Rookit infections: AARRGH!

Kevin D. Clark clark_k at pannaway.com
Mon May 9 10:17:01 EDT 2005


Neil Joseph Schelly <neil at jenandneil.com> writes:

> On Monday 09 May 2005 09:06 am, Brian wrote:
>> 1, NEVER allow root access via SSH.  You should have to login as a user,
>> and then su - to root, or better yet setup a sudoers file.
>
> This is one of those best practices I've never really felt had
> merit.  

Doing this helps create an audit trail.

You have a lot more information if you know that "user" logged in via
ssh and then su'd to root compared to just knowing that somebody
somewhere logged in as root.

--kevin
-- 
GnuPG ID: B280F24E                     And the madness of the crowd
alumni.unh.edu!kdc                     Is an epileptic fit
                                       -- Tom Waits



More information about the gnhlug-discuss mailing list