[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Wed, 31 Aug 2011, Gibbs wrote:
@somewhere else: Disabling root is a must. That's the first thing any attacker will try and get hold of.
Actually... My experiences of sorting through compromised servers does not reflect this. Most are loaded up and an IRC client program that then tries to listen to an IRC server for commands - those commands are typically "DDoS this site", or send spam. I understand they're moving to twitter these days though.
I've only once seen a script try (and succeede) to get root access - and that was part of something that was again part of a Linux bot-net, designed to launch DDoS type attacks - root access allows them to hide the source IP address. They got root via a linux kernel vulnerability - root login enabled or not wouldn't have made any difference.
I'm sure that are other, more sophisitcated attacks done on systems by clever criminals - those aimed specifically at eCommerce sites to gain valuable data, but I've never seen them on any of my systems (doesn't mean they've not tried though - just not observed them)
As for sudo vs su, at the end of the day they are pretty much the same no? I would imagine sudo only being useful when there's a lot of users on a system or server. sudo doesn't protect against "accidental commands", especially if you always use sudo -i like me.
I just use su. Never liked sudo. Gordon -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq