[CentOS] server is always getting hacked

Wed Jul 1 08:20:50 UTC 2009
Michael A. Peters <mpeters at mac.com>

Michael A. Peters wrote:
> Sander Snel wrote:
> 
>> 10. use sudo instead of su -
> 
> How does that help?

I still don't understand how using sudo instead of su makes it more secure.

If the user does not have the root password that the only danger to su - 
is brute force from local account, but you can protect against that, and 
the same issue exists with sudo.

With sudo, very often the password is same as the admin's password - so 
if the admin account is brute forced the cracker then can use sudo to 
gain root.

What would be a security enhancement would be to borrow the bsd su which 
only allows you to su to root from a wheel group account.

I never understood why gnu su didn't implement that.