the default umask is to 022 (permission 644), meaning that everyone can read the file, though only the owner can write to it.
- Insecure mount or export options—the default for mount points (directories that point to another file system) includes rw, suid, dev, exec, auto, nouser, and async. These options allow users to create files in NFS shares as if they are root, resulting in information disclosure and privilege escalation.
- Services and applications with weak defaults—it's also common to find newly installed services and applications that use less-secure communication protocols and default passwords, listening on all interfaces.
Note: For information on locating world-writable files and folders, see https://gist.github.com/anonymous/10166278