Stephen Gran on 26 Apr 2005 15:58:22 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Increase in SSH break-in attempts?

On Tue, Apr 26, 2005 at 11:38:48AM -0400, Chris said:
> Assuming you are using sudo to alleviate having to give out the root
> password I suppose you would be more susceptible to an attack if the
> attacker knows a login that is configured in /etc/sudoers. I think that is a
> lot to assume the attacker knows but I suppose it does open you up a bit
> more then just using su.
> At least as far as I know, anyone want to elaborate or drop some knowledge
> on us? I am always up for learning something new.

sudo, like all root level tools, is a risky one, but better than most
other solutions.  If you have many people that need priviledged access
to one thing or another, it is usually the only way to go.  You can get
much more finely grained permission than you would by just giving out
the root password.  Additionally, all sudo comands are logged to syslog
at log level auth, so you have a record of what's been going on.  Of
course, this also means a hacked user account is suddenly a hacked
priviledged account, but I don't see an alternative easily.  If you
limit the sudo access of all but your most trusted users, it is at least
some level of security.
|  Stephen Gran                  | The Beatles:  Paul McCartney's old      |
|             | back-up band.                           |
| |                                         |

Attachment: pgpRYX7M2tCzB.pgp
Description: PGP signature

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --