Re: Unknown rootkit causes compromised servers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



on 1/29/2008 3:50 AM Jim Perrin spake the following:
On Jan 29, 2008 5:52 AM, mouss <mouss-EcCAZ+sBjEfR7s880joybQ@xxxxxxxxxxxxxxxx> wrote:
Jim Perrin wrote:
Along the lines of staying safe, now is probably a good time to check
your password policies.

1. Don't allow root access to ssh. (modify /etc/ssh/sshd_config)

why isn't this the default?


Taking an educated guess on this one, I'd say to allow configuration
after a remote install.

2. restrict root logins to only the local machine. (modify /etc/securetty)
3. Limit users with access to 'su' to the wheel group (use visudo and
also modify /etc/pam.d/su)

same question here.

For this one I'd guess that it's because by default folks  don't get
added to wheel. So if an admin forgets to add his own user account, he
can no longer gain root with 'su'.  He has to walk his happy ass to
the console to log in. Everything about the *nix culture points to not
walking anywhere except possibly to a pub :-P

You mean I have to walk to the pub, too?  ;-D

--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux