-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kosala Atapattu さんは書きました: | On Tue, Jun 3, 2008 at 11:21 PM, David Edwards <DEdwards@xxxxxxxxxxx> wrote: |> Ron, |> |> I do agree that allowing root access in some cases does make sense. | | Are we missing something. Tell me that I don't understand something | here. How can a user doing "su -" and jumping to root after login with | a regular user be different from login with direct root. | The key difference is that they are not logging in as root. There are more hoops to jump through before they can even try. The majority of attempts on my boxen are to try to log in as root. All the rest are attempts to log in to non-existent accounts. fail2ban slows down the attempts. There appears to be a flaw in the botnet(s) that causes it to repeat already failed attempts several times so fail2ban helps helps greatly to impede their progress. It seems that su is risky. It should have more restrictions built into it, perhaps some kind of access control like sudo has. Some admins remove or rename su, put it in a wrapper or set permissions to permit only root and/or certain users to use it. A log watching script can nail users who use su too much or have many failed su attempts. == - -- jd -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFISUBkhpL3F+HeDrIRAvznAKCGr5w4Aa5VEPTonRn1cGDrBhZROQCeNHl6 pn83HOroyWIsA4pJuGZ72kk= =GoQ+ -----END PGP SIGNATURE-----
