[nycbug-talk] A couple of security related questions

Dave Steinberg dave-dated-1097508862.83186e
Mon Oct 4 11:34:06 EDT 2004


> : I only want people to be able to log in as root from the console, no 
> ssh,
> : telnet is totally disabled.
>
> By default, root is denied login access via SSH, but a user can login 
> and do
> "su" to root.  I'm not sure if that's what you're talking about though.
> (That applies not only to BSD, but also in Linux.)

chmod 500 /usr/bin/su

And use caution with your sudoers file to make sure nobody can do 'sudo 
ksh' or use sudo to launch anything that can execute shell commands 
(vi, emacs, etc).

Regards,
-- 
Dave Steinberg
http://www.geekisp.com/




More information about the talk mailing list