Re: [PLUG] AV software for Linux

["Steve Morgan" <stevem.firefly@gmail.com>]

> Which is a reason not to use sudo.

No, still use sudo.  You can set up the sudoers file in two different
ways:  A) the user can type in sudo <command> and it gets executed
right away (like how it is set up default in Ubuntu), or B) the user
can type in sudo <command> and it will prompt for their own password
before execution.  The theoretical virii will have no idea what the
user's own password is and therefore would not be able to execute the
command.  Do indeed use sudo, but have it require their password to
execute anything when attempting to execute a command with sudo.


Steve Morgan




On Dec 14, 2007 8:59 AM, Art Alexion <art.alexion@verizon.net> wrote:
> On Thursday 13 December 2007 16:04:45 brent saner wrote:
> > Art Alexion wrote:
> > > I'm thinking real root accounts instead of sudo, with no root passwords
> > > distributed to regular users should solve this.  For years the users have
> > > been told to save important data to a network drive.  That we are not
> > > responsible for lost files on desktops.
> >
> > the nice thing about sudo though is that you can track activity if you
> > really wanted to, to some degree. i get a little wary about multiple
> > people knowing a root password. if someone gets any funny ideas, what's
> > to stop them? it may be to late. with sudo, you can have at least some
> > sort of cushion layer there...
> >
> > >> .
> > >>
> > >> If you're concerned about nefarious deeds, I'd recommend a HIDS (ie.
> > >> Tripwire, AIDE), or if you use Debian, something like Debsums+Tiger.
> > >> That should reveal any monkey business.
> >
> > ditto, highly recommended.
>
> Well, the way I look at it, I care less about the autopsy than preventing the
> death in the first place.  The people who will have the root password are the
> same people who have the windows domain administrator password.  You either
> trust them or you do the work of 5 people yourself.
>
>
> >
> > > Has anyone used/tried AppArmor?
> >
> > never bothered to give it a shot but from what i hear, much like SElinux
> > it's "worth more trouble than it is good". again, YMMV; word of mouth.
>
> Interesting.  I went to a Novell D 'n' P show where that was precisely the
> comparison.  Except, their pitch was that AppArmor accomplished the more
> realistic security aspects of SELinux without the difficulty of configuration
> and administration.  I haven't tried it.  That's why I wondered if anyone
> here has.
>
>
> >
> > and there aren't any viable linux virii, no... and they can't really
> > propagate, but what happens if you contract one? that user can
> > potentially be toast. true, it's easily fixed with an rm /home/<foo> and
> > then restoring the backup but what if that user had sudo access (which
> > DOES validate your concerns, stewart)? you're looking at a system-wide
> > audit at that point.
>
> Which is a reason not to use sudo.
>
>
>
>
> ___________________________________________________________________________
> Philadelphia Linux Users Group         --        http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
>
>
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug