[nycbug-talk] A couple of security related questions
Dave Steinberg
dave-dated-1097508862.83186e
Mon Oct 4 11:34:06 EDT 2004
> : I only want people to be able to log in as root from the console, no
> ssh,
> : telnet is totally disabled.
>
> By default, root is denied login access via SSH, but a user can login
> and do
> "su" to root. I'm not sure if that's what you're talking about though.
> (That applies not only to BSD, but also in Linux.)
chmod 500 /usr/bin/su
And use caution with your sudoers file to make sure nobody can do 'sudo
ksh' or use sudo to launch anything that can execute shell commands
(vi, emacs, etc).
Regards,
--
Dave Steinberg
http://www.geekisp.com/
More information about the talk
mailing list