On 05/11/2016 08:51 AM, Patrick O'Callaghan wrote:
Virtually every security measure is a partial solution. There are no magic bullets. However just because a given measure is weak on its own doesn't mean it isn't useful in combination with others. Using a non- root user for remote login means that the vast majority of drive-by attackers will give up and move on. A targeted attack is of course another matter.
Exactly. And, of course, security is a matter of layers. Not allowing remote logins as root is one layer, using fail2ban and/or denyhosts is another. Searching for One Perfect Answer to the problem of crackers and script kiddies trying to get into our systems is a fool's errand, and rejecting anything less is a good way to get pw0ned. Remember, perfection is the enemy of "good enough for today."
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: http://lists.fedoraproject.org/admin/lists/users@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
