Rookit infections: AARRGH!
Kevin D. Clark
clark_k at pannaway.com
Mon May 9 10:17:01 EDT 2005
Neil Joseph Schelly <neil at jenandneil.com> writes:
> On Monday 09 May 2005 09:06 am, Brian wrote:
>> 1, NEVER allow root access via SSH. You should have to login as a user,
>> and then su - to root, or better yet setup a sudoers file.
>
> This is one of those best practices I've never really felt had
> merit.
Doing this helps create an audit trail.
You have a lot more information if you know that "user" logged in via
ssh and then su'd to root compared to just knowing that somebody
somewhere logged in as root.
--kevin
--
GnuPG ID: B280F24E And the madness of the crowd
alumni.unh.edu!kdc Is an epileptic fit
-- Tom Waits
More information about the gnhlug-discuss
mailing list