[CentOS] Getting ready for CentOS 5.4
Christopher Chan
christopher.chan at bradbury.edu.hk
Mon Mar 30 05:37:28 UTC 2009
Michael A. Peters wrote:
> Christopher Chan wrote:
>
>
>> start/stop' though from Intrepid onwards I believe. There is no root
>> account by default.
>>
>
> There is a root account, you just can't access it w/o setting it's password.
>
Oh you can. sudo -i. Now go away.
> And as soon as you do set it's password, I highly recommend you then
> completely disable and lock down the very insecure sudo defaults.
>
And pick up the pieces. You do know that certain services are tightly
tied into the way things are currently set up?
> The way OS X / ubuntu / etc configure sudo is something I highly
> disagree with. By default, all a cracker needs is to get a local
> uname/password for an admin user and he can then spawn a root shell.
>
Not getting into that argument.
> With sudo disabled, the cracker must also have a local exploit that gets
> past SELinux. Assuming Ubuntu supports SELinux (does it?)
Unfortunately, yes...but not as extensive as RHEL. So not quite a win
for Ubuntu yet in helping you guys migrate. Soon I am going to get
banned. :-D
More information about the CentOS
mailing list