Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Re: Any update on SSH brute force attempts?
From: Barrie Dempster <barrie () reboot-robot net>
Date: Mon, 18 Oct 2004 14:24:25 +0100

On Mon, 2004-10-18 at 06:41 -0500, Ron DuFresne wrote:
Why not just disallow root logins directly, and force someone with a valid
user account to su after getting a shell?  It was my impression that was
more standard, and if one has to allow remote root directly, at least
restrict it to specific systems and users.  All the places I have worked
for forced the su after shell to root..

I'm in agreement with this, as well as combining this with use of sudo
for common functions requiring root privs (such as using tools requiring
raw socks support for instance) meaning you rarely have to become root
and the root account becomes slightly more difficult to compromise.

-- 
Barrie Dempster (zeedo) - Fortiter et Strenue

  http://www.bsrf.org.uk

[ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]

Attachment: signature.asc
Description: This is a digitally signed message part


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]