Jim Perrin wrote:
On Jan 29, 2008 5:52 AM, mouss <mouss@xxxxxxxxxxx> wrote:Jim Perrin wrote:Along the lines of staying safe, now is probably a good time to check your password policies. 1. Don't allow root access to ssh. (modify /etc/ssh/sshd_config)why isn't this the default?Taking an educated guess on this one, I'd say to allow configuration after a remote install.2. restrict root logins to only the local machine. (modify /etc/securetty) 3. Limit users with access to 'su' to the wheel group (use visudo and also modify /etc/pam.d/su)same question here.For this one I'd guess that it's because by default folks don't get added to wheel. So if an admin forgets to add his own user account, he can no longer gain root with 'su'. He has to walk his happy ass to the console to log in. Everything about the *nix culture points to not walking anywhere except possibly to a pub :-P
Well ... not to say anything bad about beer, BUTThe real reason is that RHEL does not ship that way, so CentOS does not either.
The bottom line for this and all other questions like it is this:We clone the configuration of the upstream system on purpose so that CentOS performs as much as possible like the upstream product ... if/when they change the defaults, so will we.
Thanks, Johnny Hughes
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos