[CentOS] Linux malware attack
SilverTip257
silvertip257 at gmail.com
Thu Mar 20 13:19:20 UTC 2014
On Thu, Mar 20, 2014 at 8:43 AM, Timothy Murphy <gayleard at eircom.net> wrote:
> Johnny Hughes wrote:
>
> > If you look at page 66 of the PDF, it tells you how to not get infected
> > ... don't allow root logins and don't use passwords.
>
> Thanks very much for your prompt response.
>
> I was slightly surprised to see that PermitRootLogin seems to be set to Yes
> by default on CentOS (and also on Fedora).
>
I don't look at PermitRootLogin being yes by default as being a bad thing.
Securing SSH doesn't stop at just its configuration.
Initially "root" is the online account on a Linux machine.
It's up to the sysadmin to create another account [and further secure] the
host.
This brings up other aspect of securing user accounts:
1) strong/somewhat random passwords (especially for root user)
2) firewall rules that only permit select hosts from accessing SSH (or
other services)
And then there's password aging.
>
> I'm very ignorant of these matters, but what advantage does this give?
> Can't I get to the same place by ssh-ing into the remote machine,
> and then su-ing there?
>
"root" is an easy username to guess ... and will exist on most Linux systems
There will likely not be a "tmurphy" or "gayleard" on most Linux hosts, so
that account is less likely to be brute forced.
>
>
> --
> Timothy Murphy
> e-mail: gayleard /at/ eircom.net
> School of Mathematics, Trinity College, Dublin 2, Ireland
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
--
---~~.~~---
Mike
// SilverTip257 //
More information about the CentOS
mailing list