On Jan 29, 2008 5:52 AM, mouss <mouss at netoyen.net> wrote: > Jim Perrin wrote: > > Along the lines of staying safe, now is probably a good time to check > > your password policies. > > > > 1. Don't allow root access to ssh. (modify /etc/ssh/sshd_config) > > > why isn't this the default? > Taking an educated guess on this one, I'd say to allow configuration after a remote install. > > 2. restrict root logins to only the local machine. (modify /etc/securetty) > > 3. Limit users with access to 'su' to the wheel group (use visudo and > > also modify /etc/pam.d/su) > > > same question here. For this one I'd guess that it's because by default folks don't get added to wheel. So if an admin forgets to add his own user account, he can no longer gain root with 'su'. He has to walk his happy ass to the console to log in. Everything about the *nix culture points to not walking anywhere except possibly to a pub :-P -- During times of universal deceit, telling the truth becomes a revolutionary act. George Orwell