[CentOS] Linux malware attack

Thu Mar 20 13:19:20 UTC 2014
SilverTip257 <silvertip257 at gmail.com>

On Thu, Mar 20, 2014 at 8:43 AM, Timothy Murphy <gayleard at eircom.net> wrote:

> Johnny Hughes wrote:
>
> > If you look at page 66 of the PDF, it tells you how to not get infected
> > ... don't allow root logins and don't use passwords.
>
> Thanks very much for your prompt response.
>
> I was slightly surprised to see that PermitRootLogin seems to be set to Yes
> by default on CentOS (and also on Fedora).
>

I don't look at PermitRootLogin being yes by default as being a bad thing.
Securing SSH doesn't stop at just its configuration.

Initially "root" is the online account on a Linux machine.
It's up to the sysadmin to create another account [and further secure] the
host.

This brings up other aspect of securing user accounts:
1) strong/somewhat random passwords (especially for root user)
2) firewall rules that only permit select hosts from accessing SSH (or
other services)

And then there's password aging.


>
> I'm very ignorant of these matters, but what advantage does this give?
> Can't I get to the same place by ssh-ing into the remote machine,
> and then su-ing there?
>

"root" is an easy username to guess ... and will exist on most Linux systems

There will likely not be a "tmurphy" or "gayleard" on most Linux hosts, so
that account is less likely to be brute forced.


>
>
> --
> Timothy Murphy
> e-mail: gayleard /at/ eircom.net
> School of Mathematics, Trinity College, Dublin 2, Ireland
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



-- 
---~~.~~---
Mike
//  SilverTip257  //