Wall contents.gifindex.gif

Wall

The wall daemon allows an administrator to inform users on the network of an update by popping up a message on their screens. The message can be anything from a notification of system backup, to a request to change the users password file. The wall daemon lacks security in authentication and, therefore, allows anyone to send messages to everyone. These messages can appear to come from anyone, anywhere on the network.

An intruder can try to trick your users into executing commands that allow access to the intruder. Or, in a mischief attack, the intruder can continually send garbage messages to your users' screens, making it impossible for the users to work. This is called a denial of service attack, meaning that your network is prevented from operating as usual. It is also possible that the wall daemon can permit direction of data to user terminals, deceiving the terminals into executing commands as if sent by the user of the terminal.

This option checks to see if the wall daemon is running.

Risk: Medium

Fix: Disable the server. Place a # at the beginning of the appropriate line in the file /etc/inetd.conf, and then send the SIGHUP signal to the inetd process. For example, a disabled wall daemon entry might appear as:

#walld/2 dgram rpc/udp wait root /usr/etc/walld

Advisories: CIAC - Patch for rwalld/wall