[LUNI] Ever heard of SimplyMEPIS Linux?
Mike Scott
mscott at pyewacket.org
Mon Feb 12 07:51:47 CST 2007
> -------- Original Message --------
> Subject: Re: [LUNI] Ever heard of SimplyMEPIS Linux?
> From: Martin Maney <maney at two14.net>
> Date: Sun, February 11, 2007 12:36 am
> To: Linux Users Of Northern Illinois - Technical Discussion
> <luni at luni.org>
>
> On Sat, Feb 10, 2007 at 10:17:56AM -0700, Mike Scott wrote:
> > Plus having the root account disabled, should pretty much render
> > rootkits moot.
> > Or am I missing something here?
>
> Probably. Most unauthorized rooters exploit one hole or another, no?
> If they aren't getting root by the normal login, they won't care
> whether you can login as root that way, I think. And snarfing your
> password by whatever means will be just as effective whether it's the
> root password per se or the password for an account that has
> sudo-to-root permission.
True, but it makes for one less thing a potential hacker can assume
about a system.
Where I work, mostly Windows boxes :-( the first thing we do is rename
the admin account.
I oftyen wondered why *NIX never preached this procedure although the
usernames are for us humans and the UID of root would still be 0. I
kind of like the sudo idea.
I would imagine using (K)ubuntu in a production environment, you would
have a user or group of users, that could sudo to full admin rights.
You could then dole out admin rights on a per-application basis to
lower admins.
- Mike Scott
More information about the luni
mailing list