[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] SFTP on Raq4 as Root?
- Subject: Re: [cobalt-security] SFTP on Raq4 as Root?
- From: John Bailey <support@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 4 Aug 2001 12:46:05 +0100 (BST)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi again all,
> right but the cobalt default is for admin/root to use the same passwd....
> and if someone gets/cracks/whatever the admin pw then that account provides
> no added security
That's pretty easily changed, though.
> > > Aparently you have a problem determining who and when your logins
> > > happen. I
> > That's not quite true.
> no really I do :)
Actually, I wasn't contesting that, I was contesting the "Aparently
(sic) you have a problem determining who and when your logins happen".
> they would own every account on the box if they wanted... root access would
> only mean that they wouldn't have to su.... They would get all the passwd's
> not just root's
Well, I did concede that it wasn't a prefect system, but it would force
them to crack more than 1 password, which if the password is well chosenm
would take a reasonable amount of efforf for Joe Cracker. I tend to be of
the oppinion that no security will ever be perfect. There's always going
to be a new bug, exploit or even something that's been overlooked in the
setup. I do, however, believe in making things difficult for a potential
attacker. Thank god for shadow passwords.
> ahh these are cobalt servers.... they don't have lilo.... :)
True enough, it was an illustration of a point.
> nope no wap server.... just a hole I took advantage of...
Well, good for you. For anyone interested in telnet over WAP, take a look
at
http://www.exolution.de/wapsh/index.html
It's a little clunky, but it works.
> oh and if it stops it will restart, all by itself.... :)
Again, that wasn't quite the point. Stuff like cron or any long-running
process which you use to reset bits of the system can also be disabled.
> yeppers... well it is something that everybody can decide on there own....
> thats why it's an option....
Wouldn't it be a boring world if we were all the same ? =)
Regards,
John.