on 1/29/2008 3:50 AM Jim Perrin spake the following:
On Jan 29, 2008 5:52 AM, mouss <mouss-EcCAZ+sBjEfR7s880joybQ@xxxxxxxxxxxxxxxx> wrote:Jim Perrin wrote:Along the lines of staying safe, now is probably a good time to check your password policies. 1. Don't allow root access to ssh. (modify /etc/ssh/sshd_config)why isn't this the default?Taking an educated guess on this one, I'd say to allow configuration after a remote install.2. restrict root logins to only the local machine. (modify /etc/securetty) 3. Limit users with access to 'su' to the wheel group (use visudo and also modify /etc/pam.d/su)same question here.For this one I'd guess that it's because by default folks don't get added to wheel. So if an admin forgets to add his own user account, he can no longer gain root with 'su'. He has to walk his happy ass to the console to log in. Everything about the *nix culture points to not walking anywhere except possibly to a pub :-P
You mean I have to walk to the pub, too? ;-D -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!!
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
