[nycbug-talk] A couple of security related questions
Mon Oct 4 11:34:06 EDT 2004
> : I only want people to be able to log in as root from the console, no
> : telnet is totally disabled.
> By default, root is denied login access via SSH, but a user can login
> and do
> "su" to root. I'm not sure if that's what you're talking about though.
> (That applies not only to BSD, but also in Linux.)
chmod 500 /usr/bin/su
And use caution with your sudoers file to make sure nobody can do 'sudo
ksh' or use sudo to launch anything that can execute shell commands
(vi, emacs, etc).
More information about the talk