Rookit infections: AARRGH!
Neil Joseph Schelly
neil at jenandneil.com
Mon May 9 13:16:01 EDT 2005
On Monday 09 May 2005 10:16 am, Kevin D. Clark wrote:
> Neil Joseph Schelly <neil at jenandneil.com> writes:
> > On Monday 09 May 2005 09:06 am, Brian wrote:
> >> 1, NEVER allow root access via SSH. You should have to login as a user,
> >> and then su - to root, or better yet setup a sudoers file.
> >
> > This is one of those best practices I've never really felt had
> > merit.
>
> Doing this helps create an audit trail.
>
> You have a lot more information if you know that "user" logged in via
> ssh and then su'd to root compared to just knowing that somebody
> somewhere logged in as root.
That is an interesting perspective I hadn't considered. I can think of more
than a time or two that would have been helpful in retrospect. So perhaps
it's more of an administration best practice than a security best practice?
-N
More information about the gnhlug-discuss
mailing list