Rookit infections: AARRGH!

Brian gnhlug at karas.net
Mon May 9 09:30:01 EDT 2005


To me, it one of those "laundry list" things you do to tighten security on a
box.  If you have a very random root password, then this is probably not as
useful as other things like applying security patches, setting up something
like tripwire and restricting access by IP.  However it doesn't HURT
anything either, and discourages (prevents) lazy admins form loggin in as
root.

> -----Original Message-----
> 
> This is one of those best practices I've never really felt 
> had merit.  It seems to me that when people break in through 
> SSH, they are doing it through exploits in the SSH or OpenSSL 
> codebases, not through password guessing.  
> Once you can overflow the daemon and get control that way, 
> you're root, regardless of this option or the password.  This 
> option only prevents people who know the root password from 
> logging in through SSH, which is mainly just the administrator(s).




More information about the gnhlug-discuss mailing list