Common *nix Security Practice's

Printable View

Show 40 post(s) from this thread on one page

May 24th, 2004, 02:51 PM
SirDice

Quote:

quote:
-- Limit or Eliminate su access to root.

While a good idea, that's something that could effectivly ruin your system. Let's say you want to check logs? Modify services? Lock down the firewall.sh? Modify the rc.local file? root needs to do that, and that means your normal user has to use su root, meaning they need su to modify the system so they won't login as root. See why it's bad to give another user root in my statement above.

Actually you can eliminate access to su. On any descent *nix system you can always open a new virtual terminal (usually ALT-F2 or CTRL-ALT-F2 if you're running X) and login (locally) as root.

Eliminating su does mean you cannot change anything remotely (because you should deny root logon using ssh, rsh, telnet etc.).
May 24th, 2004, 03:18 PM
thehorse13

Yep, thus my 90% rubbish statement rather than 100%.

;)
May 24th, 2004, 06:31 PM
!mitationRust

Quote:

Originally posted here by slarty
[B]Ok, my recommendations:

2. Don't rename root. It is pointless and may break stuff. For starters, renaming root instantly breaks most of "inetd" services. DO disallow non-local root logins via sshd, FTP etc.

Yep, pointless
PAGE 52. O'reillys Practical UNIX 1991(copy). $7.00

Code:

cat /etc/passwd

Root always has a (UID) number of

Code:

:0:

http://www.cert.org/tech_tips/unix_c...uidelines.html
May 24th, 2004, 06:34 PM
Spyder32

:( Sorry again guy's. I guess certain people just aren't meant to write tutorial's. I'll never write one again, don't worry. Thanks thehorse13 for being so frank :D I love constructive critisism but geez ;). Oh well, I guess writing tutorial's just isn't for me..
May 24th, 2004, 06:37 PM
MrLinus

Spyder32, I wouldn't give up on writing tutorials. But what I would suggest is find someone to review it before posting it. In essence, get a 2nd opinion until you get the hang of things and to have a 2nd set of eyes to review for grammer, spelling and technical issues. For some it's simple but for others it requires some work. I've had to write tutorials for a while before going online and when you learn what works and what doesn't you understand better what needs to go in.

Don't give up, just approach it differently. :D
May 24th, 2004, 06:39 PM
Spyder32

Heh, thanks MsM :) Now all I gotta do is find that person ;)
May 24th, 2004, 07:11 PM
thehorse13

I would be happy to look over a tutorial before you post it.

:)
May 24th, 2004, 07:19 PM
gore

Quote:

Originally posted here by Spyder32
:( Sorry again guy's. I guess certain people just aren't meant to write tutorial's. I'll never write one again, don't worry. Thanks thehorse13 for being so frank :D I love constructive critisism but geez ;). Oh well, I guess writing tutorial's just isn't for me..

*Bitch slaps you*

What the hell man? You got two people spanking your balls and you give up? Come on man, I did a tutorial on OSs once, and even after checking the information, had mistakes pointed out to me.

It got closed and a big mess was made, all because I chose to listen to a book I had about the subject, which I now know is jammed with misinformation, and won't be used again to check information when I'm writing something.

Now, YOU, get up, whipe yourself off, and try again, and don't ever let me see that I give up **** again or you'll be answering to me.

When I write something for this place, I have about 5 people I have look over it, including, but not limited to:

HT Regz, Horsey13, Juridian once in a while, Prodikal, and a couple other people. I started working on a new text not long ago on OSs, and I made a sneak peak in Addicts, but then I had work, finals at school, and then sick for a week, so I havn't worked on it at all....And I'm low on Vicodin so my concentration is ****.
May 24th, 2004, 07:37 PM
Spyder32

Thanks thehorse13, I'll PM ya when I write a tut or whatever and you can help me out with looking over it.

Quote:

Originally posted here by gore
*Bitch slaps you*

What the hell man? You got two people spanking your balls and you give up? Come on man, I did a tutorial on OSs once, and even after checking the information, had mistakes pointed out to me.

It got closed and a big mess was made, all because I chose to listen to a book I had about the subject, which I now know is jammed with misinformation, and won't be used again to check information when I'm writing something.

Now, YOU, get up, whipe yourself off, and try again, and don't ever let me see that I give up **** again or you'll be answering to me.

When I write something for this place, I have about 5 people I have look over it, including, but not limited to:

HT Regz, Horsey13, Juridian once in a while, Prodikal, and a couple other people. I started working on a new text not long ago on OSs, and I made a sneak peak in Addicts, but then I had work, finals at school, and then sick for a week, so I havn't worked on it at all....And I'm low on Vicodin so my concentration is ****.

It's not that really, but this is my second f'ed up tutorial and I dunno.. I'ma still write tutorial's, just from now on I'm going to PM thehorse13 and maybe some other people so they can give me their opinion on it.

Quote:

Now, YOU, get up, whipe yourself off, and try again, and don't ever let me see that I give up **** again or you'll be answering to me.

Thanks man, I needed that :D I'm going to be working on another tutorial (gotta find a subject first) for now. But thanks for the help and encouragement gore :)
May 24th, 2004, 08:06 PM
cgkanchi

Quote:

I would be happy to look over a tutorial before you post it.

LOL. Nuff said. (TH13 knows what I'm referring to). Sorry, just had to put that one in :D.

Cheers,
cgkanchi

Show 40 post(s) from this thread on one page