[CentOS] duqu

Wed Nov 30 19:16:42 UTC 2011
Patrick Lists <centos-list at puzzled.xs4all.nl>

On 30-11-11 20:01, John Hinton wrote:
> On 11/30/2011 1:55 PM, Benjamin Donnachie wrote:
>> On 30 Nov 2011, at 18:51, Les Mikesell<lesmikesell at gmail.com>   wrote:
>>> Ssh is mostly about being able to log in.
>> I've always adopted the policy of disabling root logins, making admins
>> use a separate account with public/private key authentication and then
>> requiring them to use su to elevate privileges.
>> Has the advantage that your logs will tell you who logged in and
>> performed an action rather than the vague 'root'.
>> Ben
> How would you automate daily logins from another server to do something
> like rsync the entire /etc directory to a backup system?

Maybe the sshd_config option "PermitRootLogin forced-commands-only" 
could help? This allows root logins but limits which command(s) can be 
executed. There is a description of how this works here: