[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
OK, I've only recently caught up with the LUG emails and this one passed me by... I am aware that I don't understand "root" access completely, so if someone can give a succinct overview (or point me to the webpage I couldn't find after searching on t'interweb), then I would appreciate the chance to not fall in to a security problem in the future ... Just to clarify - I'm just looking to learn about the different reasons behind these approaches, rather than the specifics of Stinga's server problem Ok, so "root" is a user. Ok, understood. (Not quite sure where the "wheel" group comes in to this, but that's possibly a different topic) And "sudo" and "su" are commands to run a command as a different user..., i.e. root?? But *buntu's don't have a "root" user, so I'm getting hazy now... So, if your friendly hacker has found any user/password combo to gain access, surely they then just type "sudo <bad commands>" and they have exactly the same access level to the box? I believe that the reason for sudo was to allow a user access to specific commands at a privileged level (i.e. sudo apt-get update) but not others (sudo install rootkit)... So where does "su" come in to this? And (for a bonus point), why do some distros use one over the other? :o) I'm just trying to learn the fundamental security concepts here, so that I can understand the advice given to Stinga and make my home system more secure Thanks (& Happy Christmas!) Steve -----Original Message----- From: list-bounces@xxxxxxxxxxxxx [mailto:list-bounces@xxxxxxxxxxxxx] On Behalf Of bad apple Sent: 25 November 2013 16:06 To: list@xxxxxxxxxxxxx Subject: Re: [LUG] Server got hacked On 25/11/13 14:19, Matt Lee wrote: > Is there any reason to allow root SSH access at all? > > Keys only, users only, block failed IPs -- maybe consider changing the > SSH port even? > No, never ever ever ever allow root logins. That's basically rule number 0, very poor show. Whilst I agree that changing the default SSH port is useless, only allow key based logins for a couple of restricted users. Use visudo to lock down your elevation privileges so only certain users can initiate system tasks. Alternatively, remove sudo completely and manually elevate to root with "su -". I'd be interested to know the general server configuration... I'm presuming it wasn't very hardened. No GRSEC/PAX/SELinux I'm guessing, and probably not even piping syslogs to a locked down separate server? But I'd be taking the server offline ASAP, and rebuilding from my image and backups. Regards -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq