Continuing in the same vein: double check that the OpenSSH sshd_config has
PermitRootLogin set to no. If set to yes, this allows anyone to attempt to
login directly as root. Although I am not a security expert by any means, I
recall reading that this is not a good idea... Instead, you can login as
admin and then su to get root access.
...unless your box is cracked/0wn3d/compromised/whatever-you-want-to-call-it. It is all a matter of opinion.
I remember Zeffie mentioning that the only way to succesfully 'restore' a box after it had been compromised and `su` had been tampered with was to log in as root directly. And I do recall Zeffie being a very decent, security conscious contributor to this list.
It is therefore not all bad. Just remember to give the root account a *very* strong password and to change it pretty regularly. My personal favourite password is a generated password, hard to remember even by me.
Mind you, I do not allow direct root logins (so I tend to agree with you). Mind you, again, that I have physical access to my machines. If you're colocating a few thousand miles away, make sure your ISP is a pretty decent one. "You get what you pay for" has been said many times before on these lists... and it's true. Don't save a few bucks if you really needn't.
Have a great one... Nico
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security