Re: securing system after giving away root password
From: Barton L. Phillips (barton_at_applitec.com)
Date: 09/20/05
- Next message: Moe Trin: "Re: Use iptables to block all non-US ssh traffic"
- Previous message: Barton L. Phillips: "Re: securing system after giving away root password"
- In reply to:(deleted message) Huge: "Re: securing system after giving away root password"
- Next in thread: matt_left_coast: "Re: securing system after giving away root password"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 20 Sep 2005 19:09:14 GMT
Huge wrote:
> matt_left_coast <not@chance.org> writes:
>
>>Huge wrote:
>>
>>
>>>matt_left_coast <not@chance.org> writes:
>>>
>>>>Huge wrote:
>>>>
>>>>
>>>>>"Tuncay Sari" <no@spam.net> writes:
>>>>>
>>>>>[13 lines snipped]
>>>>>
>>>>>
>>>>>>How can I check that they ONLY changed some network files? How can I
>>>>>>know they didn't install any software infringing linux security? Or
>>>>>>copied my programs?
>
>
> [17 lines snipped]
>
>
>>>>One of the best things to do, in advance, is to have a remote log server
>>>>and have all logs, including sudo logs sent to a totally different server.
>>>>Then don't give out root, but only sudo and an end user password. Anything
>>>>that is done would be logged in such a way that the person could not alter
>>>>the logs....
>>>
>>>And all they have to do is bring the machine up standalone and your remote
>>>logging's worth squat.
>>>
>>>
>>
>>Since the person had to log in as a user the command to go to standalone is
>>LOGGED. Since the person did not have the permission to go standalone, they
>>are caught.
>>
>>You are wrong.
>
>
> And you're a pillock. I have the machine in my physical possession, I have
> the root password. I can do whatever I please and there's nothing you can do
> or know about it. I unplug the network cable, log on as root and edit the
> logs to do whatever I like. Jeez, but you're dumb.
>
>
Again if someone has physical access and control of the computer system
there is almost nothing you can do. They don't need the root password.
They can run a standalone CD or floppy and access your disks and do
anything they want. Your only small hope is to encrypt your sensitive
data but doing that and still being able to use it remotely is tough.
A machine that is not under your physical control is only as secure as
your trust and contractual legal power can make it -- period.
-- ---------------- Barton L. Phillips Applied Technology Resources, Inc. Tel: (818)652-9850 Web: http://www.applitec.com
- Next message: Moe Trin: "Re: Use iptables to block all non-US ssh traffic"
- Previous message: Barton L. Phillips: "Re: securing system after giving away root password"
- In reply to:(deleted message) Huge: "Re: securing system after giving away root password"
- Next in thread: matt_left_coast: "Re: securing system after giving away root password"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
