On Thu, 22 Jan 2009 14:01:26 -0500, Adam Tauno Williams wrote:
You scan the server for malware.
You run a useless process widening your attack surface.
Hint: "Security is a trade-off" -- Schneier.
Don't trade actual security for cargo cult systems administration.
There is nothing special about LINUX here. The whole "don't run services as root" business is just so much noise. It isn't about protecting the *server* it is about protecting the *data* which is accesses [hopefully] by services which are *not* root. It is about the data and the clients that connect to the server.
There is something special about Linux, it's called RPM. We don't run arbitrary binaries. We don't let strange .exe put files wherever they please. Bonus: rpmverify, free of charge.
That doesn't mean that there aren't vulnerabilities or malware. It means that *viruses* are not a problem.