[CentOS] Getting ready for CentOS 5.4

Mon Mar 30 05:30:08 UTC 2009
Michael A. Peters <mpeters at mac.com>

Christopher Chan wrote:

> start/stop' though from Intrepid onwards I believe. There is no root 
> account by default.

There is a root account, you just can't access it w/o setting it's password.

And as soon as you do set it's password, I highly recommend you then 
completely disable and lock down the very insecure sudo defaults.

The way OS X / ubuntu / etc configure sudo is something I highly 
disagree with. By default, all a cracker needs is to get a local 
uname/password for an admin user and he can then spawn a root shell.

With sudo disabled, the cracker must also have a local exploit that gets 
past SELinux. Assuming Ubuntu supports SELinux (does it?)