on 1/29/2008 3:50 AM Jim Perrin spake the following: > On Jan 29, 2008 5:52 AM, mouss <mouss-EcCAZ+sBjEfR7s880joybQ at public.gmane.org> wrote: >> Jim Perrin wrote: >>> Along the lines of staying safe, now is probably a good time to check >>> your password policies. >>> >>> 1. Don't allow root access to ssh. (modify /etc/ssh/sshd_config) >>> >> why isn't this the default? >> > > Taking an educated guess on this one, I'd say to allow configuration > after a remote install. > >>> 2. restrict root logins to only the local machine. (modify /etc/securetty) >>> 3. Limit users with access to 'su' to the wheel group (use visudo and >>> also modify /etc/pam.d/su) >>> >> same question here. > > For this one I'd guess that it's because by default folks don't get > added to wheel. So if an admin forgets to add his own user account, he > can no longer gain root with 'su'. He has to walk his happy ass to > the console to log in. Everything about the *nix culture points to not > walking anywhere except possibly to a pub :-P > You mean I have to walk to the pub, too? ;-D -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20080129/9ef0ac45/attachment-0005.sig>