Re: PermitRootLogin=yes versus su

From: Cameron Laird (claird@lairds.com)
Date: 02/03/03 

From: claird@lairds.com (Cameron Laird)
Date: Mon, 03 Feb 2003 21:12:23 -0000

In article <v9u2h-tor.ln1@news.lairds.org>,
Kyler Laird <Kyler@news.Lairds.org> wrote:
>claird@lairds.com (Cameron Laird) writes:
>
>>>>Oh, yes. I had a period when part of my hardening routine
>>>>was to change the name of root to 'serf' or 'lowlife' or
>>>>something equally impotent-looking. You're right--it would
                        .
                        .
                        .
>Sorry to quote so much, but I want to be sure I'm being clear.
>
>Using "lowlife" for day to day UID 0 use while still having
>a "root" account that can be used, does nothing to thwart
>brute force attacks on the "root" account (other than against
>the keystroke analysis I mentioned).
                        .
                        .
                        .
>I want to push the nuisance somewhere it's likely to do some
>good. Instead of just having another UID 0 account that one
>can use directly through SSHd, I suggest disabling UID 0
>accounts altogether in SSHd. *Then* make a "lowlife" account
>that uses "sudo bash" or some other setuid trick to get you
>back to the same functionality while eliminating the
>possibility of a brute-force attack on the "root" account.
>
>Hmmm...*or* you could have a funky shell for "root" that will
>alert you if it's ever used through SSHd. That would be
>fairly simple. (Just make sure it doesn't rely on something
>that's likely to break when you need a root login because a
>disk needs scanned, etc.)
>
>--kyler

Right; I was doing one or the other of those--generally just
eliminating 'root'--but failed to make that clear in this
thread. I agree that keeping 'root' around idle is the hazard
you explain. Good catch. 

-- 
Cameron Laird <Cameron@Lairds.com>
Business:  http://www.Phaseit.net
Personal:  http://phaseit.net/claird/home.html

Relevant Pages

  • Re: PermitRootLogin=yes versus su
    ... >>>second UID 0, while retaining 'root'. ... A root called 'lowlife' makes me feel correspondingly ... Using "lowlife" for day to day UID 0 use while still having ... a "root" account that can be used, ...
    (comp.security.ssh)
  • Re: Rename root to avoid hacking?
    ... Those are remote attacks, ... root user by name, but I am absolutely certain that no system-local ones ... By using the UID instead of the username, ... ...reach exactly the same SMTP daemon welcome banner. ...
    (comp.os.linux.security)
  • Re[2]: accounting with ipfw (gid, uid riles)
    ... MS> The uid associated with a socket is the uid of the process which created ... it's still accounted to root. ... far, is adding alias interface, bind squid to this interface and count ...
    (FreeBSD-Security)
  • Re: Root is root no more
    ... > they required root access. ... > cchsu etc, cchsu being the first root uid account. ... > pwconv'd the file, added the passwd for these accounts, changed the $HOME ...
    (comp.unix.solaris)
  • Re: Question about SELinux and root privs
    ... "root" is just a normal user now, ... Yep, UID 0 of course, the username doesn't matter. ... > Well one of the points of SELinux seems to be there isn't any ... > account, and/or add/modify any privileges at will ... ...
    (comp.os.linux.security)