[CentOS] Getting ready for CentOS 5.4

Les Mikesell lesmikesell at gmail.com
Mon Mar 30 13:39:59 UTC 2009


Michael A. Peters wrote:
> 
>> start/stop' though from Intrepid onwards I believe. There is no root 
>> account by default.
> 
> There is a root account, you just can't access it w/o setting it's password.

sudo su -

> And as soon as you do set it's password, I highly recommend you then 
> completely disable and lock down the very insecure sudo defaults.
> 
> The way OS X / ubuntu / etc configure sudo is something I highly 
> disagree with. By default, all a cracker needs is to get a local 
> uname/password for an admin user and he can then spawn a root shell.

Errr, why is it easier to get an admin user's name and password than the 
root password?  The latter is much more likely to be shared, because in 
typical scenarios it has to be.

> With sudo disabled, the cracker must also have a local exploit that gets 
> past SELinux. Assuming Ubuntu supports SELinux (does it?)

No, it comes with AppArmor instead.

-- 
   Les Mikesell
    lesmikesell at gmail.com



More information about the CentOS mailing list