[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 30 Aug, 2011, at 7:19 pm, taylorjoshu00@xxxxxxxxxxxxxx wrote:
Thirdly disable root ssh logon
Yes
and use the sudo command,
Yes, but...
therefore if you were comprimised your would limit the damage without allowing root password to be comprimised!
The conclusion does _not_ follow from the premise. With sudo, your own password is effectively the root password. Not necessarily a conclusive reason not to use sudo; just be sure you understand what you are doing: enabling sudo for general admin by non-root user[s], not for limited special purposes as intended; why you are doing it: convenience (no small consideration); and the security risk trade-off: compromise your user account = compromise root.
Here's an interesting and opinionated piece that's relevant: http://www.techrepublic.com/blog/security/security-tools-should-be-designed-for-security/4619 -- Phil Hudson http://hudson-it.no-ip.biz @UWascalWabbit PGP/GnuPG ID: 0x887DCA63 -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq