F22 System Wide Change: Set sshd(8) PermitRootLogin=no
P J P
pj.pandit at yahoo.co.in
Mon Jan 12 18:58:35 UTC 2015
On Tuesday, 13 January 2015 12:05 AM, Stephen John Smoogen wrote:
>I don't see how this is the case. All we have done is move the
>first line of the root-kit script to calling sudo via the password
>that was used to open the account up. Since many of Linux systems
>are single user boxes.. it is most likely going to work. If it fails
>then the majority of them just dump the warning email in
>/var/spool/mail/root which never gets read (from the number of boxes
> I have had to clean up).
Sorry, I didn't get it. Running root-kit script implies you already
have access to a machine. And the user has sudo(1) access enabled.
>>And from looking at the sophistication of various worms these days..
>they are a lot smarter about guessing who owns the box and then trying
>various smart choices (since Fedora will select ssmoogen as my name it
>has shown up more often in brute forces by systems which I own).
That's possible. But the proposed feature is not meant to address this issue.
>I was going to say it is an informed speculation.. I have actually had to
>interview various people about weak passwords and why they chose them and
>the largest excuse is "Well I don't need to have a strong password for
>this.. its not like its root."
Yes, that is quite common. Which is precisely why we need to set hardened
default configurations.
---
Regards
-Prasad
http://feedmug.com
More information about the devel
mailing list