root password
in [Setup]
|
From: Nico Kadel-Garcia on 10 Jul 2010 04:54 On Jul 8, 9:32 pm, Arno <m...(a)privacy.net> wrote: > Matt Giwer <jul...(a)tampabay.rr.com> wrote: > > On 07/05/2010 10:55 AM, jny0 wrote: > >> I'm installing fedora12. I run the CD, which gives me the option to > >> log-in as liver system user. I then lick on the Install to Hard Drive > >> icon, which begins the installation procedure. After setting up a > >> couple of settings (location, etc) I'm asked to enter a root > >> password. I enter it, and continue the installation. Oncompletion, I > >> restart the computer, and am prompted to set up a user account. I > >> then log in with the user account, as this is the only option > >> available. When I then try to login as root (through a terminal), I > >> keep being told that there's authentication failure. I know the > >> password is correct, and have gone though this process many time now. > >> Any ideas? > > Remote login as root is a bad idea for security reasons. > > Why? I have heard the claim frequently, but not a single > conlusive explanation so far. > > Arno You won't get a single, absolute reason for it, There are a set of reasonable but not individually compelling reasons.
From: The Natural Philosopher on 10 Jul 2010 11:55 Aragorn wrote: > On Tuesday 06 July 2010 11:26 in comp.os.linux.setup, somebody > identifying as jny0 wrote... > >> ...and I'm a vege... >> >> What I meant by "It might be nice to negate this process if it can be >> done..." is that it would be nice if I could just login as root, >> rather than login in as a user, and su to root. > > Direct root logins are a security hazard, because the name "root" is > known to exist in all UNIX systems, so all an attacker needs to guess > next is the root password. No. First of all he has to have login *access* to the machine. in 99% of case if he has that he already has more access than he needs to get root access. :-(
From: Aragorn on 10 Jul 2010 15:45 On Saturday 10 July 2010 17:55 in comp.os.linux.setup, somebody identifying as The Natural Philosopher wrote... > Aragorn wrote: > >> On Tuesday 06 July 2010 11:26 in comp.os.linux.setup, somebody >> identifying as jny0 wrote... >> >>> ...and I'm a vege... >>> >>> What I meant by "It might be nice to negate this process if it can >>> be done..." is that it would be nice if I could just login as root, >>> rather than login in as a user, and su to root. >> >> Direct root logins are a security hazard, because the name "root" is >> known to exist in all UNIX systems, so all an attacker needs to guess >> next is the root password. > > No. First of all he has to have login *access* to the machine. Which is exactly the sort of thing we're talking about, since the OP stated that he prefers to allow root logins over "ssh". And unfortunately, so do a lot of lazy sysadmins, with as a result that their systems have gotten compromised and were used in automated break-in attempts on other machines, such as the ones what my colleagues and I were running. And apparently those lazy sysadmins also don't check their logs for remote root logins. They also appear to lack courtesy, because if you send them an e-mail with logs from your own server clearly pointing at a break-in attempt originating from theirs, they will simply ignore you, and especially so if you're asking for their cooperation since you yourself happen to suspect a certain group of people of being behind the attack and you are trying to document that. > in 99% of case if he has that he already has more access than he > needs to get root access. :-( Physical access to servers is also a liability in a lot of organizations. Been there, seen that. One of the worst kinds of IT-related security I've ever seen was in a company not too far from where I live. They have/had a very heterogenous IT infrastructure - UNIX, Windows NT, Windows 98, Mac OS 9 - and I have personally seen a root console left completely unattended *overnight* on their main UNIX server. Hell, they wouldn't even switch off the monitors or at the very least use a screensaver on their workstations, and some of the Windows NT machines already had the images burned into their (CRT) monitors. And next to that, they did of course also have lots of blank password accounts, even on UNIX systems, and root GUI logins on their Compaq UNIX printserver. It's like they were just dying for someone to tamper with their systems. -- *Aragorn* (registered GNU/Linux user #223157)
First
|
Prev
|
Pages: 1 2 3 4 5 6 7 Prev: RAID1: Read-prefer one disk? Next: How do I increase the monitor resolution?? |