[CentOS] Getting ready for CentOS 5.4
Les Mikesell
lesmikesell at gmail.com
Mon Mar 30 12:39:59 UTC 2009
Michael A. Peters wrote:
>
>> start/stop' though from Intrepid onwards I believe. There is no root
>> account by default.
>
> There is a root account, you just can't access it w/o setting it's password.
sudo su -
> And as soon as you do set it's password, I highly recommend you then
> completely disable and lock down the very insecure sudo defaults.
>
> The way OS X / ubuntu / etc configure sudo is something I highly
> disagree with. By default, all a cracker needs is to get a local
> uname/password for an admin user and he can then spawn a root shell.
Errr, why is it easier to get an admin user's name and password than the
root password? The latter is much more likely to be shared, because in
typical scenarios it has to be.
> With sudo disabled, the cracker must also have a local exploit that gets
> past SELinux. Assuming Ubuntu supports SELinux (does it?)
No, it comes with AppArmor instead.
--
Les Mikesell
lesmikesell at gmail.com
More information about the CentOS
mailing list