On Thu, February 5, 2015 9:06 am, James B. Byrne wrote: > > On Wed, February 4, 2015 16:55, Warren Young wrote: >>> On Feb 4, 2015, at 12:16 PM, Lamar Owen <lowen@xxxxxxxx> wrote: >>> >>> Again, the real bruteforce danger is when your /etc/shadow is >>> exfiltrated by a security vulnerability >> >> Unless you have misconfigured your system, anyone who can copy >> /etc/shadow already has root privileges. They do not need to crack >> your passwords now. You are already boned. >> >> >> > > My thought exactly. > After all this discussion about "is this enough for good security or should we add something else" the last not requiring tremendously larger effort, I'm left with the following feeling. I'm a "relict" left from long time ago when security was considered paramount, when if something can be done it had to be done, no matter that the same is allegedly covered by something else already in place. We always considered the word "paranoia" is in sysadmin's job description (I still do, yet I didn't check IT job descriptions lately, - maybe I should take a look; there seem to be many "Windows" brew people up on the top of IT ladder these days). I feel like there is brave new world of admins who feel it right to have "iPad-like" everything, i.e. boxes cooked up and sealed by vendor, and you have no way even to look inside, not to say re-shape interior to your understanding [of security or anything else]. Am I the only one? Not that this my comment meant as contradiction to any particular post (this post I'm replying to included). It is just the existence (and length) of this discussion (whether one should, or shouldn't, or anything) makes me think that what I was trained about security is not accepted by many these days. Or maybe I simply got tired following it instead of spending more time doing my own sysadmin's job ?? Good luck, everyone. Stay safe and keep your boxes secure! Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++ _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos