On Fri, January 23, 2015 2:31 pm, Valeri Galtsev wrote: > > On Fri, January 23, 2015 2:05 pm, Warren Young wrote: >> On Jan 23, 2015, at 12:35 PM, Valeri Galtsev <galtsev at kicp.uchicago.edu> >> wrote: >> >>> As a matter of fact I tend to not use GUI admin tools since long ago. >> >> Bring back Xconfigurator! >> >>> I do prefer 3ware web RAID admin >>> interface anything else (it more transparently prevents me from making >>> fatal blunders - probably just me). >> >> No, not just you. tw_cli is needlessly confusing in its command >> structure. >> >> Compare the operation of the ZFS and btrfs command line tools, to see >> how >> it should have been done. >> >>> And yes, disabling root user and having sudo instead is on my evil list >>> too: yet another SUID-ed binary, and potential holes due to some >>> garbage >>> in config file >> >> Given how old and battle tested sudo is, I think we can trust it. >> >> My only remaining unease comes from the fact that the sudo binary is >> about >> 4x the size of su. >> >> Still, I’m glad RH finally made it usable out of the box with EL7. The >> default config in prior versions was only usable by root, which made it >> little other than an alias for su. >> >>> BTW, su (with the same password for root as regular user >>> has), and attempt to use sudo are the fist two things bad guys try when >>> they log in with stolen password of regular user (after a compromise of >>> machine elsewhere). >> >> So don’t use the password for root or sudo-capable users elsewhere. If >> you don’t know for a fact that the connection is secure and the password >> is securely hashed, use a different password. > > That is exactly what I meant to say to everybody (if you read the rest of > what I wrote you will realize that I don't make blunders of this > magnitude!). Thanks for spelling it out in more plain Engish language than > I managed to ;-) > And after re-reading what you have said I see that I didn't state clearly enough originally what bad guys do. Of course, your advises stand too. However: when some machine is compromised on the network, then: 1. key pairs are getting stoles (so authorized key authentication to other machines with credentials of a user gets possible wherever this user set it) 2. keystroke logger is installed and malicious ssh client binary is installed. Thus triplets: hostname, username, password are getting collected for all remote machines users connect from compromised machine. 3. After some time (usually 1-2 Months - my observation) information collected in 1-2 is getting used for the first time. Thus, bad guy will connect to the machine you administer with credentials of one of your users. First thing that is being tried is lame admin job: su (with the same password as the one that was stolen for that user account) and sudo (in case you gave that user sudo privilege). (and only after that go attempts of local elevation of privileges using LKM, bugs in SUID-ed binaries, ....) That is why admins usually exercise paranoia when they use their almighty privileges. Have you ever typeed root password in a shell of another user to do something for him using root privileges? I know one senior admin (I was junior admin working with him then) who was caught by smart students because of doing that, so they got root on the machine. But I think this may be long talk deserving quite different thread. If someone wise (which I'm not) will start it, I'll see if I can add something too (which I actually doubt knowing how many awfully knowledgeable people are on this list ;-) And, BTW, that is why I run multi-user machines under assumption that bad guys are already in. Whatever they do, they shouldn't be able to elevate privileges, or do local user DOS. But, of course, all of us have seen them already in, and trying... Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++