[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 31/08/11 08:30, Philip Hudson wrote:
The article linked misses the point I feel - by making things slightly more difficult it may force people to stop and think a little. Also there is no 'root' account to attack. And since you can 'sudo bash' I cant see what he's whingeing about - and then gets circular by effectively replacing the sudo GROUP with its exact copy wheel - none of my ubuntu setups has ever tried to add anyone other than the one chosen user to sudo.On 30 Aug, 2011, at 7:19 pm, taylorjoshu00@xxxxxxxxxxxxxx wrote:Thirdly disable root ssh logonYesand use the sudo command,Yes, but...therefore if you were comprimised your would limit the damage without allowing root password to be comprimised!The conclusion does _not_ follow from the premise. With sudo, your own password is effectively the root password. Not necessarily a conclusive reason not to use sudo; just be sure you understand what you are doing: enabling sudo for general admin by non-root user[s], not for limited special purposes as intended; why you are doing it: convenience (no small consideration); and the security risk trade-off: compromise your user account = compromise root.Here's an interesting and opinionated piece that's relevant:http://www.techrepublic.com/blog/security/security-tools-should-be-designed-for-security/4619-- Phil Hudson http://hudson-it.no-ip.biz @UWascalWabbit PGP/GnuPG ID: 0x887DCA63
Tom te tom te tom -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq