Ubuntu user's report

[Matthew Carpenter]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Net Llama! wrote:
| On 12/18/2004 12:28 AM, Myles Green wrote:
|
|
| Maybe i'm just missing something, but how is that more secure than using
| root?  If your box gets owned, now they don't even need to get root?
|

This is indeed more secure, not so much in the "got root" sense of
WU-FTPD buffer Overflow attack as in the accountability sense.

It shares security problems similar to the Wireless protocol WEP: Shared
Key.  If all admins share the root password and someone soes something
nasty, the whole group is suspect.  Sudo, however, logs each command
(along with the user who gave it) and allows granular control of access
(eg. llama can do the command "/usr/bin/cdrecord" but nothing else).
But if llama leaves the company and takes a position at a competitor's
all the root passwords need not be changed immediately.  Simply
disabling your account is good enough... and that can be managed in a
central location like LDAP, NDS, or AD/Kerberos.

Since sudo's default behavior is to prompt a user for their password
(not root's) the first time each session (and timed intervals
thereafter) simply getting access to a logged in administrator's session
doesn't necessarily mean anything.

Disabling the root account also stops brute-force attacks like we've
been seeing a lot of through SSH of late.

- --
Matthew Carpenter
matt at eisgr.com                          http://www.eisgr.com/

Enterprise Information Systems
* Network Server Appliances
* Security Consulting, Incident Handling & Forensics
* Network Consulting, Integration & Support
* Web Integration and E-Business
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBxYquso9lqh4MragRAkH+AJ9Ysfkuxl/4absPCtBUyl5foSuu2ACff1wC
0vojxRDvCiaSJI8p7H0WQGQ=
=80Rq
-----END PGP SIGNATURE-----