[CentOS] Re: Unknown rootkit causes compromised servers

Tue Jan 29 16:22:38 UTC 2008
Scott Silva <ssilva at sgvwater.com>

on 1/29/2008 3:50 AM Jim Perrin spake the following:
> On Jan 29, 2008 5:52 AM, mouss <mouss-EcCAZ+sBjEfR7s880joybQ at public.gmane.org> wrote:
>> Jim Perrin wrote:
>>> Along the lines of staying safe, now is probably a good time to check
>>> your password policies.
>>>
>>> 1. Don't allow root access to ssh. (modify /etc/ssh/sshd_config)
>>>
>> why isn't this the default?
>>
> 
> Taking an educated guess on this one, I'd say to allow configuration
> after a remote install.
> 
>>> 2. restrict root logins to only the local machine. (modify /etc/securetty)
>>> 3. Limit users with access to 'su' to the wheel group (use visudo and
>>> also modify /etc/pam.d/su)
>>>
>> same question here.
> 
> For this one I'd guess that it's because by default folks  don't get
> added to wheel. So if an admin forgets to add his own user account, he
> can no longer gain root with 'su'.  He has to walk his happy ass to
> the console to log in. Everything about the *nix culture points to not
> walking anywhere except possibly to a pub :-P
> 
You mean I have to walk to the pub, too?  ;-D

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20080129/9ef0ac45/attachment-0005.sig>