Common *nix Security Practice's - Page 2
Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 28

Thread: Common *nix Security Practice's

  1. #11
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    quote:
    -- Limit or Eliminate su access to root.

    While a good idea, that's something that could effectivly ruin your system. Let's say you want to check logs? Modify services? Lock down the firewall.sh? Modify the rc.local file? root needs to do that, and that means your normal user has to use su root, meaning they need su to modify the system so they won't login as root. See why it's bad to give another user root in my statement above.
    Actually you can eliminate access to su. On any descent *nix system you can always open a new virtual terminal (usually ALT-F2 or CTRL-ALT-F2 if you're running X) and login (locally) as root.

    Eliminating su does mean you cannot change anything remotely (because you should deny root logon using ssh, rsh, telnet etc.).
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  2. #12
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    Yep, thus my 90% rubbish statement rather than 100%.

    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  3. #13
    Banned
    Join Date
    Nov 2003
    Posts
    1,161
    Originally posted here by slarty
    [B]Ok, my recommendations:

    2. Don't rename root. It is pointless and may break stuff. For starters, renaming root instantly breaks most of "inetd" services. DO disallow non-local root logins via sshd, FTP etc.
    Yep, pointless
    PAGE 52. O'reillys Practical UNIX 1991(copy). $7.00
    Code:
     cat /etc/passwd
    Root always has a (UID) number of
    Code:
     :0:
    http://www.cert.org/tech_tips/unix_c...uidelines.html

  4. #14
    King Arana: Super Moderator
    Join Date
    Oct 2002
    Posts
    4,055
    Sorry again guy's. I guess certain people just aren't meant to write tutorial's. I'll never write one again, don't worry. Thanks thehorse13 for being so frank I love constructive critisism but geez . Oh well, I guess writing tutorial's just isn't for me..
    Space For Rent.. =]

  5. #15
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Spyder32, I wouldn't give up on writing tutorials. But what I would suggest is find someone to review it before posting it. In essence, get a 2nd opinion until you get the hang of things and to have a 2nd set of eyes to review for grammer, spelling and technical issues. For some it's simple but for others it requires some work. I've had to write tutorials for a while before going online and when you learn what works and what doesn't you understand better what needs to go in.

    Don't give up, just approach it differently.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  6. #16
    King Arana: Super Moderator
    Join Date
    Oct 2002
    Posts
    4,055
    Heh, thanks MsM Now all I gotta do is find that person
    Space For Rent.. =]

  7. #17
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    I would be happy to look over a tutorial before you post it.

    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  8. #18
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Originally posted here by Spyder32
    Sorry again guy's. I guess certain people just aren't meant to write tutorial's. I'll never write one again, don't worry. Thanks thehorse13 for being so frank I love constructive critisism but geez . Oh well, I guess writing tutorial's just isn't for me..

    *Bitch slaps you*

    What the hell man? You got two people spanking your balls and you give up? Come on man, I did a tutorial on OSs once, and even after checking the information, had mistakes pointed out to me.

    It got closed and a big mess was made, all because I chose to listen to a book I had about the subject, which I now know is jammed with misinformation, and won't be used again to check information when I'm writing something.

    Now, YOU, get up, whipe yourself off, and try again, and don't ever let me see that I give up **** again or you'll be answering to me.

    When I write something for this place, I have about 5 people I have look over it, including, but not limited to:

    HT Regz, Horsey13, Juridian once in a while, Prodikal, and a couple other people. I started working on a new text not long ago on OSs, and I made a sneak peak in Addicts, but then I had work, finals at school, and then sick for a week, so I havn't worked on it at all....And I'm low on Vicodin so my concentration is ****.
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

  9. #19
    King Arana: Super Moderator
    Join Date
    Oct 2002
    Posts
    4,055
    Thanks thehorse13, I'll PM ya when I write a tut or whatever and you can help me out with looking over it.

    Originally posted here by gore
    *Bitch slaps you*

    What the hell man? You got two people spanking your balls and you give up? Come on man, I did a tutorial on OSs once, and even after checking the information, had mistakes pointed out to me.

    It got closed and a big mess was made, all because I chose to listen to a book I had about the subject, which I now know is jammed with misinformation, and won't be used again to check information when I'm writing something.

    Now, YOU, get up, whipe yourself off, and try again, and don't ever let me see that I give up **** again or you'll be answering to me.

    When I write something for this place, I have about 5 people I have look over it, including, but not limited to:

    HT Regz, Horsey13, Juridian once in a while, Prodikal, and a couple other people. I started working on a new text not long ago on OSs, and I made a sneak peak in Addicts, but then I had work, finals at school, and then sick for a week, so I havn't worked on it at all....And I'm low on Vicodin so my concentration is ****.
    It's not that really, but this is my second f'ed up tutorial and I dunno.. I'ma still write tutorial's, just from now on I'm going to PM thehorse13 and maybe some other people so they can give me their opinion on it.

    Now, YOU, get up, whipe yourself off, and try again, and don't ever let me see that I give up **** again or you'll be answering to me.
    Thanks man, I needed that I'm going to be working on another tutorial (gotta find a subject first) for now. But thanks for the help and encouragement gore
    Space For Rent.. =]

  10. #20
    Antionline Herpetologist
    Join Date
    Aug 2001
    Posts
    1,165
    I would be happy to look over a tutorial before you post it.
    LOL. Nuff said. (TH13 knows what I'm referring to). Sorry, just had to put that one in .

    Cheers,
    cgkanchi
    Buy the Snakes of India book, support research and education (sorry the website has been discontinued)
    My blog: http://biology000.blogspot.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides