-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, Dec 15, 2006 at 03:09:54PM +0100, Olive wrote: > >Well, if sudo is well configured, it does not give complete root access, > >It should be limited to mostly inoffensive command options and require > >the password for the rest. As for the logs, you are right in the case > >where they are kept local, but any reasonable size network will use a > >separate node with a different password as a loghost. All the failed > >attempt will be sent there and recorded before any successful promotion. > >Those will be much harder to erase. But you are right I should have > >mentioned it. > > > This make more sense, but still I am perplex. I was speaking about the > "Unbuntu" type of sudo account: you have to give your own password to > have root access, not a different one. If an offender had succeed to log > in, he has already the normal user account password. For the logs, if > the local system is able to send some log to another network, a user > having root access is also able too; how can the local system be > "authorized" to send remote log across the network and denying this to a > user having rootlocal access. Even if there is a password to send the > logs over the network, the system must store it somewhere in order to be > able to use it. A user having local root access is able to analyse > /dev/mem to discover it. It may present some difficulties but this seems > like "security by obscurity"; which is known to be bad. However, a more > secure variant would be to authorize the system to send log but not to > clear it; in this later case it could be more secure. Anyway just > prevent a root ssh does not increase security as it; it only does in > conjunction with several other steps. well, security by obscurity is not a good idea in general, but: 1. you can take some stress from your publically accesible computer if it does not have to deal with all the brute force logins... (i had some of them in the logs until i changed to no root login & public key authentication only...
2. is it not also security by obscurity to use passwords in general? (i mean, they only work if you do not use "standard" passwords and keep them secret...with ssh keys stored on smartcards you could at least say that they can (theoretically) not be duplicated, only stolen) 3. normally log servers do not allow for logs to be deleted... (you could of course try to erease the logs be flooding them with messages so that the logs get rotated so often that the messages you want to hide are gone before the next backup... (that would on the other hand be quite obvious that there is something happending that should not be) as for sudo: sudo works the same way everywhere as far as i know... to my knowlege, the difference between a password procted or passwordless sudo access is just that with a password protected one, you are better protected against users that leave their consoles ungarded and also they _may_ think a bit more before procceding... that said, there is no such thing as ultimate security, there is a problem in nearly all concepts.. yours albert - -- Albert Dengg <[EMAIL PROTECTED]> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iQCVAwUBRYKyZSIMiEpzxsFKAQLuUQP9Esmhmu7hxZWxlY0yZXVylyQq1TEsykyS cPE2iUxcU4VdJLvmpqV0ak7spy+W8wfhuBSLo+a1BjvYVMUfN380NVWgGFPAhvPB dVS4KOxDkz/TTP4Y3Fr/hiovFu1jjPnQ2K4EyP67HRyU5zZltiXJbl2kCVpNZA/I UXdnLQoYKd4= =2IuH -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
