[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] SFTP on Raq4 as Root?

> > Carrie wrote:
> > > Quite literally, you have to be INSANE to allow root to login
> > > directly in any manner whatsoever. Be it ftp, telnet, SSH - there is
> > > no reason why you should allow this.
> > Well Carrie.... yes and no....  if Mr. BadGuy get's in and types
something
> > like....
> > "rm /bin/su" then you might find yourself locked out of your own box..
>
> To be honest, if "Mr BadGuy" has root privilege on your box, that's the
> least of your worries!

Actually it's going to be your first thing to worry about.... Remember...
You need it before you can do anything as root....  Now if you can't do
anything and you allow your box to continue to scan the gov....  You might
find the FBI or the uk equiv. in your office asking for your box.... so in
your case you need to shutdown the box when you should be killing
process....

> Given that Carrie is following industry best practice
> on this issue, I really don't think think the advantages to the
> administrator having remote root login outweigh the advantages to a
> potential intruder.
> Why do you think Raqs have this two-level admin user setup?

the Raq's are based on redhat..  And thats why they are the way they are.

But to expand a bit more....  Root has been a nasty user for a long time....
just way to much power....  root access for "usage" is not neccessary either
and seeing how it's a multiuser system it helps if you have more then one
user...

Root logins via telnet has been a no no for a long time...  and thus the
need to login with a user account and then su to root...  That was a long
time ago and with some people "forcing" the same passwd for a user account
and root kinda defeats the purpose....  or rather defeats the purpose of the
su program.....

> Why do you think
> that packages that thinks "security first", like OpenBSD or software such
as
> OpenSSH, have disabled this by default in newer versions, and advise
against
> it? Because it's a risk.

It's a risk to drive your car...  It's a risk to walk down the street...
and I'm sure it has nothing to do with all the 'admins' that don't secure
their boxes well enough..  I have seen this over and over now....  I have
customers that never had a clue what was going on with their box....  They
would never know if somebody tried a "guess the password" program on
them....

<SoapBox>
    When you install portsentry and logcheck you must must modify the
portsentry.conf and the logcheck ignore files for your system!  (and start
portsentry.... sigh)  And after seeing some installs by other "consulting
companies" it's obvious that sales are first and security is sceond....
</SoapBox>

> It's a more secure and more accountable solution to
> only allow remote login on unprivileged acounts, then su to root from
there
> as it narrows the path of attack to the system, requiring more than one
> password breach, and you also have a bit more clue as to who just logged
in
> as root.

Aparently you have a problem determining who and when your logins happen.  I
get a message for every attempt... every login, and that's followed by a
"disconnected" message....

> In answer to the "deleting su" point, if somone can delete your copy of
su,
> they can most likely also change your root password, locking you out of
your
> own box anyway. Whether you permit remote root login or not is beside the
> point at this stage. Both of these problems can be fixed by local access
to
> the machine. If you don't have this, then you have a problem, whatever
> happens.

wrong... there is more then one way to access your box without being
there...  in fact...  I have root access with my "cell phone"....  It's all
in what you want to do with your server....  and how you admin it....

<snip>

Zeffie
http://www.zeffie.com/
"did scobby do ever have a sister named boobie do?"