[CentOS] Getting ready for CentOS 5.4
Michael A. Peters
mpeters at mac.com
Mon Mar 30 05:30:08 UTC 2009
Christopher Chan wrote:
> start/stop' though from Intrepid onwards I believe. There is no root
> account by default.
There is a root account, you just can't access it w/o setting it's password.
And as soon as you do set it's password, I highly recommend you then
completely disable and lock down the very insecure sudo defaults.
The way OS X / ubuntu / etc configure sudo is something I highly
disagree with. By default, all a cracker needs is to get a local
uname/password for an admin user and he can then spawn a root shell.
With sudo disabled, the cracker must also have a local exploit that gets
past SELinux. Assuming Ubuntu supports SELinux (does it?)
More information about the CentOS
mailing list