[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Disallowing remote root login

Subject: Re: [cobalt-users] Disallowing remote root login
From: "Marc Gear" <marcg@xxxxxxxxxxxxxx>
Date: Sun Mar 25 22:24:05 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

> > ok, dropping user exec for su is a nice start...but remember
> > it's SUID not SGID ;)
> You, um, wanna shuffle those cards again a little slower, sir?

su runs as root, and as standard on the raq i think any user can run the
command, but pam stops anyone bar the wheel group from actually getting it
to work

 14 -rwsr-xr-x   1 root       root        13208 Jan 11  1999 /bin/su

you can stop non wheel users from even running the command by changing it to
the following:

 14 -rwsr-x---   1 root     wheel       13208 Apr 13  2000 /bin/su

with:
chgrp wheel /bin/su
chmod 4750 /bin/su

i think thats it, but dont hold me to that one :)

> Root and wheel groupmembers passwords are all strong. As of yet, I can
> ssh in from any IP but I'll be locking that one down too soon. (But
> since you mention it, how? ipchains or sshd_config?)

I think ssh uses its own wrappers, check the documenation otherwise use
tcp-wrappers.

--
/\/\ a R (

References:
- RE: [cobalt-users] Disallowing remote root login
  - From: rpaiz

Prev by Date: RE: [cobalt-users] Portsentry
Next by Date: [cobalt-users] need some info about restoring the rag4
Previous by thread: RE: [cobalt-users] Disallowing remote root login
Next by thread: [cobalt-users] Anyone used Bastille Linux on Cobalt Raq 3?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index