Re: PermitRootLogin=yes versus su
From: Bill Lewis Clark (wclark@eden.rutgers.edu)
Date: 01/27/03
- Next message: Bill Lewis Clark: "Re: PermitRootLogin=yes versus su"
- Previous message: Kyler Laird: "Re: PermitRootLogin=yes versus su"
- In reply to: Roy Smith: "Re: PermitRootLogin=yes versus su"
- Next in thread: Neil W Rickert: "Re: PermitRootLogin=yes versus su"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: wclark@eden.rutgers.edu (Bill Lewis Clark) Date: 26 Jan 2003 20:20:21 -0800
Roy Smith <roy@panix.com> wrote in message news:<roy-A85FFB.12393826012003@reader1.panix.com>...
> wclark@eden.rutgers.edu (Bill Lewis Clark) wrote:
> > Can anyone come up with some GOOD reasons to prefer su to direct root
> > logins?
>
> It leaves an audit trail.
This is the most common explanation I've heard, but I still don't buy
it. SSH leaves an audit trail, as well.
If a legitimate user logs in from machine A as user 'joeblow', and a
hacker logs in using the same account from machine B, does su tell you
which instance of 'joeblow' actually executes su? I'm not familiar
enough with the format of su logging (mainly because I don't use su)
to know -- but I know SSH will tell me what I need to know in such
scenarios.
Unless su is giving me more information in the audit trail than direct
SSH, I don't see how the added vulnerabilities make it worth it.
-wclark
- Next message: Bill Lewis Clark: "Re: PermitRootLogin=yes versus su"
- Previous message: Kyler Laird: "Re: PermitRootLogin=yes versus su"
- In reply to: Roy Smith: "Re: PermitRootLogin=yes versus su"
- Next in thread: Neil W Rickert: "Re: PermitRootLogin=yes versus su"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
