Rookit infections: AARRGH!
Bill McGonigle
bill at bfccomputing.com
Mon May 9 10:56:00 EDT 2005
On May 9, 2005, at 09:38, Fred wrote:
> Still, what I could probably do is implement a scheme where visiting a
> particular webpage (and giving proper authentication) would enable that
> IP address for ssh. Come to think of it, that's not such a bad idea
> after all! That will also allow my users to ssh into from their
> locations should they need to.
Mmmm - good idea. Please share the script when you get it done. Or if
anyone has field experience with port knocking and OpenSSH
<http://gentoo-wiki.com/HOWTO_Port_Knocking> I'd like to hear the
trials and travails.
The reason to disable root account ssh login is just an odds game -
every unix system is guaranteed to have a root user so it's a good one
for password guessers to start with. Any other account can be renamed.
The converse is one could argue that people pay more attention to root
account security so you're better off starting with admin/admin and
doing a local exploit.
Plus, it's easy - if you have your account in sudoers under ALL there's
no need for a root login and you get better auditability with multiple
admins.
-Bill
-----
Bill McGonigle, Owner Work: 603.448.4440
BFC Computing, LLC Home: 603.448.1668
bill at bfccomputing.com Mobile: 603.252.2606
http://www.bfccomputing.com/ Pager: 603.442.1833
AIM: wpmcgonigle Skype: bill_mcgonigle
For fastest support contact, please follow:
http://bfccomputing.com/support_contact.html
More information about the gnhlug-discuss
mailing list