su: blacklist users
Matthew Carpenter
matt
Wed May 31 23:39:36 PDT 2006
On Friday 26 May 2006 23:11, Chong Yu Meng wrote:
> My feeling is that we need to approach this from another angle: security
> is a process, not the quest for some silver bullet that does not exist.
> There are ways to crack sudo and there are (valid) concerns about giving
> su privileges to anyone besides yourself or the administrator of the
> system. Anybody who has ever administered any public server would have
> horror stories to share about any aspect of security or proper
> practices.
>
> My approach to security is to have enough layers and complexity to delay
> the hacker/cracker long enough for my people or systems to detect
> him/her/them and then take remedial action. Of course it would be great
> if you can stop such attacks completely, but I don't think that can ever
> happen.
Very well put.
Don't forget the danger of the authorized admin, though. :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mail.linux-sxs.org/pipermail/linux-users/attachments/20060531/f7dc7fd9/attachment.pgp
More information about the Linux-users
mailing list